Fix result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019 01
Ran by Firas (05-03-2019 12:44:56) Run:1
Running from C:\Users\Firas\Desktop
Loaded Profiles: Firas & Guest (Available Profiles: Firas & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1649961678-2545274511-965344067-1000\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-1649961678-2545274511-965344067-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-1649961678-2545274511-965344067-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-1649961678-2545274511-965344067-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWv3E6lQ11TXxwEVX93S2fWOtlIkTvrUp7FDIsgIQlQWN6L4DhL8pzBsZfCKpWGOlpu9wBMd2Er1xpWPkjczOIFbGm0OVDvALVJUBrqo7ln44OfvDfhuOD-CiBKaqkXkb8NDp4izOk9Ns8Z9xGiZOrdT_gMfK90xDyb-YiEhK3&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWv3E6lQ11TXxwEVX93S2fWOtlIkTvrUp7FDIsgIQlQWN6L4DhL8pzBsZfCKpWGOlpu9wBMd2Er1xpWPkjczOIFbGm0OVDvALVJUBrqo7ln44OfvDfhuOD-CiBKaqkXkb8NDp4izOk9Ns8Z9xGiZOrdT_gMfK90xDyb-YiEhK3&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1649961678-2545274511-965344067-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWv3E6lQ11TXxwEVX93S2fWOtlIkTvrUp7FDIsgIQlQWN6L4DhL8pzBsZfCKpWGOlpu9wBMd2Er1xpWPkjczOIFbGm0OVDvALVJUBrqo7ln44OfvDfhuOD-CiBKaqkXkb8NDp4izOk9Ns8Z9xGiZOrdT_gMfK90xDyb-YiEhK3&q={searchTerms}
StartMenuInternet: Google Chrome.43UE4D4X2W6OLLEFJ6AFL4YCNI - C:\Users\Firas\AppData\Local\Google\Chrome\Application\chrome.exe
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavShx64.dll -> No File
ContextMenuHandlers1: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavShx64.dll -> No File
ContextMenuHandlers2: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavShx64.dll -> No File
ContextMenuHandlers6: [Baidu_Scan] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.118812.0\BavShx64.dll -> No File
Task: {2CC2F4E0-DA6D-44E9-B295-DD13C84D0773} - System32\Tasks\{06C6DAA5-6B78-4856-903E-437AA6A3A477} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe" -c -runfromtemp -removeonly
Task: {2F8506AA-7B40-4BF2-8155-F931681F93FB} - System32\Tasks\psv_X-Joyis => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\KinTantech.reg" & del "C:\ProgramData\Ronzap\KinTantech.reg" & SCHTASKS /Delete /TN "psv_X-Joyis" /F <==== ATTENTION
Task: {3D340D60-3CF5-48F2-93DC-27B429239810} - System32\Tasks\psv_Fix-Air => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Bio-Dex.reg" & del "C:\ProgramData\Ronzap\Bio-Dex.reg" & SCHTASKS /Delete /TN "psv_Fix-Air" /F <==== ATTENTION
Task: {3E1BB028-191B-4FF0-9986-AF4351544275} - System32\Tasks\psv_Driphome => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Damcof.reg" & del "C:\ProgramData\Ronzap\Damcof.reg" & SCHTASKS /Delete /TN "psv_Driphome" /F <==== ATTENTION
Task: {46FE8BC3-216B-41DD-9277-4A415B185785} - System32\Tasks\Win Update => c:\Intell\POOL\russian.vbs
Task: {487A8DE6-B0A0-44D8-A6EF-4AFD565ADC8D} - System32\Tasks\psv_FaxSaozap => cmd.exe /c regedit.exe /s "C:\ProgramData\Ronzap\Villacore.reg" & del "C:\ProgramData\Ronzap\Villacore.reg" & SCHTASKS /Delete /TN "psv_FaxSaozap" /F <==== ATTENTION
Task: {5B41B1CD-99E6-4724-B5B5-CEBA8B7B71D8} - System32\Tasks\snf => C:\ProgramData\Ronzap\Ronzap.exe <==== ATTENTION
Task: {C1E781E4-FA08-49C5-91DD-85C4A19A4867} - \hostTask -> No File <==== ATTENTION
Task: {C6CAA773-7781-4FAB-B6F1-437CE6A82D06} - System32\Tasks\snp => C:\ProgramData\Ronzap\Ronzap.exe <==== ATTENTION
FirewallRules: [{35B0C3ED-AEE0-43BF-A960-5744814E060B}] => (Allow) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe No File
FirewallRules: [{9E714AC6-F4A1-4912-8695-2390F12DDA8A}] => (Allow) C:\Program Files (x86)\Baidu WiFiHotspot\WifiHotspot.exe No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
"HKU\S-1-5-21-1649961678-2545274511-965344067-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NolowDiskSpaceChecks" => removed successfully
"HKU\S-1-5-21-1649961678-2545274511-965344067-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\TaskbarNoNotification" => removed successfully
"HKU\S-1-5-21-1649961678-2545274511-965344067-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth" => removed successfully
HKU\S-1-5-21-1649961678-2545274511-965344067-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\ielnksrch => not found
