Перестал корректно функционировать хром.

Добрый день!
Пару дней назад возникли проблемы с Хромом, при поиске перекидывает на другие поисковики и ресурсы. Пока устранить проблему так и не удалось.

Результат FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by GesseN (administrator) on GESSEN_PC (21-12-2016 21:35:34)
Running from C:\Users\GesseN\Downloads
Loaded Profiles: GesseN (Available Profiles: GesseN)
Platform: Windows 8.1 Pro (Update) (X64) Language: Русский (Россия)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Users\GesseN\AppData\Local\Flock\fl_nw\0.0.3\flock.exe
() C:\Users\GesseN\AppData\Local\Flock\fl_nw\0.0.3\flock.exe
() C:\Users\GesseN\AppData\Local\Flock\fl_nw\0.0.3\flock.exe
(AVAST Software) C:\Users\GesseN\AppData\Roaming\AVAST Software\Browser Cleanup\bcusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
() C:\Users\GesseN\Downloads\adwcleaner_6.041.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\…\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\…\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-07-26] (Synaptics Incorporated)
HKLM\…\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\…\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\…\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\…\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-21] (AVAST Software)
HKU\S-1-5-21-4194722171-3555814050-2801834200-1001\…\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office16\lync.exe [22493384 2016-11-16] (Microsoft Corporation)
HKU\S-1-5-21-4194722171-3555814050-2801834200-1001\…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-21] (AVAST Software)
Startup: C:\Users\GesseN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Flock.lnk [2016-10-30]ShortcutTarget: Flock.lnk -> C:\Users\GesseN\AppData\Local\Flock\Launch.exe (Talk.to FZC)
GroupPolicy: Restriction — Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{348604E6-C65E-4FDA-9205-8B818342BF34}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://yandex.ru/?clid=2101081
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://yandex.ru/search/?text={searchTerms}&clid=2101082
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4194722171-3555814050-2801834200-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://yandex.ru/search/?text={searchTerms}&clid=2101082
HKU\S-1-5-21-4194722171-3555814050-2801834200-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://yandex.ru/?clid=2101081
HKU\S-1-5-21-4194722171-3555814050-2801834200-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/ru-ru/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2101082
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
SearchScopes: HKLM-x32 -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2101082
SearchScopes: HKU\S-1-5-21-4194722171-3555814050-2801834200-1001 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261464
SearchScopes: HKU\S-1-5-21-4194722171-3555814050-2801834200-1001 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2261464
SearchScopes: HKU\S-1-5-21-4194722171-3555814050-2801834200-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?bcutc=sp-004-752&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4194722171-3555814050-2801834200-1001 -> {F4137D40-259A-4FB3-B780-F8C39B303C41} URL = hxxps://yandex.ru/search/?text={searchTerms}&clid=2101082
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-12-21] (AVAST Software)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-21] (AVAST Software)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-30] (Oracle Corporation)
