fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1192478903-1979992526-3781766259-23221\...\Run: [MSVCRuntime] => C:\Users\*****\AppData\Roaming\RuntimeServices\mscnsdtl30.exe [2571264 2018-08-28] (Microsoft Corporation)
Task: {0DA28DCE-C904-4D29-ABA2-0A83B6538E84} - System32\Tasks\{382206AF-3B40-4179-A5AB-6282A401826A} => C:\Users\****AD~1\AppData\Local\Temp\362BF571-7247-47B8-9BCE-F122D1CEBF30\ga_service.exe <==== ATTENTION
Task: {B7935301-6B77-4ADB-A9B3-4B6C0E095D99} - System32\Tasks\memRun32 => C:\Users\*****\AppData\Roaming\RuntimeServices\mscnsdtl30.exe [2018-08-28] (Microsoft Corporation)
Task: {E0C394FD-79F4-452F-9496-707D3CBFA1FE} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
FirewallRules: [TCP Query User{E94FA75D-AFAB-4927-A2E8-BF295D5114B5}C:\users\**** admin\appdata\local\temp\362bf571-7247-47b8-9bce-f122d1cebf30\ga_service.exe] => (Allow) C:\users\*******\appdata\local\temp\362bf571-7247-47b8-9bce-f122d1cebf30\ga_service.exe
C:\Users\*****\ntuser.pol
C:\Users\*****\AppData\Local\kщjьuюфmиьvмvличau
C:\Users\*****\AppData\Local\vnbxqфrцьшкбpщхрmg.zip
C:\Users\*****\AppData\Local\Temp\wininetsvc.exe
C:\Users\****AD~1\AppData\Local\Temp\362BF571-7247-47B8-9BCE-F122D1CEBF30\ga_service.exe
C:\Users\*****\AppData\Roaming\RuntimeServices
C:\Users\******\AppData\Roaming\mbdssvc
C:\Windows\SysWOW64\abracadabra08092011.exe
---------------------------------------------------------------------------------------------------------------------------
Wow, seems it has been fixed, thanks a lot guys.. you guys are awesome..