Fix result of Farbar Recovery Scan Tool (x64) Version: 03-09-2020
Ran by Администратор (04-09-2020 12:55:53) Run:3
Running from D:\Загрузки
Loaded Profiles: Администратор
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {37B6CD64-26A7-4A75-85B5-74B0D5168BE7} - \Microsoft\Windows\Wininet\Taskhost -> No File <==== ATTENTION
Task: {595641E2-D4E0-4EC2-A749-643FBD6C3B63} - \Microsoft\Windows\Wininet\Taskhostw -> No File <==== ATTENTION
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/7993/"
2020-08-31 18:38 - 2020-09-04 00:48 - 000000000 __SHD C:\Program Files (x86)\Panda Security
2020-08-31 18:38 - 2020-09-02 12:45 - 000000000 ___HD C:\Program Files\RDP Wrapper
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\ProgramData\McAfee
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\ProgramData\Kaspersky Lab
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\ProgramData\grizzly
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\ProgramData\ESET
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\Program Files\Kaspersky Lab
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\Program Files\ESET
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\Program Files\Common Files\McAfee
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\Program Files\Cezurity
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\Program Files (x86)\Kaspersky Lab
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\Program Files (x86)\GRIZZLY Antivirus
2020-08-31 18:38 - 2020-08-31 18:38 - 000000000 __SHD C:\Program Files (x86)\Cezurity
2020-08-31 18:37 - 2020-09-04 10:56 - 000000000 __SHD C:\ProgramData\AVAST Software
2020-08-31 18:37 - 2020-09-04 01:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-31 18:37 - 2020-09-02 23:01 - 000000000 __SHD C:\ProgramData\WindowsTask
2020-08-31 18:37 - 2020-09-02 23:01 - 000000000 __SHD C:\ProgramData\RealtekHD
2020-08-31 18:37 - 2020-09-02 13:17 - 000000000 __SHD C:\KVRT_Data
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Users\Все пользователи\Norton
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\ProgramData\Norton
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files\SpyHunter
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files\Malwarebytes
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files\Enigma Software Group
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files\AVG
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files\AVAST Software
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files (x86)\SpyHunter
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files (x86)\Microsoft JDX
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files (x86)\AVG
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\Program Files (x86)\AVAST Software
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 __SHD C:\AdwCleaner
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 ____D C:\WINDOWS\speechstracing
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 ____D C:\Users\Все пользователи\MB3Install
2020-08-31 18:37 - 2020-08-31 18:37 - 000000000 ____D C:\ProgramData\MB3Install
2020-09-04 00:24 - 2019-01-28 01:44 - 000000000 ___HD C:\Program Files (x86)\Temp
2020-09-03 23:24 - 2020-03-09 22:16 - 000000000 __SHD C:\ProgramData\Doctor Web
2020-09-03 20:20 - 2019-01-25 23:20 - 000000000 ____D C:\ProgramData\IObit
AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466]
AlternateDataStreams: C:\Users\Администратор\Application Data:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
AlternateDataStreams: C:\Users\Администратор\AppData\Roaming:fbd50e2f7662a5c33287ddc6e65ab5a1 [394]
HKU\S-1-5-21-807865433-4095668257-2292591684-500\...\StartupApproved\Run: => "Advanced SystemCare 10"
FirewallRules: [{E1473C29-30F8-411E-9436-4E3714E789F0}] => (Allow) LPort=3306
FirewallRules: [{560079BE-BEBD-4544-B8C0-07152887447D}] => (Allow) LPort=33060
FirewallRules: [{E045891B-F71A-42C6-B497-555CC9AF2771}] => (Block) LPort=445
FirewallRules: [{92738F67-07E8-4D61-A6B2-51275E30EE7B}] => (Block) LPort=445
FirewallRules: [{A713DA2B-22CC-4817-BC06-2EFB18655B3D}] => (Block) LPort=139
FirewallRules: [{7F6BDFCD-32BC-4FBB-8C17-226B85B2E540}] => (Block) LPort=139
FirewallRules: [{CA1826D3-A9E4-40C7-8DD4-D1EADCDBF7E0}] => (Allow) LPort=3389
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:

