Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016 Ran by boogie (14-09-2016 21:18:05) Run:1 Running from C:\Users\boogie\Desktop\antivir\skanery na forum Loaded Profiles: boogie (Available Profiles: boogie) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION Task: {15ED63B3-C33A-48C0-8D40-DF82716A3FF2} - System32\Tasks\UnregisterNonABICompliantCodeRange => Wscript.exe C:\PROGRA~4\ps3d6lkk\8ux7y.js Task: {1642C0E6-7B9E-4196-B81D-B79E5860E0F8} - System32\Tasks\{E8E6B69C-EE66-44AE-9890-706979C4C9A7} => pcalua.exe -a C:\Users\boogie\Downloads\Programy\TrafficShaper\TrafficShaperXpSetup.exe -d C:\Users\boogie\Downloads\Programy\TrafficShaper Task: {6A97ADB3-D41F-411A-8ED4-26C26DD2F268} - System32\Tasks\Ksation Schedule => C:\Program Files (x86)\Sieyhokesy\placty.exe [2016-09-13] (CHENGDU YIWO Tech Development Co., Ltd) Task: {F119DBC5-7536-41E4-B1A9-CD5B6711E4F8} - System32\Tasks\{A0C267A5-D070-4D3F-94C3-954A246C02EB} => pcalua.exe -a "C:\Program Files (x86)\Sieyhokesy\placty.exe" -c 4921cc4c-65ff-4aba-8595-517060699f5d "/k={6DE5D787-248D-499B-9284-6681D68BA37C}" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\33060297.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70053003.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\81472886.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\83008810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\33060297.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70053003.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\81472886.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\83008810.sys => ""="Driver" HKU\S-1-5-21-3756860874-1814013104-2480899376-1000\...\Run: [Antamedia DBServer AsService] => 0 S2 Citdhwa; "C:\Users\boogie\AppData\Roaming\AzigcWig\Geeswu.exe" -cms [X] S4 qahvpk; no ImagePath S3 ndisahMP; system32\DRIVERS\ndisah.sys [X] S2 nldrv; \??\C:\Program Files\Locktime Software\NetLimiter 4\nldrv.sys [X] S1 rtdiftex; \??\C:\Windows\system32\Drivers\rtdiftex.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] GroupPolicy: Restriction - Chrome <======= ATTENTION ShortcutWithArgument: C:\Users\boogie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdAnti DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Antamedia DBServer DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_5F5250ADB2CFD375AE8B1D217CB54004 DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overwolf DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtsFT DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Seviler DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\svchost0 DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\win_en_77 DeleteKey: HKLM\SOFTWARE\MozillaPlugins DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\win_en_77_is1 DeleteKey: HKLM\SOFTWARE\Wow6432Node\MozillaPlugins C:\Antamedia C:\Program Files (x86)\AdAnti C:\Program Files (x86)\9j4t1kht C:\Program Files (x86)\NetPeeker C:\Program Files (x86)\ps3d6lkk C:\Program Files (x86)\sbqh C:\Program Files (x86)\Sieyhokesy C:\Program Files (x86)\SoSoIm_3 C:\Program Files (x86)\SoSoIm_4 C:\Program Files (x86)\SoSoIm_5 C:\Program Files (x86)\SoSoIm_6 C:\Program Files (x86)\Traffic Shaper XP Client C:\Program Files (x86)\Traffic Shaper XP Server C:\Program Files (x86)\win_en_77 C:\Program Files (x86)\WTFast C:\Program Files (x86)\Y2Go C:\ProgramData\zdhvmnqp.xgw C:\ProgramData\AVAST Software C:\ProgramData\Avg C:\ProgramData\Avira C:\ProgramData\Database Server C:\ProgramData\HitmanPro C:\ProgramData\SeriousBit C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traffic Shaper XP C:\Users\boogie\AppData\Local\uts.ini C:\Users\boogie\AppData\Local\AAA_Internet_Publishing,_ C:\Users\boogie\AppData\Local\Animiprujersp C:\Users\boogie\AppData\Local\Overwolf C:\Users\boogie\AppData\Local\Tempfolder C:\Users\boogie\AppData\Local\THORN C:\Users\boogie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 C:\Users\boogie\AppData\LocalLow00000000003B40E8 C:\Users\boogie\AppData\LocalLow00605890 C:\Users\boogie\AppData\LocalLow02F00070 C:\Users\boogie\AppData\LocalLow\Company C:\Users\boogie\AppData\Roaming\GameLauncher C:\Users\boogie\AppData\Roaming\Hemkajdoa C:\Users\boogie\AppData\Roaming\Locktime Software C:\Users\boogie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk C:\Users\boogie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antamedia C:\Users\MSUser.Default C:\Windows\Joberphlusisp C:\Windows\NetPkr.str C:\Windows\system32\wofo C:\Windows\system32\Drivers\nbdrv.sys C:\Windows\SysWOW64\bcevent.dll CMD: ipconfig /flushdns CMD: netsh advfirewall reset EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. ========================= bcdedit ======================== The operation completed successfully. ========= End of bcdedit ========= HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15ED63B3-C33A-48C0-8D40-DF82716A3FF2} => key not found. C:\Windows\System32\Tasks\UnregisterNonABICompliantCodeRange => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UnregisterNonABICompliantCodeRange => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1642C0E6-7B9E-4196-B81D-B79E5860E0F8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1642C0E6-7B9E-4196-B81D-B79E5860E0F8}" => key removed successfully C:\Windows\System32\Tasks\{E8E6B69C-EE66-44AE-9890-706979C4C9A7} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E8E6B69C-EE66-44AE-9890-706979C4C9A7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A97ADB3-D41F-411A-8ED4-26C26DD2F268}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A97ADB3-D41F-411A-8ED4-26C26DD2F268}" => key removed successfully C:\Windows\System32\Tasks\Ksation Schedule => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ksation Schedule" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F119DBC5-7536-41E4-B1A9-CD5B6711E4F8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F119DBC5-7536-41E4-B1A9-CD5B6711E4F8}" => key removed successfully C:\Windows\System32\Tasks\{A0C267A5-D070-4D3F-94C3-954A246C02EB} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A0C267A5-D070-4D3F-94C3-954A246C02EB}" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\33060297.