Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by Michal (26-10-2016 16:04:20) Run:1
Running from C:\Users\Michal\Desktop
Loaded Profiles: Michal (Available Profiles: Michal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-606056733-3967136355-1948296624-1001\...\Run: [rhbhwdzirq] => explorer "hxxp://granena.ru/?utm_source=uoua03n&utm_content=e739009bccd5f1e6d71a91bff5994529&utm_term=D257281A092DF882157CB8DAE03961DF&utm_d=20161018" <===== ATTENTION
IFEO\OSppSvc.exe: [Debugger] KMS-R@1nHook.exe
IFEO\SppExtComObj.exe: [Debugger] KMS-R@1nHook.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
HKU\S-1-5-21-606056733-3967136355-1948296624-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://granena.ru/?utm_content=31b5cebd524a9af6c7a772dca81815e9&utm_source=startpm&utm_term=D257281A092DF882157CB8DAE03961DF&utm_d=20161018
SearchScopes: HKU\S-1-5-21-606056733-3967136355-1948296624-1001 -> DefaultScope {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-606056733-3967136355-1948296624-1001 -> {A06ED961-D98F-4CF9-A89B-80AB11DB149C} URL = hxxp://go-search.ru/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-606056733-3967136355-1948296624-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B3B2791C0-3FE2-4CB2-B1BD-2D3BA041ECA1%7D&gp=811014
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\ayofdylg.default -> GoSearch
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ayofdylg.default -> GoSearch
FF SearchPlugin: C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ayofdylg.default\searchplugins\GoSearch.xml [2016-10-24]
R2 KMS-R@1n; C:\Windows\KMS-R@1n.exe [26112 2016-02-18] () [File not signed]
Task: {629FD019-A922-4ABB-B53B-7B94E9039ED0} - System32\Tasks\R@1n-KMS\Windows64Professional => wmic [Argument = path SoftwareLicensingProduct where (ID="2de67392-b7a7-462a-b1ca-108dd189f588") call Activate]
File: C:\Users\Michal\AppData\Local\FileSystemDriver\FileSystemDriver.exe
Folder: C:\Users\Michal\AppData\Local\FileSystemDriver
File: C:\Users\Michal\AppData\Local\fupdate\fupdate.exe
Folder: C:\Users\Michal\AppData\Local\fupdate
C:\Windows\KMS-R@1n.exe
C:\WINDOWS\KMS-R@1nHook.dll
C:\WINDOWS\KMS-R@1nHook.exe
FirewallRules: [{7849B08A-B9B2-4E93-BD3F-49027D352879}] => (Allow) C:\Users\Michal\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{7D579100-6776-4404-9A1B-5EBD3A3D0F49}] => (Allow) C:\Users\Michal\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{F4350ACA-AD17-4387-9EBB-189F9C923567}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{394CC831-2058-4170-BFB4-A26854D0218B}] => (Allow) C:\Windows\KMS-R@1n.exe
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-606056733-3967136355-1948296624-1001\Software\Microsoft\Windows\CurrentVersion\Run\\rhbhwdzirq => value removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\OSppSvc.exe" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\SppExtComObj.exe" => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKU\S-1-5-21-606056733-3967136355-1948296624-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-606056733-3967136355-1948296624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-606056733-3967136355-1948296624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C}" => key removed successfully
HKCR\CLSID\{A06ED961-D98F-4CF9-A89B-80AB11DB149C} => key not found. 
"HKU\S-1-5-21-606056733-3967136355-1948296624-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}" => key removed successfully
HKCR\CLSID\{FFEBBF0A-C22C-4172-89FF-45215A135AC7} => key not found. 
Firefox DefaultSearchEngine removed successfully
Firefox SelectedSearchEngine removed successfully
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\ayofdylg.default\searchplugins\GoSearch.xml => moved successfully
KMS-R@1n => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{629FD019-A922-4ABB-B53B-7B94E9039ED0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{629FD019-A922-4ABB-B53B-7B94E9039ED0}" => key removed successfully
C:\WINDOWS\System32\Tasks\R@1n-KMS\Windows64Professional => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS\Windows64Professional" => key removed successfully

========================= File: C:\Users\Michal\AppData\Local\FileSystemDriver\FileSystemDriver.exe ========================

File is digitally signed
MD5: 08C4FEEDEED6A13EFEC2B83D4976EC25
Creation and modification date: 2016-10-18 09:43 - 2016-10-18 09:43
Size: 0612304
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 

====== End of File: ======


========================= Folder: C:\Users\Michal\AppData\Local\FileSystemDriver ========================

2016-10-18 09:43 - 2016-10-18 09:43 - 0612304 _____ () C:\Users\Michal\AppData\Local\FileSystemDriver\FileSystemDriver.exe

====== End of Folder: ======


========================= File: C:\Users\Michal\AppData\Local\fupdate\fupdate.exe ========================

File is digitally signed
MD5: 3C6DC10C0269DA71150E47A0B931B410
Creation and modification date: 2016-09-01 10:43 - 2016-10-18 09:43
Size: 0138464
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 1.0.0.83
Product Version: 1.0.0.83
Copyright: 

====== End of File: ======


========================= Folder: C:\Users\Michal\AppData\Local\fupdate ========================

2016-09-01 10:43 - 2016-10-18 09:43 - 0138464 _____ () C:\Users\Michal\AppData\Local\fupdate\fupdate.exe

====== End of Folder: ======

C:\Windows\KMS-R@1n.exe => moved successfully
C:\WINDOWS\KMS-R@1nHook.dll => moved successfully
C:\WINDOWS\KMS-R@1nHook.exe => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7849B08A-B9B2-4E93-BD3F-49027D352879} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D579100-6776-4404-9A1B-5EBD3A3D0F49} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4350ACA-AD17-4387-9EBB-189F9C923567} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{394CC831-2058-4170-BFB4-A26854D0218B} => value removed successfully


The system needed a reboot.

==== End of Fixlog 16:04:31 ====