Kako da se resim ovoga

2

Kako da se resim ovoga

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Fix result of Farbar Recovery Scan Tool (x64) Version: 24-06-2017 01
Ran by PC (24-06-2017 21:47:59) Run:5
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
C:\Windows\Temp\gDAE6.tmp.exe
C:\Windows\Temp\g187F.tmp.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
Toolbar: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
CHR Extension: (easychrome) - C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-06-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [2985064 2009-07-14] () [File not signed] <==== ATTENTION
C:\Windows\system32\drivers\lanmamaster.sys
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [197480 2009-07-14] () [File not signed] <==== ATTENTION
C:\Windows\system32\drivers\UefGdstor.sys
R2 mptpmdxm; C:\Windows\SysWow64\mptpmdxm.dll [463144 2017-06-24] () <==== ATTENTION
C:\Windows\SysWow64\mptpmdxm.dll
Task: {BBCCBFE6-0DFE-4252-9352-047DB00C04A0} - System32\Tasks\Windows Password Ex Lite => Rundll32.exe "C:\Program Files\Windows Password Ex Lite\Windows Password Ex Lite.dll",cnQJPcQeHdC <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
C:\Program Files\Windows Password Ex Lite
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\user.js [2017-05-10]
FF Extension: (Tables) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\455574@extcorp.com.xpi [2017-06-24]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-06-24] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-06-24] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-06-24] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-06-24]
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxp://www.google.com/ncr",["hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48"
CHR NewTab: Default -> Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Extension: (Empty New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2017-06-24]
CHR Extension: (Tables) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-24]
CHR Extension: (Awesome New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2017-06-24]
CHR Extension: (Google Input Tools) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig [2017-06-24]
CHR Extension: (Hover Zoom) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-06-24]
2017-06-24 17:37 - 2017-06-24 17:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\BrowserModule
2017-06-24 17:25 - 2017-06-24 20:24 - 00016758 _____ C:\Windows\System32\Tasks\Windows Password Ex Lite
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\UCChannel
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-24 17:23 - 2017-06-24 17:23 - 07307776 _____ C:\Users\PC\AppData\Local\agent.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 03137536 _____ (TODO: <Company name>) C:\Users\PC\AppData\Local\Geodox.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 01897945 _____ C:\Users\PC\AppData\Local\Geodox.tst
2017-06-24 17:23 - 2017-06-24 17:23 - 00930816 _____ C:\Users\PC\AppData\Local\test_db_cara.db
2017-06-24 17:23 - 2017-06-24 17:23 - 00140800 _____ C:\Users\PC\AppData\Local\installer.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00126464 _____ C:\Users\PC\AppData\Local\noah.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00070800 _____ C:\Users\PC\AppData\Local\Config.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00018432 _____ C:\Users\PC\AppData\Local\Main.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00011568 _____ C:\Users\PC\AppData\Local\InstallationConfiguration.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00005568 _____ C:\Users\PC\AppData\Local\md.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Local\AdvinstAnalytics
2017-06-23 06:54 - 2017-06-23 06:54 - 00689152 _____ C:\Windows\b7cad336bcaef8766398d2dc3888be9e.exe
2017-06-23 06:54 - 2017-06-23 06:54 - 00051619 _____ C:\Windows\uninstaller.dat
Folder:C:\Windows\SysWOW64\SSL
Folder:C:\ProgramData\DataCache
EmptyTemp:
*****************

