Poslao: 24 Jun 2017 20:54
|
offline
- maha
- Super građanin
- Pridružio: 06 Dec 2006
- Poruke: 1152
|
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-06-2017 01
Ran by PC (24-06-2017 21:47:59) Run:5
Running from C:\Users\PC\Downloads
Loaded Profiles: PC (Available Profiles: PC)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
C:\Windows\Temp\gDAE6.tmp.exe
C:\Windows\Temp\g187F.tmp.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
Toolbar: HKU\S-1-5-21-2917841586-4204570114-2067478582-1000 -> No Name - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - No File
CHR Extension: (easychrome) - C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk [2017-06-24]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
R1 LanmaMaster; C:\Windows\system32\drivers\lanmamaster.sys [2985064 2009-07-14] () [File not signed] <==== ATTENTION
C:\Windows\system32\drivers\lanmamaster.sys
R2 UefGdstor; C:\Windows\system32\drivers\UefGdstor.sys [197480 2009-07-14] () [File not signed] <==== ATTENTION
C:\Windows\system32\drivers\UefGdstor.sys
R2 mptpmdxm; C:\Windows\SysWow64\mptpmdxm.dll [463144 2017-06-24] () <==== ATTENTION
C:\Windows\SysWow64\mptpmdxm.dll
Task: {BBCCBFE6-0DFE-4252-9352-047DB00C04A0} - System32\Tasks\Windows Password Ex Lite => Rundll32.exe "C:\Program Files\Windows Password Ex Lite\Windows Password Ex Lite.dll",cnQJPcQeHdC <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
C:\Program Files\Windows Password Ex Lite
FF user.js: detected! => C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\user.js [2017-05-10]
FF Extension: (Tables) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\455574@extcorp.com.xpi [2017-06-24]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-06-24] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-06-24] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-06-24] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js [2017-06-24]
CHR StartupUrls: Default -> "hxxp://www.google.com/ncr","hxxp://www.google.com/ncr",["hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48"
CHR NewTab: Default -> Active:"chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Extension: (Empty New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij [2017-06-24]
CHR Extension: (Tables) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2017-06-24]
CHR Extension: (Awesome New Tab Page) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2017-06-24]
CHR Extension: (Google Input Tools) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig [2017-06-24]
CHR Extension: (Hover Zoom) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2017-06-24]
2017-06-24 17:37 - 2017-06-24 17:37 - 00000000 ____D C:\Users\PC\AppData\Roaming\BrowserModule
2017-06-24 17:25 - 2017-06-24 20:24 - 00016758 _____ C:\Windows\System32\Tasks\Windows Password Ex Lite
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\Public\Documents\XMUpdate
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Roaming\UCChannel
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2017-06-24 17:25 - 2017-06-24 17:25 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-24 17:23 - 2017-06-24 17:23 - 07307776 _____ C:\Users\PC\AppData\Local\agent.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 03137536 _____ (TODO: <Company name>) C:\Users\PC\AppData\Local\Geodox.exe
2017-06-24 17:23 - 2017-06-24 17:23 - 01897945 _____ C:\Users\PC\AppData\Local\Geodox.tst
2017-06-24 17:23 - 2017-06-24 17:23 - 00930816 _____ C:\Users\PC\AppData\Local\test_db_cara.db
2017-06-24 17:23 - 2017-06-24 17:23 - 00140800 _____ C:\Users\PC\AppData\Local\installer.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00126464 _____ C:\Users\PC\AppData\Local\noah.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00070800 _____ C:\Users\PC\AppData\Local\Config.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00018432 _____ C:\Users\PC\AppData\Local\Main.dat
2017-06-24 17:23 - 2017-06-24 17:23 - 00011568 _____ C:\Users\PC\AppData\Local\InstallationConfiguration.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00005568 _____ C:\Users\PC\AppData\Local\md.xml
2017-06-24 17:23 - 2017-06-24 17:23 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Roaming\Microleaves
2017-06-24 17:22 - 2017-06-24 17:22 - 00000000 ____D C:\Users\PC\AppData\Local\AdvinstAnalytics
2017-06-23 06:54 - 2017-06-23 06:54 - 00689152 _____ C:\Windows\b7cad336bcaef8766398d2dc3888be9e.exe
2017-06-23 06:54 - 2017-06-23 06:54 - 00051619 _____ C:\Windows\uninstaller.dat
Folder:C:\Windows\SysWOW64\SSL
Folder:C:\ProgramData\DataCache
EmptyTemp:
*****************
Restore point was successfully created.
C:\Windows\Temp\gDAE6.tmp.exe => moved successfully
C:\Windows\Temp\g187F.tmp.exe => moved successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKU\S-1-5-21-2917841586-4204570114-2067478582-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => value removed successfully
HKLM\Software\Classes\CLSID\{4BAAC1B8-0800-42C9-8FA6-08B211F356B8} => key not found.
