Dali mi je zarazen Windows 7

Dali mi je zarazen Windows 7

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

Postovani vec par dana kako sam se vratio sa puta na kucnom racunaru mi iskacu neke reklame,koje uopste niko neklikce pa bih zeleo da malo pregledam da mi sistem nije sto god pokupio

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:23-09-2015
Ran by Anđelić (administrator) on ANĐELIĆ-PC (23-09-2015 15:46:00)
Running from C:\Users\Anđelić\Desktop
Loaded Profiles: Anđelić (Available Profiles: Anđelić)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-20] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-09-20] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{29109664-89CC-4405-A30C-C728323E5565}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-20] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-20] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-20] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888

FireFox:
========
FF ProfilePath: C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322
FF NewTab: hxxp://www.oursurfing.com/newtab/?type=nt&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888
FF Homepage: www.google.rs
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-20] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-22] (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [2015-09-22] (globalUpdate)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: CinemaP-1.9cV21.09 - C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\Extensions\AVJYFVOD75109374@HCDE39471360.com [2015-09-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-20]
FF Extension: No Name - C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\extensions\AVJYFVOD75109374@HCDE39471360.com [not found]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-01]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://www.google.rs/
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888&q={searchTerms}
CHR DefaultSearchKeyword: Default -> oursurfing
CHR Profile: C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google презентације) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-05]
CHR Extension: (Google документи) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-05]
CHR Extension: (Google диск) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-05]
CHR Extension: (YouTube) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-05]
CHR Extension: (Google Search) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-05]
CHR Extension: (Google табеле) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-05]
CHR Extension: (Google документи офлајн) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-28]
CHR Extension: (Avast Online Security) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-20]
CHR Extension: (CinemaP-1.9cV21.09) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-09-22]
CHR Extension: (PowerPoint Online) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdafamggmaaaginooondinjgkgcbpnhp [2015-05-11]
CHR Extension: (Плаћања у Chrome веб-продавници) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-05]
CHR Extension: (Gmail) - C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-20] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-09-20] (Avast Software)
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-22] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-22] (globalUpdate) [File not signed] <==== ATTENTION
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2015-05-02] (SurfRight B.V.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S4 c80c1c37; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TampaRunner\TampaRunner.dll",serv