Handler-x32: mso-minsb.16 — {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} — C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)
Handler-x32: osf.16 — {5504BE45-A83B-4808-900A-3A5C36E7F77A} — C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-11-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: xuvy0a3c.default
FF ProfilePath: C:\Users\GesseN\AppData\Roaming\Mozilla\Firefox\Profiles\xuvy0a3c.default [2016-12-21]FF NewTab: Mozilla\Firefox\Profiles\xuvy0a3c.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xuvy0a3c.default -> Google
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\xuvy0a3c.default -> hxxps://www.google.com/search?bcutc=sp-004-752
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\xuvy0a3c.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xuvy0a3c.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\xuvy0a3c.default -> hxxps://www.google.com/?bcutc=sp-004-752
FF Keyword.URL: Mozilla\Firefox\Profiles\xuvy0a3c.default -> hxxps://www.google.com/search?bcutc=sp-004-752
FF SearchPlugin: C:\Users\GesseN\AppData\Roaming\Mozilla\Firefox\Profiles\xuvy0a3c.default\searchplugins\google-avast.xml [2016-12-20]FF SearchPlugin: C:\Users\GesseN\AppData\Roaming\Mozilla\Firefox\Profiles\xuvy0a3c.default\searchplugins\yandex-avast.xml [2016-12-20]FF HKLM\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) — C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-12-21]FF HKLM\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) — C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-21]FF HKLM-x32\…\Firefox\Extensions: [sp@avast.com] — C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\…\Firefox\Extensions: [wrc@avast.com] — C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-21] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-09-13] (Microsoft Corporation)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.ru/
CHR StartupUrls: Default -> «hxxps://www.google.ru/»
CHR Profile: C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default [2016-12-21]CHR Extension: (Google Презентации) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-30]CHR Extension: (Документы Google) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-30]CHR Extension: (Диск Google) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-30]CHR Extension: (YouTube) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-30]CHR Extension: (Google Таблицы) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-30]CHR Extension: (Google Документы офлайн) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-30]CHR Extension: (Avast Online Security) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-21]CHR Extension: (Платежная система Интернет-магазина Chrome) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-30]CHR Extension: (Gmail) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-30]CHR Extension: (Chrome Media Router) — C:\Users\GesseN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]CHR HKLM-x32\…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] — hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed]R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-21] (AVAST Software)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-12-21] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-12-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-12-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-12-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-21] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-12-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-12-21] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-12-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-21] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-21] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-21] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2016-12-21] (Malwarebytes)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2432656 2014-08-12] (MediaTek Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1205872 2014-06-26] (Ralink Technology, Corp.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 21:35 — 2016-12-21 21:36 — 00017386 _____ C:\Users\GesseN\Downloads\FRST.txt
