Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2017
Ran by fan (20-12-2017 19:18:17) Run:2
Running from C:\Users\fan\Desktop
Loaded Profiles: fan (Available Profiles: fan & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\...\MountPoints2: {7b77baa4-b57c-11e6-aeab-001d92b0e5dd} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\...\MountPoints2: {e53d4a5b-96ef-11e6-9fae-001d92b0e5dd} - "G:\setup.exe"
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\...\MountPoints2: {e53d4a5e-96ef-11e6-9fae-001d92b0e5dd} - "H:\setup.exe"
GroupPolicy: Restriction - Windows Defender <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-72047652-2448835880-2394339217-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Task: {4D0250A3-436A-4F7F-8849-3662226E63C8} - \MicrosoftServic -> No File <==== ATTENTION
Task: {531791BA-C1AD-4967-87F3-7D7A0DF76806} - System32\Tasks\JPEGpremeMaker => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\JPEGpremeMaker\JPEGpremeMaker.dll",RmVOAN <==== ATTENTION
Task: {59F33A3D-5D33-4828-AB23-D56503024646} - System32\Tasks\Update\RevoUninstaller => cmd /c type "C:\Users\fan\AppData\Local\Temp\RevoUninstaller.txt" | cmd <==== ATTENTION
Task: {8D6DF486-B2EF-4463-AC42-00DE219B82F7} - System32\Tasks\Simple MPEG4 Digital Connector => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Simple MPEG4 Digital Connector\Simple MPEG4 Digital Connector.dll",KIFSWEy <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Microsoft:2DA0GW0uuk0nwCbdVb8 [2690]
AlternateDataStreams: C:\ProgramData\Microsoft:4tDLbX3vx4Yydvm1wigOEsxn [2228]
AlternateDataStreams: C:\ProgramData\Microsoft:7wki8RQ6z4R0Ea48FKoar3A [2312]
AlternateDataStreams: C:\ProgramData\Microsoft:82Qmtp5r44i4d65CgmVSo7w6ClX [2550]
AlternateDataStreams: C:\ProgramData\Microsoft:iMAIfgzkeNuSpm7NOrGksN [2300]
AlternateDataStreams: C:\ProgramData\Microsoft:JFYsZQk9QJRdCda2FIOe [2332]
AlternateDataStreams: C:\ProgramData\Microsoft:r9wuKSYzmzTbFHXd8YjlKPkW [2102]
AlternateDataStreams: C:\ProgramData\Microsoft:uSFlYIZzfgxgTGyZP [2174]
AlternateDataStreams: C:\Users\fan\Cookies:459ZuxewdcggNWyeia [2246]
AlternateDataStreams: C:\Users\fan\Local Settings.[unlocksupp@airmail.cc or BM-2cTVHx6b7RYhJ9gGKZn6yTuBpBBq3LHRkz@bitmessage.ch]-id-22CC.wallet:e5rpWejR5TvNSiDzxEYdjsbMyK [2404]
AlternateDataStreams: C:\Users\fan\Local Settings.[unlocksupp@airmail.cc or BM-2cTVHx6b7RYhJ9gGKZn6yTuBpBBq3LHRkz@bitmessage.ch]-id-22CC.wallet:WDdaIbXiT15cPdeSw3Vc7LP6 [2744]
AlternateDataStreams: C:\Users\fan\AppData\Local:e5rpWejR5TvNSiDzxEYdjsbMyK [2404]
AlternateDataStreams: C:\Users\fan\AppData\Local:WDdaIbXiT15cPdeSw3Vc7LP6 [2744]
AlternateDataStreams: C:\Users\fan\AppData\Local\Application Data:e5rpWejR5TvNSiDzxEYdjsbMyK [2404]
AlternateDataStreams: C:\Users\fan\AppData\Local\Application Data:WDdaIbXiT15cPdeSw3Vc7LP6 [2744]
AlternateDataStreams: C:\Users\fan\AppData\Local\Temporary Internet Files:69ooqq4YFyCd2I6oDNSZUJUYt [2306]
AlternateDataStreams: C:\Users\fan\AppData\Local\Y44x5Gry18:MYlYgvinoJBiAdJw4plx3w [2170]
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B67BAFBA-4C9F-48FA-9496-933E3B255044}
C:\Program Files (x86)\Miped
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
C:\ProgramData\WindowsErrorReporting
C:\Users\fan\AppData\Roaming\Imminent
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B67BAFBA-4C9F-48FA-9496-933E3B255044}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531791BA-C1AD-4967-87F3-7D7A0DF76806}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{531791BA-C1AD-4967-87F3-7D7A0DF76806}
C:\Windows\System32\Tasks\JPEGpremeMaker