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-09-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-09-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-09-20] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-09-20] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [789296 2015-09-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434184 2015-09-20] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115640 2015-09-20] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-09-20] (AVAST Software)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-09-20] (AVAST Software)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2015-04-05] (SlimWare Utilities, Inc.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-09-20] (Avast Software)
R3 vvftav303; C:\Windows\System32\drivers\vvftav303.sys [480128 2007-06-23] (Vimicro Corporation)
R3 ZSMC0303; C:\Windows\System32\Drivers\usbVM303.sys [1472768 2007-05-15] (Vimicro Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 MsgPlusDriver; system32\DRIVERS\MsgPlusDriver.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 15:46 - 2015-09-23 15:46 - 00012105 _____ C:\Users\Anđelić\Desktop\FRST.txt
2015-09-23 15:45 - 2015-09-23 15:46 - 00000000 ____D C:\FRST
2015-09-23 15:44 - 2015-09-23 15:44 - 01695744 _____ (Farbar) C:\Users\Anđelić\Desktop\FRST.exe
2015-09-22 22:45 - 2015-09-22 22:45 - 00000000 _____ C:\Windows\WindowsUpdate.log
2015-09-22 19:37 - 2015-09-23 14:36 - 00000962 _____ C:\Windows\setupact.log
2015-09-22 19:37 - 2015-09-22 19:37 - 00000000 _____ C:\Windows\setuperr.log
2015-09-22 10:25 - 2015-09-22 10:25 - 00001121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-09-22 10:25 - 2015-09-22 10:25 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-09-22 10:04 - 2015-09-22 10:04 - 00000000 ____D C:\Users\Anđelić\AppData\Local\Crossbrowse
2015-09-22 10:03 - 2015-09-23 11:36 - 00001048 _____ C:\Windows\Tasks\Crossbrowse.job
2015-09-22 10:03 - 2015-09-22 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-09-22 10:03 - 2015-09-22 10:03 - 00000000 ____D C:\Program Files\Crossbrowse
2015-09-22 10:01 - 2015-09-23 11:35 - 00002432 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.job
2015-09-22 10:01 - 2015-09-22 10:01 - 00002432 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5_user.job
2015-09-22 10:01 - 2015-09-22 10:01 - 00001030 _____ C:\Windows\Tasks\w9PkZhJalsisHJDt2gdddRisW.job
2015-09-22 10:01 - 2015-09-22 10:01 - 00001010 _____ C:\Windows\Tasks\SRnJqC1zypBTfUs.job
2015-09-22 10:00 - 2015-09-23 15:00 - 00005168 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.job
2015-09-22 10:00 - 2015-09-23 15:00 - 00003124 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.job
2015-09-22 10:00 - 2015-09-23 11:35 - 00005168 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.job
2015-09-22 10:00 - 2015-09-23 11:35 - 00004144 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.job
2015-09-22 10:00 - 2015-09-23 11:35 - 00004144 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.job
2015-09-22 10:00 - 2015-09-23 11:35 - 00003124 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.job
2015-09-22 10:00 - 2015-09-23 11:35 - 00000962 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-09-22 10:00 - 2015-09-22 22:05 - 00000966 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-09-22 10:00 - 2015-09-22 10:07 - 00000000 ____D C:\Program Files\CinemaP-1.9cV21.09
2015-09-22 10:00 - 2015-09-22 10:00 - 00002098 _____ C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-10_user.job
2015-09-22 10:00 - 2015-09-22 10:00 - 00000000 ____D C:\Users\Anđelić\AppData\Local\globalUpdate
2015-09-22 10:00 - 2015-09-22 10:00 - 00000000 ____D C:\Program Files\globalUpdate
2015-09-22 10:00 - 2015-09-22 10:00 - 00000000 ____D C:\Program Files\334a952c-7f11-4051-8ef2-b8d6f554dc13
2015-09-20 21:59 - 2015-09-20 21:59 - 00000000 ____D C:\Windows\system32\vbox
2015-09-20 21:59 - 2015-09-20 21:59 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\AVAST Software
