Fix result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by dojik (29-10-2020 14:47:08) Run:1
Running from C:\Users\dojik\Desktop
Loaded Profiles: dojik
Boot Mode: Normal
==============================================

fixlist content:
*****************
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [Realtek HD Audio] => C:\ProgramData\RealtekHD\taskhostw.exe <==== ATTENTION
HKU\S-1-5-21-913620400-203814966-1364314930-1001\...\Policies\Explorer: [DisallowRun] 1
GroupPolicy: Restriction ? <==== ATTENTION
Task: {0032161D-90F2-4D7F-BD29-D40A5D213008} - System32\Tasks\Microsoft\Windows\Wininet\Cleaner => C:\Programdata\WindowsTask\winlogon.exe <==== ATTENTION
Task: {00D13E39-9FDB-4482-AD26-77EB655B1679} - System32\Tasks\Microsoft\Windows\Wininet\Taskhostw => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION
Task: {1236D711-26CB-44F4-BAF3-45F18C83FC16} - System32\Tasks\Microsoft\Windows\Wininet\RealtekHDControl => C:\Programdata\RealtekHD\taskhost.exe <==== ATTENTION
Task: {37EF7AFB-C102-44EE-8305-9B3832B2194E} - System32\Tasks\Microsoft\Windows\Wininet\RealtekHDStartUP => C:\Programdata\RealtekHD\taskhost.exe <==== ATTENTION
Task: {F4692F95-1DA8-41CA-BBC7-F78FA9320397} - System32\Tasks\Microsoft\Windows\Wininet\Taskhost => C:\Programdata\RealtekHD\taskhostw.exe <==== ATTENTION
2020-10-29 14:05 - 2020-08-03 19:46 - 000000000 __SHD C:\ProgramData\Windows
2020-10-29 14:05 - 2020-08-03 19:46 - 000000000 ___HD C:\Program Files\RDP Wrapper
2020-10-29 14:05 - 2020-08-03 19:35 - 000000000 __SHD C:\Users\Все пользователи\WindowsTask
2020-10-29 14:05 - 2020-08-03 19:35 - 000000000 __SHD C:\ProgramData\WindowsTask
2020-10-29 14:05 - 2020-08-03 19:35 - 000000000 __SHD C:\ProgramData\RealtekHD
2020-05-08 17:52 - 2017-12-27 20:20 - 001460224 _____ (Stas'M Corp.) C:\ProgramData\RDPWinst.exe
FirewallRules: [{76F722E6-3DCA-4E4B-8C8E-23261C6A5127}] => (Allow) LPort=80
FirewallRules: [{5704477F-C3E9-4E02-BDC1-A0398F9E14E1}] => (Allow) LPort=80
FirewallRules: [{571A9F2E-4837-46FF-BC1B-515A6C870DD5}] => (Allow) LPort=3389
FirewallRules: [{362F0154-F4D5-4893-8507-988EC39E3912}] => (Allow) C:\ProgramData\Windows\rutserv.exe => No File
FirewallRules: [{2223209D-33F5-469D-9B5A-87DA61F5079A}] => (Allow) C:\Users\dojik\MediaGet2\mediaget.exe => No File
FirewallRules: [{43591741-27E9-4A6F-B5F1-F3F43412979D}] => (Allow) C:\Users\dojik\MediaGet2\mediaget.exe => No File
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
EmptyTemp:
Reboot:

*****************

SystemRestore: On => completed
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Realtek HD Audio" => removed successfully
"HKU\S-1-5-21-913620400-203814966-1364314930-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0032161D-90F2-4D7F-BD29-D40A5D213008}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0032161D-90F2-4D7F-BD29-D40A5D213008}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Cleaner => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Cleaner" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{00D13E39-9FDB-4482-AD26-77EB655B1679}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00D13E39-9FDB-4482-AD26-77EB655B1679}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Taskhostw => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Taskhostw" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1236D711-26CB-44F4-BAF3-45F18C83FC16}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1236D711-26CB-44F4-BAF3-45F18C83FC16}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\RealtekHDControl => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\RealtekHDControl" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37EF7AFB-C102-44EE-8305-9B3832B2194E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37EF7AFB-C102-44EE-8305-9B3832B2194E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\RealtekHDStartUP => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\RealtekHDStartUP" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4692F95-1DA8-41CA-BBC7-F78FA9320397}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4692F95-1DA8-41CA-BBC7-F78FA9320397}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Wininet\Taskhost => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wininet\Taskhost" => removed successfully
"C:\ProgramData\Windows" => Warning: FRST is scripted not to move this directory.
C:\Program Files\RDP Wrapper => moved successfully
C:\Users\Все пользователи\WindowsTask => moved successfully
"C:\ProgramData\WindowsTask" => not found
C:\ProgramData\RealtekHD => moved successfully
C:\ProgramData\RDPWinst.exe => moved successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76F722E6-3DCA-4E4B-8C8E-23261C6A5127}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5704477F-C3E9-4E02-BDC1-A0398F9E14E1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{571A9F2E-4837-46FF-BC1B-515A6C870DD5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{362F0154-F4D5-4893-8507-988EC39E3912}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2223209D-33F5-469D-9B5A-87DA61F5079A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43591741-27E9-4A6F-B5F1-F3F43412979D}" => removed successfully
================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== End of ExportKey ===

=========== EmptyTemp: ==========

BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 463382731 B
Java, Flash, Steam htmlcache => 186542043 B
Windows/system/drivers => 895 B
Edge => 231437 B
Chrome => 77854553 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 176960 B
NetworkService => 176960 B
dojik => 9593672 B

RecycleBin => 263631828 B
EmptyTemp: => 964 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:47:57 ====