HKU\S-1-5-21-1649961678-2545274511-965344067-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => removed successfully
HKLM\Software\Classes\CLSID\{ielnksrch} => not found
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome.43UE4D4X2W6OLLEFJ6AFL4YCNI\shell\open\command\\Default => value restored successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock => removed successfully
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Baidu_Scan => removed successfully
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Baidu_Scan => removed successfully
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan => removed successfully
HKLM\Software\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CC2F4E0-DA6D-44E9-B295-DD13C84D0773}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CC2F4E0-DA6D-44E9-B295-DD13C84D0773}" => removed successfully
C:\Windows\System32\Tasks\{06C6DAA5-6B78-4856-903E-437AA6A3A477} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{06C6DAA5-6B78-4856-903E-437AA6A3A477}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F8506AA-7B40-4BF2-8155-F931681F93FB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F8506AA-7B40-4BF2-8155-F931681F93FB}" => removed successfully
Could not move "C:\Windows\System32\Tasks\psv_X-Joyis" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_X-Joyis" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D340D60-3CF5-48F2-93DC-27B429239810}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D340D60-3CF5-48F2-93DC-27B429239810}" => removed successfully
Could not move "C:\Windows\System32\Tasks\psv_Fix-Air" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Fix-Air" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E1BB028-191B-4FF0-9986-AF4351544275}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E1BB028-191B-4FF0-9986-AF4351544275}" => removed successfully
Could not move "C:\Windows\System32\Tasks\psv_Driphome" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Driphome" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{46FE8BC3-216B-41DD-9277-4A415B185785}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46FE8BC3-216B-41DD-9277-4A415B185785}" => removed successfully
Could not move "C:\Windows\System32\Tasks\Win Update" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Win Update" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{487A8DE6-B0A0-44D8-A6EF-4AFD565ADC8D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{487A8DE6-B0A0-44D8-A6EF-4AFD565ADC8D}" => removed successfully
Could not move "C:\Windows\System32\Tasks\psv_FaxSaozap" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_FaxSaozap" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B41B1CD-99E6-4724-B5B5-CEBA8B7B71D8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B41B1CD-99E6-4724-B5B5-CEBA8B7B71D8}" => removed successfully
Could not move "C:\Windows\System32\Tasks\snf" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snf" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1E781E4-FA08-49C5-91DD-85C4A19A4867}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1E781E4-FA08-49C5-91DD-85C4A19A4867}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\hostTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6CAA773-7781-4FAB-B6F1-437CE6A82D06}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6CAA773-7781-4FAB-B6F1-437CE6A82D06}" => removed successfully
Could not move "C:\Windows\System32\Tasks\snp" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\snp" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{35B0C3ED-AEE0-43BF-A960-5744814E060B}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9E714AC6-F4A1-4912-8695-2390F12DDA8A}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4251078 B
Java, Flash, Steam htmlcache => 3233 B
Windows/system/drivers => 116904990 B
Edge => 0 B
Chrome => 666672524 B
Firefox => 382759602 B
Opera => 21030848 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 60194235 B
systemprofile32 => 70386 B
LocalService => 66228 B
NetworkService => 649294 B
Firas => 1246014751 B
Guest => 710345 B

RecycleBin => 5448029018 B
EmptyTemp: => 7.4 GB temporary data Removed.

================================

==== End of Fixlog 12:46:44 ====