2015-09-20 21:59 - 2015-09-20 21:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-20 21:58 - 2015-09-20 21:58 - 00789296 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00434184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-09-20 21:58 - 2015-09-20 21:58 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00115640 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00107984 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00081728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-09-20 21:58 - 2015-09-20 21:58 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-09-20 21:58 - 2015-09-20 21:58 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-09-20 21:54 - 2015-09-20 21:54 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-20 21:53 - 2015-09-20 21:53 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-20 21:36 - 2015-09-20 21:36 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\Sun
2015-09-20 21:36 - 2015-09-20 21:36 - 00000000 ____D C:\Users\Anđelić\.oracle_jre_usage
2015-09-20 21:36 - 2015-09-20 21:36 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-12 22:22 - 2015-09-12 22:22 - 00000000 _____ C:\Users\Anđelić\AppData\Local\{BDD04AF7-7A59-45AF-ADCE-D9A71E7713E7}
2015-09-11 18:50 - 2015-09-11 18:52 - 00000000 __SHD C:\Users\Anđelić\AppData\Roaming\.#
2015-09-07 08:29 - 2015-09-07 15:23 - 00000000 ____D C:\Users\Anđelić\Desktop\MORE 2015
2015-09-06 23:35 - 2015-09-06 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-09-06 23:35 - 2015-09-06 23:35 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-09-01 00:38 - 2015-09-22 10:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-23 15:45 - 2015-04-05 17:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-23 15:40 - 2015-04-18 14:23 - 00000000 ____D C:\Users\Anđelić\AppData\Roaming\Skype
2015-09-23 15:04 - 2015-04-05 17:27 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 14:39 - 2015-04-05 17:10 - 01508162 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-23 14:39 - 2009-08-16 05:32 - 00666534 _____ C:\Windows\system32\perfh019.dat
2015-09-23 14:39 - 2009-08-16 05:32 - 00128694 _____ C:\Windows\system32\perfc019.dat
2015-09-23 12:07 - 2015-04-05 17:29 - 00002431 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-23 11:43 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-23 11:43 - 2009-07-14 06:34 - 00016944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 11:35 - 2015-04-05 17:27 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-23 11:35 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-23 06:09 - 2015-04-05 18:39 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-09-22 19:45 - 2015-04-05 17:32 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 19:45 - 2015-04-05 17:32 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 19:37 - 2015-04-05 17:36 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-09-22 10:00 - 2015-04-05 18:42 - 00000000 ____D C:\Program Files\A4 tech
2015-09-20 21:42 - 2015-06-14 10:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-20 21:38 - 2015-06-14 07:32 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-20 21:36 - 2015-04-05 17:26 - 00000000 ____D C:\ProgramData\Oracle
2015-09-20 21:36 - 2015-04-05 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-20 21:36 - 2015-04-05 17:26 - 00000000 ____D C:\Program Files\Java
2015-09-20 21:36 - 2015-04-05 17:07 - 00000000 ____D C:\Users\Anđelić
2015-09-20 21:35 - 2015-04-05 17:26 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-19 08:14 - 2015-04-06 00:03 - 00000000 ____D C:\Users\Anđelić\AppData\Local\Microsoft Games
2015-09-16 19:59 - 2015-04-10 11:18 - 00000000 ____D C:\Users\Anđelić\AppData\Local\Microsoft Help
2015-09-16 06:01 - 2009-07-14 06:53 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-14 11:53 - 2015-04-21 06:12 - 00000000 ____D C:\Windows\Minidump
2015-09-11 10:52 - 2015-04-16 21:42 - 00000000 ____D C:\Program Files\TeamViewer
2015-09-07 00:49 - 2015-04-05 17:23 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-07 00:49 - 2015-04-05 17:23 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-09-06 23:35 - 2015-04-18 14:22 - 00002687 _____ C:\Users\Public\Desktop\Skype.lnk
2015-09-06 23:35 - 2015-04-18 14:22 - 00000000 ___RD C:\Program Files\Skype
2015-09-06 23:35 - 2015-04-05 17:42 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Anđelić\AppData\Roaming\SRnJqC1zypBTfUs
2015-04-20 16:05 - 2015-04-20 16:05 - 1246720 _____ () C:\Users\Anđelić\AppData\Roaming\SRnJqC1zypBTfUs.exe
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Anđelić\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW.exe
2015-04-14 16:44 - 2015-04-14 16:44 - 0000000 _____ () C:\Users\Anđelić\AppData\Local\{9FC00419-D2CE-4AB6-84B4-3CD20F549C7B}
2015-09-12 22:22 - 2015-09-12 22:22 - 0000000 _____ () C:\Users\Anđelić\AppData\Local\{BDD04AF7-7A59-45AF-ADCE-D9A71E7713E7}