2016-12-21 21:35 — 2016-12-21 21:35 — 00000000 _____ C:\Users\GesseN\Desktop\Новый текстовый документ.txt
2016-12-21 21:25 — 2016-12-21 21:25 — 00000000 ____D C:\Users\GesseN\Downloads\backups
2016-12-21 21:21 — 2016-12-21 21:22 — 00388608 _____ (Trend Micro Inc.) C:\Users\GesseN\Downloads\HijackThis.exe
2016-12-21 21:05 — 2016-12-21 21:05 — 00002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-21 21:05 — 2016-12-21 21:05 — 00002296 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-21 21:04 — 2016-12-21 21:11 — 00003400 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-21 21:04 — 2016-12-21 21:11 — 00003272 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-21 14:53 — 2016-12-21 15:22 — 00003908 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482321179
2016-12-21 14:53 — 2016-12-21 15:22 — 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-21 14:53 — 2016-12-21 14:53 — 00001074 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-21 14:52 — 2016-12-21 14:52 — 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-12-21 14:51 — 2016-12-21 14:51 — 00001953 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-21 14:51 — 2016-12-21 14:51 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-21 14:50 — 2016-12-21 14:50 — 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-21 14:50 — 2016-12-21 14:50 — 00293352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00163416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00108816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-21 14:50 — 2016-12-21 14:50 — 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-12-21 14:50 — 2016-12-21 14:50 — 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-21 14:50 — 2016-12-21 14:50 — 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-12-21 14:50 — 2016-12-21 14:50 — 00000000 ____D C:\Program Files\Common Files\AV
2016-12-21 14:49 — 2016-12-21 14:52 — 00000000 ____D C:\Program Files\AVAST Software
2016-12-21 14:48 — 2016-12-21 14:52 — 00000000 ____D C:\Users\Все пользователи\AVAST Software
2016-12-21 14:48 — 2016-12-21 14:52 — 00000000 ____D C:\ProgramData\AVAST Software
2016-12-21 14:48 — 2016-12-21 14:48 — 06334848 _____ (AVAST Software) C:\Users\GesseN\Downloads\avast_free_antivirus_setup_online.exe
2016-12-21 10:16 — 2016-12-21 21:35 — 00000000 ____D C:\FRST
2016-12-21 10:15 — 2016-12-21 10:15 — 02420224 _____ (Farbar) C:\Users\GesseN\Downloads\FRST64.exe
2016-12-21 00:39 — 2016-12-21 00:39 — 00001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-12-21 00:39 — 2016-12-21 00:39 — 00001184 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-12-21 00:39 — 2016-12-21 00:39 — 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-21 00:38 — 2016-12-21 00:38 — 00243744 _____ C:\Users\GesseN\Downloads\Firefox Setup Stub 50.1.0.exe
2016-12-21 00:21 — 2016-12-21 21:02 — 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-21 00:21 — 2016-12-21 21:01 — 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-21 00:21 — 2016-12-21 21:01 — 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-21 00:21 — 2016-12-21 10:09 — 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-21 00:21 — 2016-12-21 09:01 — 00091584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-21 00:21 — 2016-12-21 00:21 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-21 00:20 — 2016-12-21 00:20 — 00000000 ____D C:\Users\Все пользователи\Malwarebytes