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6DF486-B2EF-4463-AC42-00DE219B82F7}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8D6DF486-B2EF-4463-AC42-00DE219B82F7}
C:\Windows\System32\Tasks\Simple MPEG4 Digital Connector
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E83E2EA-205C-4D2D-A187-A6017A0C98D1}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9E83E2EA-205C-4D2D-A187-A6017A0C98D1}
C:\Windows\System32\Tasks\memory\memory
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA2B5ABB-E3F7-4FA2-946D-3BF838B088DE}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EA2B5ABB-E3F7-4FA2-946D-3BF838B088DE}
C:\Windows\System32\Tasks\Microsoft Windows Mail
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|CyberGhost
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|xxx
O4 - HKCU\..\Run| [xxx] . (. - .) -- xxx
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|GEARAspiWDM.exe
DeleteValue: HKU\S-1-5-21-72047652-2448835880-2394339217-1001\Software\Microsoft\Windows\CurrentVersion\Run|CyberGhost
DeleteValue: HKU\S-1-5-21-72047652-2448835880-2394339217-1001\Software\Microsoft\Windows\CurrentVersion\Run|xxx
O4 - HKUS\S-1-5-21-72047652-2448835880-2394339217-1001\..\Run| [xxx] . (. - .) -- xxx
DeleteValue: HKU\S-1-5-21-72047652-2448835880-2394339217-1001\Software\Microsoft\Windows\CurrentVersion\Run|GEARAspiWDM.exe
DeleteKey: HKCU\SOFTWARE\GenericTools
DeleteKey: HKCU\SOFTWARE\myprintscreen.com
C:\WINDOWS\Prefetch\MYPRINTSCREEN(2).EXE-08EA6BA0.pf
C:\WINDOWS\Prefetch\MYPRINTSCREEN(2).TMP-A051E4D7.pf
C:\WINDOWS\Installer\695b789.msi
EmptyTemp:

*****************

Processes closed successfully.
Restore point was successfully created.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b77baa4-b57c-11e6-aeab-001d92b0e5dd} => key not found
HKLM\Software\Classes\CLSID\{7b77baa4-b57c-11e6-aeab-001d92b0e5dd} => key not found
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e53d4a5b-96ef-11e6-9fae-001d92b0e5dd} => key not found
HKLM\Software\Classes\CLSID\{e53d4a5b-96ef-11e6-9fae-001d92b0e5dd} => key not found
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e53d4a5e-96ef-11e6-9fae-001d92b0e5dd} => key not found
HKLM\Software\Classes\CLSID\{e53d4a5e-96ef-11e6-9fae-001d92b0e5dd} => key not found
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
"C:\WINDOWS\system32\GroupPolicy\User" => not found.
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D0250A3-436A-4F7F-8849-3662226E63C8}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D0250A3-436A-4F7F-8849-3662226E63C8} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftServic => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531791BA-C1AD-4967-87F3-7D7A0DF76806} => key not found
C:\WINDOWS\System32\Tasks\JPEGpremeMaker => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JPEGpremeMaker => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F33A3D-5D33-4828-AB23-D56503024646} => key not found
C:\WINDOWS\System32\Tasks\Update\RevoUninstaller => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Update\RevoUninstaller => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6DF486-B2EF-4463-AC42-00DE219B82F7} => key not found
C:\WINDOWS\System32\Tasks\Simple MPEG4 Digital Connector => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Simple MPEG4 Digital Connector => key not found
"C:\ProgramData\Microsoft" => ":2DA0GW0uuk0nwCbdVb8" ADS not found.
"C:\ProgramData\Microsoft" => ":4tDLbX3vx4Yydvm1wigOEsxn" ADS not found.
"C:\ProgramData\Microsoft" => ":7wki8RQ6z4R0Ea48FKoar3A" ADS not found.
"C:\ProgramData\Microsoft" => ":82Qmtp5r44i4d65CgmVSo7w6ClX" ADS not found.
"C:\ProgramData\Microsoft" => ":iMAIfgzkeNuSpm7NOrGksN" ADS not found.
"C:\ProgramData\Microsoft" => ":JFYsZQk9QJRdCda2FIOe" ADS not found.