Some files in TEMP:
====================
C:\Users\Anđelić\AppData\Local\Temp\5980.exe
C:\Users\Anđelić\AppData\Local\Temp\ko tamo peva__10924_i1669029285_il632870.exe
C:\Users\Anđelić\AppData\Local\Temp\setup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-22 20:07

==================== End of FRST.txt ============================
https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav,


Citat:Postovani vec par dana kako sam se vratio sa puta na kucnom racunaru mi iskacu neke reklame,koje uopste niko neklikce pa bih zeleo da malo pregledam da mi sistem nije sto god pokupio

Prvi put cujem da sistem moze da pokupi malware.



1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

createrestorepoint:
closeprocesses:
emptytemp:
Task: {06182F60-580B-48B1-A05B-4A36135A6F09} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.exe <==== ATTENTION
Task: {0C3343A5-9AD0-4791-9069-5690D774BA9B} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.exe <==== ATTENTION
Task: {4CEA9CB4-A143-4977-8E09-1D592181C98F} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.exe <==== ATTENTION
Task: {58655942-C38F-4F63-A595-E0F2733EB4CC} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.exe <==== ATTENTION
Task: {5BAAC0AE-0A58-4A98-928F-EA8C8AA73BCF} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.exe <==== ATTENTION
Task: {942311AF-DED8-4F9F-831C-1C772CEAA220} - System32\Tasks\Crossbrowse => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe [2015-09-22] () <==== ATTENTION
Task: {95310374-473D-476D-A937-5F8A3DD16E3D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-09-22] (globalUpdate) <==== ATTENTION
Task: {C5920C18-3D77-42F6-B8B6-FFFB5B92E7A1} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-09-22] (globalUpdate) <==== ATTENTION
Task: {D1D5BED6-D68A-4E61-8012-23B8B40ACE4E} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.exe <==== ATTENTION
Task: {D90D5069-EBB1-49EC-8C00-A1B82C41A8D4} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-10_user.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5_user.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\SRnJqC1zypBTfUs.job => C:\Users\An�eli�\AppData\Roaming\SRnJqC1zypBTfUs.exe <==== ATTENTION
Task: C:\Windows\Tasks\w9PkZhJalsisHJDt2gdddRisW.job => C:\Users\An�eli�\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW.exe <==== ATTENTION
C:\Program Files\CinemaP-1.9cV21.09
C:\Program Files\Crossbrowse
C:\Program Files\globalUpdate
C:\Users\An�eli�\AppData\Roaming\SRnJqC1zypBTfUs.exe
C:\Users\An�eli�\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888
FF NewTab: hxxp://www.oursurfing.com/newtab/?type=nt&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888&q={searchTerms}
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-22] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-22] (globalUpdate) [File not signed] <==== ATTENTION
S4 c80c1c37; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TampaRunner\TampaRunner.dll",serv
c:\Program Files\TampaRunner


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Skeniranje sa AdwCleaner

Preuzmi AdwCleaner i sacuvaj ga na Desktop.

Pokreni alat i sacekaj da se izvrši ažuriranje.
Prihvati Terms of use tako što ceš kliknuti na I Agree.
Klikni Scan i sacekaj da se skeniranje završi.
Kada je gotovo, klikni Clean.
Pojavice se poruka da ce svi programi biti zaustavljeni nakon što klikneš OK, tako da ako imaš nešto da sacuvaš, sada je vreme da to uradiš.
Pojaviše se još dve poruke gde je potrebno kliknuti OK. Racunar ce se restartovati.
Nakon restarta, otvorice se izveštaj, ciji sadržaj možeš kopirati u sledecu poruku.

Napomena: Izveštaji ce biti sacuvani na tvoju sistemsku particiju, obicno je to folder C:\AdwCleaner

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

Napisano: 23 Sep 2015 21:33

Fix result of Farbar Recovery Scan Tool (x86) Version:23-09-2015
Ran by Anđelić (2015-09-23 20:52:39) Run:1
Running from C:\Users\Anđelić\Desktop
Loaded Profiles: Anđelić (Available Profiles: Anđelić)
Boot Mode: Normal