2016-12-21 00:20 — 2016-12-21 00:20 — 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-21 00:20 — 2016-12-21 00:20 — 00000000 ____D C:\Program Files\Malwarebytes
2016-12-21 00:20 — 2016-12-14 12:55 — 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-21 00:19 — 2016-12-21 00:20 — 54199488 _____ (Malwarebytes ) C:\Users\GesseN\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-20 23:43 — 2016-12-21 09:45 — 00000893 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-20 23:43 — 2016-12-20 23:43 — 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-12-20 23:43 — 2016-12-20 23:43 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-20 23:43 — 2016-12-20 23:43 — 00000000 ____D C:\Program Files\CCleaner
2016-12-20 23:42 — 2016-12-20 23:42 — 08576448 _____ (Piriform Ltd) C:\Users\GesseN\Downloads\ccsetup524.exe
2016-12-20 23:29 — 2016-12-21 21:20 — 00000000 ____D C:\AdwCleaner
2016-12-20 23:29 — 2016-12-20 23:29 — 03977168 _____ C:\Users\GesseN\Downloads\adwcleaner_6.041.exe
2016-12-20 22:29 — 2016-12-20 22:29 — 00003382 _____ C:\Windows\System32\Tasks\avastBCLS-1-5-21-4194722171-3555814050-2801834200-1001
2016-12-20 22:28 — 2016-12-21 14:51 — 00000000 ____D C:\Users\GesseN\AppData\Roaming\AVAST Software
2016-12-20 22:28 — 2016-12-20 22:28 — 00004242 _____ C:\Windows\System32\Tasks\avast! BCU UpdateS-1-5-21-4194722171-3555814050-2801834200-1001
2016-12-20 22:28 — 2016-12-20 22:28 — 00001127 _____ C:\Users\GesseN\Desktop\Avast Browser Cleanup.lnk
2016-12-20 22:28 — 2016-12-20 22:28 — 00000000 ____D C:\Users\GesseN\AppData\Roaming\Microsoft\Windows\Start Menu\Avast Browser Cleanup
2016-12-20 22:27 — 2016-12-20 22:28 — 04284888 _____ (AVAST Software) C:\Users\GesseN\Downloads\avast-browser-cleanup-sfx.exe
2016-12-20 22:04 — 2016-12-20 22:04 — 00000000 ____D C:\Users\GesseN\AppData\Local\Войны престолов
2016-12-20 22:01 — 2016-12-20 22:03 — 00000000 ____D C:\Users\GesseN\AppData\Roaming\PBot
2016-12-20 22:01 — 2016-12-20 22:01 — 00000316 ____H C:\Users\GesseN\AppData\Local\expand.ini
2016-12-20 21:57 — 2016-12-21 15:00 — 00000000 ____D C:\Users\GesseN\AppData\Local\syslog
2016-12-20 21:56 — 2016-12-20 21:56 — 00000016 _____ C:\Users\Все пользователи\mntemp
2016-12-20 21:56 — 2016-12-20 21:56 — 00000016 _____ C:\ProgramData\mntemp
2016-12-20 21:55 — 2016-12-20 22:55 — 00000258 __RSH C:\Users\GesseN\ntuser.pol
2016-12-20 21:54 — 2016-12-20 21:58 — 00002278 __RSH C:\Users\Все пользователи\ntuser.pol
2016-12-20 21:54 — 2016-12-20 21:58 — 00002278 __RSH C:\ProgramData\ntuser.pol
2016-12-19 23:55 — 2016-12-19 23:55 — 00000000 ___HD C:\Users\GesseN\.fontconfig
2016-12-19 15:25 — 2016-12-19 15:25 — 01206272 _____ C:\Users\GesseN\Downloads\kuzov_v_sbore_-_osnovnye_elementy_1.xls
2016-12-19 13:03 — 2016-12-19 13:04 — 00129024 _____ C:\Users\GesseN\Downloads\proekt_EKP_2017.xls
2016-12-18 19:26 — 2016-12-18 19:26 — 00003679 _____ C:\Users\GesseN\Desktop\Стефашка — Ярлык.lnk
2016-12-18 19:26 — 2016-12-18 19:26 — 00000000 ____D C:\Users\GesseN\Desktop\Стефашка
2016-12-17 22:08 — 2016-12-19 23:54 — 00000000 ___HD C:\Users\GesseN\AppData\Local\Movavi
2016-12-17 22:04 — 2016-12-17 22:04 — 00000000 ____D C:\Users\Все пользователи\Movavi Video Suite 12
2016-12-17 22:04 — 2016-12-17 22:04 — 00000000 ____D C:\ProgramData\Movavi Video Suite 12
2016-12-17 22:02 — 2016-12-17 22:04 — 00000000 ____D C:\Users\GesseN\AppData\Roaming\MOVAVI