"C:\ProgramData\Microsoft" => ":r9wuKSYzmzTbFHXd8YjlKPkW" ADS not found.
"C:\ProgramData\Microsoft" => ":uSFlYIZzfgxgTGyZP" ADS not found.
"C:\Users\fan\Cookies" => ":459ZuxewdcggNWyeia" ADS not found.
"C:\Users\fan\Local Settings.[unlocksupp@airmail.cc or BM-2cTVHx6b7RYhJ9gGKZn6yTuBpBBq3LHRkz@bitmessage.ch]-id-22CC.wallet" => ":e5rpWejR5TvNSiDzxEYdjsbMyK" ADS not found.
"C:\Users\fan\Local Settings.[unlocksupp@airmail.cc or BM-2cTVHx6b7RYhJ9gGKZn6yTuBpBBq3LHRkz@bitmessage.ch]-id-22CC.wallet" => ":WDdaIbXiT15cPdeSw3Vc7LP6" ADS not found.
"C:\Users\fan\AppData\Local" => ":e5rpWejR5TvNSiDzxEYdjsbMyK" ADS not found.
"C:\Users\fan\AppData\Local" => ":WDdaIbXiT15cPdeSw3Vc7LP6" ADS not found.
"C:\Users\fan\AppData\Local\Application Data" => ":e5rpWejR5TvNSiDzxEYdjsbMyK" ADS not found.
"C:\Users\fan\AppData\Local\Application Data" => ":WDdaIbXiT15cPdeSw3Vc7LP6" ADS not found.
"C:\Users\fan\AppData\Local\Temporary Internet Files" => ":69ooqq4YFyCd2I6oDNSZUJUYt" ADS not found.
"C:\Users\fan\AppData\Local\Y44x5Gry18" => ":MYlYgvinoJBiAdJw4plx3w" ADS not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B67BAFBA-4C9F-48FA-9496-933E3B255044} => key not found
"C:\Program Files (x86)\Miped" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime" => not found.
"C:\ProgramData\WindowsErrorReporting" => not found.
"C:\Users\fan\AppData\Roaming\Imminent" => not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B67BAFBA-4C9F-48FA-9496-933E3B255044} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{531791BA-C1AD-4967-87F3-7D7A0DF76806} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{531791BA-C1AD-4967-87F3-7D7A0DF76806} => key not found
"C:\Windows\System32\Tasks\JPEGpremeMaker" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6DF486-B2EF-4463-AC42-00DE219B82F7} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8D6DF486-B2EF-4463-AC42-00DE219B82F7} => key not found
"C:\Windows\System32\Tasks\Simple MPEG4 Digital Connector" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E83E2EA-205C-4D2D-A187-A6017A0C98D1} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9E83E2EA-205C-4D2D-A187-A6017A0C98D1} => key not found
"C:\Windows\System32\Tasks\memory\memory" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EA2B5ABB-E3F7-4FA2-946D-3BF838B088DE} => key not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EA2B5ABB-E3F7-4FA2-946D-3BF838B088DE} => key not found
"C:\Windows\System32\Tasks\Microsoft Windows Mail" => not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\CyberGhost => value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\xxx => value not found.
O4 - HKCU\..\Run| [xxx] . (. - .) -- xxx => Error: No automatic fix found for this entry.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GEARAspiWDM.exe => value not found.
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CyberGhost => value not found.
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\Software\Microsoft\Windows\CurrentVersion\Run\\xxx => value not found.
O4 - HKUS\S-1-5-21-72047652-2448835880-2394339217-1001\..\Run| [xxx] . (. - .) -- xxx => Error: No automatic fix found for this entry.
HKU\S-1-5-21-72047652-2448835880-2394339217-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GEARAspiWDM.exe => value not found.
HKCU\SOFTWARE\GenericTools => key not found
HKCU\SOFTWARE\myprintscreen.com => key not found
"C:\WINDOWS\Prefetch\MYPRINTSCREEN(2).EXE-08EA6BA0.pf" => not found.
"C:\WINDOWS\Prefetch\MYPRINTSCREEN(2).TMP-A051E4D7.pf" => not found.
"C:\WINDOWS\Installer\695b789.msi" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6459023 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 30552 B
Edge => 0 B
Chrome => 0 B
Firefox => 54928124 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 874 B
NetworkService => 3144 B
fan => 84868 B
Guest => 0 B

RecycleBin => 92188 B
EmptyTemp: => 66.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:19:10 ====