Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Olek at 2015-07-16 14:34:42 Run:1
Running from C:\Users\Olek\Desktop
Loaded Profiles: Olek (Available Profiles: Olek)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
R1 Lhtomj120; C:\Windows\system32\Drivers\Lhtomj120.sys [24696 2015-07-13] ()
R1 Rymachdi120; C:\Windows\system32\Drivers\Rymachdi120.sys [24184 2015-07-13] ()
S4 hirjodces; C:\ProgramData\LokeEsul\vamewvoa.exe [188392 2015-07-13] () [File not signed]
S4 Nanjeb; C:\ProgramData\LokeEsul\Nanjeb.exe [2075136 2015-07-13] () [File not signed]
S4 SilpaPepsu; C:\ProgramData\LokeEsul\RoqkuJabl.exe [255464 2015-07-13] () [File not signed]
S2 veuttedbhm; C:\ProgramData\LokeEsul\vameavoa.exe [501224 2015-07-13] () [File not signed]
S4 zejytose; C:\Users\Olek\AppData\Roaming\35453035-1436801384-3339-4644-3937FFFFFFFF\jnsbAACE.tmp [199168 2015-07-13] () [File not signed]
S1 wsafd_1_10_0_19; system32\drivers\wsafd_1_10_0_19.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lhtomj120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rymachdi120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lhtomj120.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nanjeb => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Rymachdi120.sys => ""="Driver"
HKLM-x32\...\Run: [gmsd_pl_005010031] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3352835992-2200029799-2272378979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe http://www.istartsurf.com/?type=sc&ts=1436951838&z=85350da84dc97d0778a29fag3zdc7qftcw7gabbgaw&from=face&uid=395049983_1052515_6CDD971B
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-06-10]
C:\Program Files (x86)\40ea84ae-5fdf-487f-b723-5612bdc177e1
C:\Program Files (x86)\5e7a51f3-1bd9-4eae-aad0-38c415393cca
C:\Program Files (x86)\e5b1dbe0-b72f-41cb-9f4d-4aed7fb9881b
C:\Program Files (x86)\GUT61FF.tmp
C:\ProgramData\LokeEsul
C:\Users\Olek\AppData\Local\5465
C:\Users\Olek\AppData\Roaming\35453035-1436801384-3339-4644-3937FFFFFFFF
C:\Users\Olek\AppData\Roaming\GoldenGate
C:\Windows\hgfs.sys
C:\Windows\prleth.sys
C:\Windows\system32\Nanjeb64.dll
C:\Windows\system32\NanjebOff.ini
C:\Windows\system32\Drivers\Lhtomj120.sys
C:\Windows\system32\Drivers\Rymachdi120.sys
C:\Windows\SysWOW64\Nanjeb.ini
C:\Windows\SysWOW64\NanjebOff.ini
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Windows\SysWOW64\GroupPolicy\GPT.INI
Folder: C:\Program Files (x86)\Windows 7 Activator
Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /f
Reg: reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADEAC866-F3A5-48FA-8524-DD8AACA666F7} /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CMD: netsh winsock reset
CMD: netsh advfirewall reset
EmptyTemp:
*****************

Processes closed successfully.
Lhtomj120 => Unable to stop service.
Lhtomj120 => Service removed successfully
Rymachdi120 => Unable to stop service.
Rymachdi120 => Service removed successfully
hirjodces => Service removed successfully
Nanjeb => Service removed successfully
SilpaPepsu => Service removed successfully
veuttedbhm => Service removed successfully
zejytose => Service removed successfully
wsafd_1_10_0_19 => Service removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Lhtomj120.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Rymachdi120.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Lhtomj120.sys" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Nanjeb" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Rymachdi120.sys" => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_pl_005010031 => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3352835992-2200029799-2272378979-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command\\Default => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
Could not move "C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Scheduled to move on reboot.
C:\Program Files (x86)\40ea84ae-5fdf-487f-b723-5612bdc177e1 => moved successfully.
C:\Program Files (x86)\5e7a51f3-1bd9-4eae-aad0-38c415393cca => moved successfully.
C:\Program Files (x86)\e5b1dbe0-b72f-41cb-9f4d-4aed7fb9881b => moved successfully.
C:\Program Files (x86)\GUT61FF.tmp => moved successfully.
C:\ProgramData\LokeEsul => moved successfully.
C:\Users\Olek\AppData\Local\5465 => moved successfully.
C:\Users\Olek\AppData\Roaming\35453035-1436801384-3339-4644-3937FFFFFFFF => moved successfully.
C:\Users\Olek\AppData\Roaming\GoldenGate => moved successfully.
C:\Windows\hgfs.sys => moved successfully.
C:\Windows\prleth.sys => moved successfully.
C:\Windows\system32\Nanjeb64.dll => moved successfully.
C:\Windows\system32\NanjebOff.ini => moved successfully.
C:\Windows\system32\Drivers\Lhtomj120.sys => moved successfully.
C:\Windows\system32\Drivers\Rymachdi120.sys => moved successfully.
C:\Windows\SysWOW64\Nanjeb.ini => moved successfully.
C:\Windows\SysWOW64\NanjebOff.ini => moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
"C:\Windows\SysWOW64\GroupPolicy\GPT.INI" => File/Folder not found.

========================= Folder: C:\Program Files (x86)\Windows 7 Activator ========================

2015-07-07 04:28 - 2015-07-07 04:28 - 0000599 _____ () C:\Program Files (x86)\Windows 7 Activator\install.bat
2015-07-03 07:27 - 2015-07-03 07:27 - 0711974 _____ () C:\Program Files (x86)\Windows 7 Activator\InstallerLinks.zip
2015-06-26 13:16 - 2015-06-26 13:16 - 0520708 _____ () C:\Program Files (x86)\Windows 7 Activator\screenshot(2).jpg
2015-07-13 17:27 - 2015-07-13 17:28 - 0000618 _____ () C:\Program Files (x86)\Windows 7 Activator\uninstall.ini

====== End of Folder: ======


========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Policies /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ADEAC866-F3A5-48FA-8524-DD8AACA666F7} /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f =========

Operacja ukoäczona pomylnie.


========= End of Reg: =========


=========  netsh winsock reset =========


Pomy�lnie zresetowano Winsock Catalog.
Musisz ponownie uruchomi� komputer, aby uko�czy� resetowanie.


========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========

EmptyTemp: => 673.6 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-16 14:36:18)<=

"C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx" => Could not move

==== End of Fixlog 14:36:18 ====