2016-12-17 21:39 — 2016-12-17 21:40 — 00000000 ____D C:\Program Files (x86)\Movavi Core 5.1.0
2016-12-17 21:39 — 2016-12-17 21:39 — 00001116 _____ C:\Users\Public\Desktop\Movavi Video Suite 12.lnk
2016-12-17 21:39 — 2016-12-17 21:39 — 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Suite 12
2016-12-17 21:38 — 2016-12-20 21:53 — 00000000 ____D C:\Users\GesseN\Desktop\sti winter
2016-12-17 21:35 — 2016-12-17 21:35 — 00000000 ____D C:\Users\Все пользователи\Movavi
2016-12-17 21:35 — 2016-12-17 21:35 — 00000000 ____D C:\ProgramData\Movavi
2016-12-17 21:34 — 2016-12-17 21:40 — 00000000 ____D C:\Program Files (x86)\Movavi Video Suite 12
2016-12-17 17:05 — 2016-12-17 17:41 — 00000000 ____D C:\Users\GesseN\Desktop\спальня братеево
2016-12-15 20:49 — 2016-12-15 20:49 — 00490622 _____ C:\Users\GesseN\Downloads\Image20161214153113-001.bmp
2016-12-12 16:05 — 2016-12-12 16:05 — 00192000 _____ C:\Users\GesseN\Downloads\Контакты (3).xls
2016-12-10 12:22 — 2016-12-10 12:22 — 01035881 _____ C:\Users\GesseN\Downloads\Регламент 1 Зеленоград Millers Oils STi-Club WinterCup 2017.pdf
2016-12-08 09:27 — 2016-12-08 09:27 — 00050685 _____ C:\Users\GesseN\Desktop\check_81639fbd-ebfe-4177-afe7-6d0596f86ef4.pdf
2016-12-07 19:27 — 2016-12-07 19:27 — 00049702 _____ C:\Users\GesseN\Desktop\Клиенты Баумана результат.xlsx
2016-12-06 19:31 — 2016-12-06 19:31 — 00048337 _____ C:\Users\GesseN\Desktop\Клиенты Баумана bcghfdk.xlsx
2016-12-06 19:27 — 2016-12-06 19:29 — 00048297 _____ C:\Users\GesseN\Downloads\Клиенты Баумана.xlsx
2016-12-05 10:29 — 2016-12-05 10:29 — 00091278 _____ C:\Users\GesseN\Downloads\20161205_0829_SilverDAT calculatePro.pdf
2016-12-03 14:24 — 2016-12-20 23:44 — 00000000 ____D C:\Windows\Minidump
2016-12-02 17:02 — 2016-12-02 17:02 — 00079526 _____ C:\Users\GesseN\Downloads\20161202_1502_SilverDAT calculatePro.pdf
2016-12-02 16:48 — 2016-12-02 16:48 — 00083347 _____ C:\Users\GesseN\Downloads\20161125_1733_SilverDAT-calculatePro (3).pdf
2016-12-02 16:48 — 2016-12-02 16:48 — 00083347 _____ C:\Users\GesseN\Downloads\20161125_1733_SilverDAT-calculatePro (2).pdf
2016-12-02 13:05 — 2016-12-02 13:05 — 00017920 _____ C:\Users\GesseN\Downloads\ошибки НОЯБРЬ.xls
2016-12-01 21:32 — 2016-12-01 21:32 — 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-27 18:38 — 2016-11-27 18:38 — 00012509 _____ C:\Users\GesseN\Downloads\ГРАФИК ДЕЖУРСТВ ЭКСПЕРТ.xlsm (2).xlsx
2016-11-27 18:38 — 2016-11-27 18:38 — 00012509 _____ C:\Users\GesseN\Downloads\ГРАФИК ДЕЖУРСТВ ЭКСПЕРТ.xlsm (1).xlsx
2016-11-27 16:50 — 2016-11-27 16:51 — 00031559 _____ C:\Users\GesseN\Downloads\ДПІэПг°ШКчІЙ№єЗ嵥.xlsx
2016-11-25 19:52 — 2016-11-25 19:52 — 00083347 _____ C:\Users\GesseN\Downloads\20161125_1733_SilverDAT-calculatePro (1).pdf
2016-11-25 19:35 — 2016-11-25 19:35 — 00083347 _____ C:\Users\GesseN\Downloads\20161125_1733_SilverDAT-calculatePro.pdf
2016-11-25 19:33 — 2016-11-25 19:33 — 00083347 _____ C:\Users\GesseN\Downloads\20161125_1733_SilverDAT calculatePro.pdf
2016-11-25 19:29 — 2016-11-25 19:29 — 00083358 _____ C:\Users\GesseN\Downloads\20161125_1729_SilverDAT calculatePro.pdf
2016-11-25 19:23 — 2016-11-25 19:23 — 00083179 _____ C:\Users\GesseN\Downloads\20161125_1723_SilverDAT calculatePro.pdf
2016-11-25 19:15 — 2016-11-25 19:15 — 00082998 _____ C:\Users\GesseN\Downloads\20161125_1715_SilverDAT calculatePro.pdf
2016-11-25 18:44 — 2016-11-25 18:44 — 00072113 _____ C:\Users\GesseN\Downloads\20161125_1644_SilverDAT calculatePro.pdf
2016-11-25 14:29 — 2016-11-25 14:29 — 00012800 _____ C:\Users\GesseN\Downloads\ошибки ОКТЯБРЬ (1).xls
2016-11-23 13:27 — 2016-11-23 13:27 — 00182272 _____ C:\Users\GesseN\Downloads\Контакты (2).xls
