Fix result of Farbar Recovery Scan Tool (x64) Version: 13-12-2017 Ran by KaLOoPaRT (13-12-2017 16:58:03) Run:1 Running from C:\Users\KaLOoPaRT\Desktop Loaded Profiles: KaLOoPaRT (Available Profiles: KaLOoPaRT) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: CloseProcesses: RemoveProxy: HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: 71EDA3426E9531ECFEEE60BD75DE89FA15497166 (U) HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION GroupPolicy: Restriction - Windows Defender <==== ATTENTION SearchScopes: HKU\S-1-5-21-972286001-2891372312-822248144-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end ***************** Restore point was successfully created. Processes closed successfully. ========= RemoveProxy: ========= HKU\S-1-5-21-972286001-2891372312-822248144-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-972286001-2891372312-822248144-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\249BDA38A611CD746A132FA2AF995A2D3C941264" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\3D496FA682E65FC122351EC29B55AB94F3BB03FC" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\71EDA3426E9531ECFEEE60BD75DE89FA15497166" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\A59CC32724DD07A6FC33F7806945481A2D13CA2F" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\AD4C5429E10F4FF6C01840C20ABA344D7401209F" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\DB77E5CFEC34459146748B667C97B185619251BA" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF" => removed successfully "HKLM\Software\Microsoft\SystemCertificates\Disallowed\Certificates\F83099622B4A9F72CB5081F742164AD1B8D048C9" => removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key could not remove, key could be protected C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully HKU\S-1-5-21-972286001-2891372312-822248144-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully ========= netsh winsock reset all ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 10772480 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6335954 B Java, Flash, Steam htmlcache => 938 B Windows/system/drivers => 14600841 B Edge => 622025 B Chrome => 1931758 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B NetworkService => 12050 B KaLOoPaRT => 10725171 B RecycleBin => 0 B EmptyTemp: => 42.9 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 13-12-2017 17:00:04) Result of scheduled keys to remove after reboot: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key could not remove, key could be protected ==== End of Fixlog 17:00:04 ====