*****************

Error: (0) Failed to create a restore point.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
HKLM\SOFTWARE\Policies\Mozilla => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37B6CD64-26A7-4A75-85B5-74B0D5168BE7}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Taskhost" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{595641E2-D4E0-4EC2-A749-643FBD6C3B63}" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Taskhostw" => not found
"Chrome StartupUrls" => removed successfully
"C:\Program Files (x86)\Panda Security" => not found
"C:\Program Files\RDP Wrapper" => not found
"C:\ProgramData\McAfee" => not found
"C:\ProgramData\Kaspersky Lab" => not found
"C:\ProgramData\grizzly" => not found
"C:\ProgramData\ESET" => not found
"C:\Program Files\Kaspersky Lab" => not found
"C:\Program Files\ESET" => not found
"C:\Program Files\Common Files\McAfee" => not found
"C:\Program Files\Cezurity" => not found
"C:\Program Files (x86)\Kaspersky Lab" => not found
"C:\Program Files (x86)\GRIZZLY Antivirus" => not found
"C:\Program Files (x86)\Cezurity" => not found
"C:\ProgramData\AVAST Software" => not found
"C:\ProgramData\Malwarebytes" => not found
"C:\ProgramData\WindowsTask" => not found
"C:\ProgramData\RealtekHD" => not found
"C:\KVRT_Data" => not found
"C:\Users\Все пользователи\Norton" => not found
"C:\ProgramData\Norton" => not found
"C:\Program Files\SpyHunter" => not found
"C:\Program Files\Malwarebytes" => not found
"C:\Program Files\Enigma Software Group" => not found
"C:\Program Files\AVG" => not found
"C:\Program Files\AVAST Software" => not found
"C:\Program Files (x86)\SpyHunter" => not found
"C:\Program Files (x86)\Microsoft JDX" => not found
"C:\Program Files (x86)\AVG" => not found
"C:\Program Files (x86)\AVAST Software" => not found
"C:\AdwCleaner" => not found
"C:\WINDOWS\speechstracing" => not found
"C:\Users\Все пользователи\MB3Install" => not found
"C:\ProgramData\MB3Install" => not found
"C:\Program Files (x86)\Temp" => not found
"C:\ProgramData\Doctor Web" => not found
"C:\ProgramData\IObit" => not found
"AV: COMODO Antivirus (Disabled - Up to date) {05BC7AB5-FF0E-71EC-1054-15DA19B62DC7}" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\\SystemComponent" => not found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}\\SystemComponent" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => not found
"C:\Users\Public\Shared Files" => ":VersionCache" ADS not found.
"C:\Users\Администратор\Application Data" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS not found.
"C:\Users\Администратор\AppData\Roaming" => ":fbd50e2f7662a5c33287ddc6e65ab5a1" ADS not found.
"HKU\S-1-5-21-807865433-4095668257-2292591684-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Advanced SystemCare 10" => not found
"HKU\S-1-5-21-807865433-4095668257-2292591684-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 10" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1473C29-30F8-411E-9436-4E3714E789F0}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{560079BE-BEBD-4544-B8C0-07152887447D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E045891B-F71A-42C6-B497-555CC9AF2771}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{92738F67-07E8-4D61-A6B2-51275E30EE7B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A713DA2B-22CC-4817-BC06-2EFB18655B3D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7F6BDFCD-32BC-4FBB-8C17-226B85B2E540}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CA1826D3-A9E4-40C7-8DD4-D1EADCDBF7E0}" => not found
================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\IpAddresses]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== End of ExportKey ===

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11574560 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 28174375 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 1706 B
Администратор => 100349569 B

RecycleBin => 0 B
EmptyTemp: => 143.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-09-2020 12:58:26)


Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected

==== End of Fixlog 12:58:26 ====