Fix result of Farbar Recovery Scan Tool (x64) Version: 26-02-2020 Ran by Master (01-03-2020 19:59:50) Run:1 Running from C:\Users\Master\Downloads Loaded Profiles: Master (Available Profiles: Master) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: GroupPolicy: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION Task: {31F89A4A-F258-421D-B21D-FF919FDCDA8F} - System32\Tasks\GameNet => C:\Program Files (x86)\QGNA\qgna.exe HKU\S-1-5-21-148882721-506396403-1180031329-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://startmain.ru/ CHR StartupUrls: Default -> "hxxp://startmain.ru/" CHR DefaultSearchURL: Default -> hxxp://w10.tupoisk.ru/?q={searchTerms} ShellIconOverlayIdentifiers: [ 00BitrixShellExt_1] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_2] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_3] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_4] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_5] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_6] -> {8009C378-F2BE-42A6-8ADD-083AAFBDC4EB} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_7] -> {057E631A-726E-4193-BB37-377DBD42812A} => -> No File ShellIconOverlayIdentifiers: [ 00BitrixShellExt_8] -> {86627476-D173-4FBC-B206-3A19447FF8CC} => -> No File ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_1] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_2] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_3] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_4] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_5] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_6] -> {8009C378-F2BE-42A6-8ADD-083AAFBDC4EB} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_7] -> {057E631A-726E-4193-BB37-377DBD42812A} => -> No File ShellIconOverlayIdentifiers-x32: [ 00BitrixShellExt_8] -> {86627476-D173-4FBC-B206-3A19447FF8CC} => -> No File ContextMenuHandlers1: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File ContextMenuHandlers6: [WinRAR32] -> [CC]{B41DB860-8EE4-11D2-9906-E49FADC173CA} => -> No File Shortcut: C:\Users\Master\Desktop\Хлам 1.11.19\Битрикс24 Desktop.lnk -> C:\Program Files (x86)\Bitrix24\Bitrix24.exe (No File) <==== Cyrillic AlternateDataStreams: C:\Users\Master\Application Data:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Master\Application Data:77a575add9465d78c606d381e5f202fb [394] AlternateDataStreams: C:\Users\Master\AppData\Roaming:00e481b5e22dbe1f649fcddd505d3eb7 [394] AlternateDataStreams: C:\Users\Master\AppData\Roaming:77a575add9465d78c606d381e5f202fb [394] FirewallRules: [{9B0BC600-BB16-44FD-93F9-68E62142CB50}] => (Allow) C:\Users\Master\Downloads\gamenet.exe No File FirewallRules: [{12A32826-9399-4115-8E21-07FD0E997BA9}] => (Allow) C:\Users\Master\Downloads\gamenet.exe No File C:\USERS\MASTER\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\AVAST SECURE BROWSER.LNK C:\USERS\MASTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SNORETOAST.LNK Reboot: ***************** Restore point was successfully created. Processes closed successfully. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully HKLM\SOFTWARE\Policies\Mozilla => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31F89A4A-F258-421D-B21D-FF919FDCDA8F}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31F89A4A-F258-421D-B21D-FF919FDCDA8F}" => removed successfully C:\WINDOWS\System32\Tasks\GameNet => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GameNet" => removed successfully HKU\S-1-5-21-148882721-506396403-1180031329-1002\Software\Microsoft\Internet Explorer\Main\\"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" => value restored successfully "Chrome StartupUrls" => removed successfully "Chrome DefaultSearchURL" => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_1 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_2 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_3 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_4 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_5 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_6 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_7 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_8 => removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_1 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_2 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_3 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_4 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_5 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_6 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_7 => removed successfully HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ 00BitrixShellExt_8 => removed successfully HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32 => removed successfully C:\Users\Master\Desktop\Хлам 1.11.19\Битрикс24 Desktop.lnk => moved successfully C:\Users\Master\Application Data => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS removed successfully C:\Users\Master\Application Data => ":77a575add9465d78c606d381e5f202fb" ADS removed successfully "C:\Users\Master\AppData\Roaming" => ":00e481b5e22dbe1f649fcddd505d3eb7" ADS not found. "C:\Users\Master\AppData\Roaming" => ":77a575add9465d78c606d381e5f202fb" ADS not found. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9B0BC600-BB16-44FD-93F9-68E62142CB50}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12A32826-9399-4115-8E21-07FD0E997BA9}" => removed successfully C:\USERS\MASTER\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\AVAST SECURE BROWSER.LNK => moved successfully C:\USERS\MASTER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SNORETOAST.LNK => moved successfully The system needed a reboot. ==== End of Fixlog 20:00:22 ====