2016-11-23 13:26 — 2016-11-23 13:26 — 00182272 _____ C:\Users\GesseN\Downloads\Контакты (1).xls
2016-11-22 23:14 — 2016-11-22 23:14 — 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-11-22 12:20 — 2016-11-22 12:20 — 00087109 _____ C:\Users\GesseN\Downloads\316774600494682_996516265209794.pdf
2016-11-21 17:01 — 2016-11-21 17:01 — 00000000 ____D C:\Users\GesseN\Documents\Настраиваемые шаблоны Office
2016-11-21 16:46 — 2016-11-21 16:46 — 00056320 _____ C:\Users\GesseN\Downloads\Пустой-бланк-усн.xls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-21 21:14 — 2016-11-19 10:23 — 00000000 ____D C:\Users\GesseN\AppData\LocalLow\Mozilla
2016-12-21 21:10 — 2016-09-21 13:01 — 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4194722171-3555814050-2801834200-1001
2016-12-21 21:05 — 2016-10-30 20:54 — 00000000 ____D C:\Program Files (x86)\Google
2016-12-21 21:01 — 2013-08-22 17:45 — 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-21 20:31 — 2015-12-21 16:55 — 00791022 _____ C:\Windows\system32\perfh019.dat
2016-12-21 20:31 — 2015-12-21 16:55 — 00162148 _____ C:\Windows\system32\perfc019.dat
2016-12-21 20:31 — 2014-03-18 13:03 — 01808208 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-21 20:31 — 2013-08-22 16:36 — 00000000 ____D C:\Windows\Inf
2016-12-21 19:58 — 2016-10-30 21:11 — 00002344 ____H C:\Users\GesseN\Documents\Default.rdp
2016-12-21 10:07 — 2016-09-21 12:54 — 00000000 ___HD C:\Users\GesseN
2016-12-21 00:39 — 2016-11-18 10:50 — 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-20 23:44 — 2016-09-21 09:17 — 00000000 ____D C:\Windows\Panther
2016-12-20 22:38 — 2016-10-30 20:55 — 00000000 ___HD C:\Users\GesseN\AppData\Local\Google
2016-12-20 22:11 — 2016-10-30 05:09 — 00000000 ___HD C:\Program Files (x86)\Temp
2016-12-20 21:54 — 2013-08-22 18:36 — 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-20 21:24 — 2016-09-21 12:55 — 00000000 ___HD C:\Users\GesseN\AppData\Local\Packages
2016-12-19 19:05 — 2016-10-30 21:10 — 00002214 _____ C:\Users\GesseN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flock.lnk
2016-12-19 19:05 — 2016-10-30 21:04 — 00000000 ___HD C:\Users\GesseN\AppData\Local\Flock
2016-12-18 14:42 — 2016-11-14 20:42 — 00000000 ____D C:\Users\GesseN\Desktop\автобус
2016-12-18 14:02 — 2013-08-22 17:44 — 00473760 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-17 23:07 — 2016-10-30 05:38 — 00000000 ____D C:\Users\GesseN\AppData\Roaming\vlc
2016-12-15 18:21 — 2013-08-22 16:25 — 00262144 ___SH C:\Windows\system32\config\BBI
2016-12-13 10:03 — 2016-09-21 13:09 — 00000000 ____D C:\Users\Все пользователи\KMSAutoS
2016-12-13 10:03 — 2016-09-21 13:09 — 00000000 ____D C:\ProgramData\KMSAutoS
2016-12-09 17:18 — 2016-11-08 18:24 — 00000000 ____D C:\Users\GesseN\Desktop\ип
2016-12-09 09:28 — 2016-09-21 13:30 — 00000000 ____D C:\Users\Все пользователи\Microsoft Help
2016-12-09 09:26 — 2013-08-22 16:25 — 00000167 _____ C:\Windows\win.ini
2016-11-30 09:27 — 2013-08-22 18:36 — 00000000 ____D C:\Windows\AppReadiness

==================== Files in the root of some directories =======

2016-12-20 22:01 — 2016-12-20 22:01 — 0000316 ____H () C:\Users\GesseN\AppData\Local\expand.ini
2016-12-20 21:56 — 2016-12-20 21:56 — 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\GesseN\AppData\Local\Temp\5E01.tmp.exe
C:\Users\GesseN\AppData\Local\Temp\libeay32.dll
C:\Users\GesseN\AppData\Local\Temp\msvcr120.dll
C:\Users\GesseN\AppData\Local\Temp\Rg8K6ZQRcILW.exe
C:\Users\GesseN\AppData\Local\Temp\RnkxgyC7ytOE.exe
C:\Users\GesseN\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-13 11:14

==================== End of FRST.txt ============================