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\70053003.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\81472886.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\83008810.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\33060297.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\70053003.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\81472886.sys" => key removed successfully "HKLM\System\CurrentControlSet\Control\SafeBoot\Network\83008810.sys" => key removed successfully HKU\S-1-5-21-3756860874-1814013104-2480899376-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Antamedia DBServer AsService => value removed successfully Citdhwa => service removed successfully qahvpk => service removed successfully ndisahMP => service removed successfully nldrv => service removed successfully rtdiftex => service removed successfully VGPU => service removed successfully C:\Windows\system32\GroupPolicy\Machine => moved successfully C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully C:\Users\boogie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully. HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdAnti => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Antamedia DBServer => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_5F5250ADB2CFD375AE8B1D217CB54004 => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Overwolf => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtsFT => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Seviler => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\svchost0 => key removed successfully HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\win_en_77 => key removed successfully HKLM\SOFTWARE\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\MozillaPlugins => key removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\win_en_77_is1 => key removed successfully HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => could not remove at first attempt (ErrorCode: C0000121), see next line. HKLM\SOFTWARE\Wow6432Node\MozillaPlugins => key removed successfully C:\Antamedia => moved successfully C:\Program Files (x86)\AdAnti => moved successfully C:\Program Files (x86)\9j4t1kht => moved successfully C:\Program Files (x86)\NetPeeker => moved successfully C:\Program Files (x86)\ps3d6lkk => moved successfully C:\Program Files (x86)\sbqh => moved successfully C:\Program Files (x86)\Sieyhokesy => moved successfully C:\Program Files (x86)\SoSoIm_3 => moved successfully C:\Program Files (x86)\SoSoIm_4 => moved successfully C:\Program Files (x86)\SoSoIm_5 => moved successfully C:\Program Files (x86)\SoSoIm_6 => moved successfully C:\Program Files (x86)\Traffic Shaper XP Client => moved successfully C:\Program Files (x86)\Traffic Shaper XP Server => moved successfully "C:\Program Files (x86)\win_en_77" => not found. C:\Program Files (x86)\WTFast => moved successfully C:\Program Files (x86)\Y2Go => moved successfully C:\ProgramData\zdhvmnqp.xgw => moved successfully C:\ProgramData\AVAST Software => moved successfully C:\ProgramData\Avg => moved successfully C:\ProgramData\Avira => moved successfully C:\ProgramData\Database Server => moved successfully C:\ProgramData\HitmanPro => moved successfully C:\ProgramData\SeriousBit => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Traffic Shaper XP => moved successfully C:\Users\boogie\AppData\Local\uts.ini => moved successfully C:\Users\boogie\AppData\Local\AAA_Internet_Publishing,_ => moved successfully C:\Users\boogie\AppData\Local\Animiprujersp => moved successfully C:\Users\boogie\AppData\Local\Overwolf => moved successfully C:\Users\boogie\AppData\Local\Tempfolder => moved successfully C:\Users\boogie\AppData\Local\THORN => moved successfully C:\Users\boogie\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 => moved successfully C:\Users\boogie\AppData\LocalLow00000000003B40E8 => moved successfully C:\Users\boogie\AppData\LocalLow00605890 => moved successfully C:\Users\boogie\AppData\LocalLow02F00070 => moved successfully C:\Users\boogie\AppData\LocalLow\Company => moved successfully C:\Users\boogie\AppData\Roaming\GameLauncher => moved successfully C:\Users\boogie\AppData\Roaming\Hemkajdoa => moved successfully C:\Users\boogie\AppData\Roaming\Locktime Software => moved successfully C:\Users\boogie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => moved successfully C:\Users\boogie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antamedia => moved successfully C:\Users\MSUser.Default => moved successfully C:\Windows\Joberphlusisp => moved successfully C:\Windows\NetPkr.str => moved successfully C:\Windows\system32\wofo => moved successfully C:\Windows\system32\Drivers\nbdrv.sys => moved successfully C:\Windows\SysWOW64\bcevent.dll => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh advfirewall reset ========= Ok. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 8388608 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12476481 B Java, Flash, Steam htmlcache => 708 B Windows/system/drivers => 51338081 B Edge => 0 B Chrome => 425411379 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Public => 0 B ProgramData => 0 B systemprofile => 16802 B systemprofile32 => 66356 B LocalService => 0 B NetworkService => 21058 B boogie => 1178515510 B RecycleBin => 1374328 B EmptyTemp: => 1.6 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 21:18:14 ====