C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek => key removed successfully
LanmaMaster => Unable to stop service.
HKLM\System\CurrentControlSet\Services\LanmaMaster => key removed successfully
LanmaMaster => service removed successfully
C:\Windows\system32\drivers\lanmamaster.sys => moved successfully
UefGdstor => Unable to stop service.
HKLM\System\CurrentControlSet\Services\UefGdstor => key could not remove, key could be protected
Could not move "C:\Windows\system32\drivers\UefGdstor.sys" => Scheduled to move on reboot.
mptpmdxm => Unable to stop service.
HKLM\System\CurrentControlSet\Services\mptpmdxm => key removed successfully
mptpmdxm => service removed successfully
Could not move "C:\Windows\SysWow64\mptpmdxm.dll" => Scheduled to move on reboot.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BBCCBFE6-0DFE-4252-9352-047DB00C04A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBCCBFE6-0DFE-4252-9352-047DB00C04A0} => key removed successfully
C:\Windows\System32\Tasks\Windows Password Ex Lite => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Password Ex Lite => key removed successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully
C:\Program Files\Windows Password Ex Lite => moved successfully
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\user.js => moved successfully
C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\id7p96dn.default\Extensions\455574@extcorp.com.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi => moved successfully
C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
C:\Program Files (x86)\mozilla firefox\defaults\pref\enpsysau.js => moved successfully
Chrome StartupUrls => removed successfully
Chrome NewTab => removed successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpjamkmjmigaoobjbekmfgabipmfilij => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpphfcjpaldmedbbomcdhgonmhjngfig => moved successfully
C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl => moved successfully
C:\Users\PC\AppData\Roaming\BrowserModule => moved successfully
"C:\Windows\System32\Tasks\Windows Password Ex Lite" => not found.
C:\Users\Public\Documents\XMUpdate => moved successfully
C:\Users\PC\AppData\Roaming\UCChannel => moved successfully
"C:\Users\PC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" => not found.
C:\ProgramData\Microleaves => moved successfully
C:\Users\PC\AppData\Local\agent.dat => moved successfully
C:\Users\PC\AppData\Local\Geodox.exe => moved successfully
C:\Users\PC\AppData\Local\Geodox.tst => moved successfully
C:\Users\PC\AppData\Local\test_db_cara.db => moved successfully
C:\Users\PC\AppData\Local\installer.dat => moved successfully
C:\Users\PC\AppData\Local\noah.dat => moved successfully
C:\Users\PC\AppData\Local\Config.xml => moved successfully
C:\Users\PC\AppData\Local\Main.dat => moved successfully
C:\Users\PC\AppData\Local\InstallationConfiguration.xml => moved successfully
C:\Users\PC\AppData\Local\md.xml => moved successfully
C:\Program Files (x86)\Microleaves => moved successfully
C:\Users\PC\AppData\Roaming\Microleaves => moved successfully
C:\Users\PC\AppData\Local\AdvinstAnalytics => moved successfully
C:\Windows\b7cad336bcaef8766398d2dc3888be9e.exe => moved successfully
C:\Windows\uninstaller.dat => moved successfully
========================= Folder:C:\Windows\SysWOW64\SSL ========================
not found.
====== End of Folder: ======
========================= Folder:C:\ProgramData\DataCache ========================
not found.
====== End of Folder: ======
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40171171 B
Java, Flash, Steam htmlcache => 53367028 B
Windows/system/drivers => 2418886 B
Edge => 0 B
Chrome => 29427855 B
Firefox => 184403038 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 99886 B
systemprofile32 => 990168 B
LocalService => 66708 B
NetworkService => 13154 B
PC => 109566048 B
RecycleBin => 0 B
EmptyTemp: => 409.1 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-06-2017 21:52:27)
"C:\Windows\system32\drivers\UefGdstor.sys" => Could not move
"C:\Windows\SysWow64\mptpmdxm.dll" => Could not move
Result of scheduled keys to remove after reboot:
HKLM\System\CurrentControlSet\Services\UefGdstor => key could not remove, key could be protected
==== End of Fixlog 21:52:27 ====
|
|
|
|
|
Poslao: 24 Jun 2017 21:50
|
offline
- maha
- Super građanin
- Pridružio: 06 Dec 2006
- Poruke: 1152
|
Napisano: 24 Jun 2017 22:50
Dopuna: 24 Jun 2017 22:50
opet...isto ..ne sklanja se ovo..
a i koci kad otvaram bilo sta
|
|
|
|
|
|
Poslao: 24 Jun 2017 22:26
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8617
- Gde živiš: Novi Beograd
|
Koristi komp, pa javi stanje sutra.
|
|
|
|
|