Restore point was successfully created.
C:\Windows\Temp\gDAE6.tmp.exe => moved successfully
C:\Windows\Temp\g187F.tmp.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => value removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => key not found.
C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
LanmaMaster => Unable to stop service.
HKLM\System\CurrentControlSet\Services\LanmaMaster => key removed successfully
LanmaMaster => service removed successfully
C:\Windows\system32\drivers\lanmamaster.sys => moved successfully
UefGdstor => Unable to stop service.
HKLM\System\CurrentControlSet\Services\UefGdstor => key could not remove, key could be protected
Could not move "C:\Windows\system32\drivers\UefGdstor.sys" => Scheduled to move on reboot.
mptpmdxm => Unable to stop service.
HKLM\System\CurrentControlSet\Services\mptpmdxm => key removed successfully
mptpmdxm => service removed successfully
Could not move "C:\Windows\SysWow64\mptpmdxm.dll" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BBCCBFE6-0DFE-4252-9352-047DB00C04A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBCCBFE6-0DFE-4252-9352-047DB00C04A0} => key removed successfully
C:\Windows\System32\Tasks\Windows Password Ex Lite => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Password Ex Lite => key removed successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\Program Files\Windows Password Ex Lite => moved successfully
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\user.js => moved successfully
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\455574@extcorp.com.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js => moved successfully
Chrome StartupUrls => removed successfully
Chrome NewTab => removed successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl => moved successfully
C:\Users\PC\AppData\Roaming\BrowserModule => moved successfully
"C:\Windows\System32\Tasks\Windows Password Ex Lite" => not found.
C:\Users\Public\Documents\XMUpdate => moved successfully
C:\Users\PC\AppData\Roaming\UCChannel => moved successfully
"C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" => not found.
C:\ProgramData\Microleaves => moved successfully
C:\Users\PC\AppData\Local\agent.dat => moved successfully
C:\Users\PC\AppData\Local\Geodox.exe => moved successfully
C:\Users\PC\AppData\Local\Geodox.tst => moved successfully
C:\Users\PC\AppData\Local\test_db_cara.db => moved successfully
C:\Users\PC\AppData\Local\installer.dat => moved successfully
C:\Users\PC\AppData\Local\noah.dat => moved successfully
C:\Users\PC\AppData\Local\Config.xml => moved successfully
C:\Users\PC\AppData\Local\Main.dat => moved successfully
C:\Users\PC\AppData\Local\InstallationConfiguration.xml => moved successfully
C:\Users\PC\AppData\Local\md.xml => moved successfully
C:\Program Files (x86)\Microleaves => moved successfully
C:\Users\PC\AppData\Roaming\Microleaves => moved successfully
C:\Users\PC\AppData\Local\AdvinstAnalytics => moved successfully
C:\Windows\b7cad336bcaef8766398d2dc3888be9e.exe => moved successfully
C:\Windows\uninstaller.dat => moved successfully

========================= Folder:C:\Windows\SysWOW64\SSL ========================

not found.

====== End of Folder: ======


========================= Folder:C:\ProgramData\DataCache ========================

not found.

====== End of Folder: ======


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40171171 B
Java, Flash, Steam htmlcache => 53367028 B
Windows/system/drivers => 2418886 B
Edge => 0 B
Chrome => 29427855 B
Firefox => 184403038 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 99886 B
systemprofile32 => 990168 B
LocalService => 66708 B
NetworkService => 13154 B
PC => 109566048 B

RecycleBin => 0 B
EmptyTemp: => 409.1 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-06-2017 21:52:27)

"C:\Windows\system32\drivers\UefGdstor.sys" => Could not move
"C:\Windows\SysWow64\mptpmdxm.dll" => Could not move

Result of scheduled keys to remove after reboot:

HKLM\System\CurrentControlSet\Services\UefGdstor => key could not remove, key could be protected

==== End of Fixlog 21:52:27 ====

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Stanje?

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Napisano: 24 Jun 2017 22:50



Dopuna: 24 Jun 2017 22:50

opet...isto ..ne sklanja se ovo..
a i koci kad otvaram bilo sta

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Preuzmi Zemana AntiMalware i sacuvaj ga na Deskop.


Arrow Kada preuzimanje bude zavrseno:

Dvoklikom pokreni instalaciju i prati uputstva. Instalacija je standardna bez ikakvih dodatnih opcija.
Nakon instalacije, program ce se automatski pokrenuti i sada je potrebno klikniti na Scan.
Kada se skeniranje zavrsi, klikni Next kako bi uklonio sve pronadjene stavke.
Ako ti zatrazi da restartujes racunar, klikni na Reboot.
Ukoliko je racunar ozbiljno inficiran, nakon restarta ce uslediti jos jedno skeniranje.


Arrow Nakon toga, potrebno je da dostavis izvestaj/e:

Na tastaturi pritisni + R u isto vreme.
Kopiraj sledecu komandu i potvrdi sa OK:
%USERPROFILE%\AppData\Local\Zemana\Zemana AntiMalware\reports
Najnovji izvestaj/e kopiraj na Deskop, a zatim ga prikaci u sledecoj poruci.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

Napisano: 24 Jun 2017 23:15

https://www.mycity.rs/must-login.png

Dopuna: 24 Jun 2017 23:16

sada su ok i firefox i chrome..

Dopuna: 24 Jun 2017 23:17

nije trazio restart..

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Koristi komp, pa javi stanje sutra.

offline
  • maha  Male
  • Super građanin
  • Pridružio: 06 Dec 2006
  • Poruke: 1152

ok...hvala..

Ko je trenutno na forumu
 

Ukupno su 1099 korisnika na forumu :: 37 registrovanih, 11 sakrivenih i 1051 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, BlekMen, bojank, celik, Chainsaw, dragoljub11987, Fabius, Frunze, GandorCC, Georgius, hologram, JOntra, krkalon, laurusri, Leonov, Luka Blažević, marsovac 2, milanovic, milenko crazy north, Milometer, milutin134, MiroslavD, nemkea71, pein, procesor, Singidunumac, Sir Budimir, slonic_tonic, Srle993, tmanda323, vladaa012, vladulns, VP6919, Yugol33, zillbg, zziko, Čivi