==============================================

fixlist content:
*****************
createrestorepoint:
closeprocesses:
emptytemp:
Task: {06182F60-580B-48B1-A05B-4A36135A6F09} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.exe <==== ATTENTION
Task: {0C3343A5-9AD0-4791-9069-5690D774BA9B} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.exe <==== ATTENTION
Task: {4CEA9CB4-A143-4977-8E09-1D592181C98F} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.exe <==== ATTENTION
Task: {58655942-C38F-4F63-A595-E0F2733EB4CC} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.exe <==== ATTENTION
Task: {5BAAC0AE-0A58-4A98-928F-EA8C8AA73BCF} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.exe <==== ATTENTION
Task: {942311AF-DED8-4F9F-831C-1C772CEAA220} - System32\Tasks\Crossbrowse => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe [2015-09-22] () <==== ATTENTION
Task: {95310374-473D-476D-A937-5F8A3DD16E3D} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-09-22] (globalUpdate) <==== ATTENTION
Task: {C5920C18-3D77-42F6-B8B6-FFFB5B92E7A1} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\globalupdate.exe [2015-09-22] (globalUpdate) <==== ATTENTION
Task: {D1D5BED6-D68A-4E61-8012-23B8B40ACE4E} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.exe <==== ATTENTION
Task: {D90D5069-EBB1-49EC-8C00-A1B82C41A8D4} - System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5 => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-10_user.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5_user.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.job => C:\Program Files\CinemaP-1.9cV21.09\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Crossbrowse.job => C:\Program Files\Crossbrowse\Crossbrowse\Application\utility.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\SRnJqC1zypBTfUs.job => C:\Users\An?eli?\AppData\Roaming\SRnJqC1zypBTfUs.exe <==== ATTENTION
Task: C:\Windows\Tasks\w9PkZhJalsisHJDt2gdddRisW.job => C:\Users\An?eli?\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW.exe <==== ATTENTION
C:\Program Files\CinemaP-1.9cV21.09
C:\Program Files\Crossbrowse
C:\Program Files\globalUpdate
C:\Users\An?eli?\AppData\Roaming\SRnJqC1zypBTfUs.exe
C:\Users\An?eli?\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888
FF NewTab: hxxp://www.oursurfing.com/newtab/?type=nt&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888
CHR StartupUrls: Default -> "hxxp://www.oursurfing.com/?type=hp&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888"
CHR DefaultSearchURL: Default -> hxxp://www.oursurfing.com/web/?type=ds&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888&q={searchTerms}
S2 globalUpdate; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-22] (globalUpdate) [File not signed] <==== ATTENTION
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\globalupdate.exe [68608 2015-09-22] (globalUpdate) [File not signed] <==== ATTENTION
S4 c80c1c37; "C:\Windows\system32\rundll32.exe" "c:\Program Files\TampaRunner\TampaRunner.dll",serv
c:\Program Files\TampaRunner
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06182F60-580B-48B1-A05B-4A36135A6F09}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06182F60-580B-48B1-A05B-4A36135A6F09}" => key removed successfully.
C:\Windows\System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C3343A5-9AD0-4791-9069-5690D774BA9B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3343A5-9AD0-4791-9069-5690D774BA9B}" => key removed successfully.
C:\Windows\System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4CEA9CB4-A143-4977-8E09-1D592181C98F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CEA9CB4-A143-4977-8E09-1D592181C98F}" => key removed successfully.
C:\Windows\System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{58655942-C38F-4F63-A595-E0F2733EB4CC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58655942-C38F-4F63-A595-E0F2733EB4CC}" => key removed successfully.
C:\Windows\System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5BAAC0AE-0A58-4A98-928F-EA8C8AA73BCF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BAAC0AE-0A58-4A98-928F-EA8C8AA73BCF}" => key removed successfully.
C:\Windows\System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{942311AF-DED8-4F9F-831C-1C772CEAA220}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{942311AF-DED8-4F9F-831C-1C772CEAA220}" => key removed successfully.
C:\Windows\System32\Tasks\Crossbrowse => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Crossbrowse" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95310374-473D-476D-A937-5F8A3DD16E3D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95310374-473D-476D-A937-5F8A3DD16E3D}" => key removed successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5920C18-3D77-42F6-B8B6-FFFB5B92E7A1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5920C18-3D77-42F6-B8B6-FFFB5B92E7A1}" => key removed successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1D5BED6-D68A-4E61-8012-23B8B40ACE4E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1D5BED6-D68A-4E61-8012-23B8B40ACE4E}" => key removed successfully.
C:\Windows\System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D90D5069-EBB1-49EC-8C00-A1B82C41A8D4}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D90D5069-EBB1-49EC-8C00-A1B82C41A8D4}" => key removed successfully.
C:\Windows\System32\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5" => key removed successfully.
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-6.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-1-7.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-10_user.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-3.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-4.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-5_user.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-6.job => moved successfully
C:\Windows\Tasks\1a787d8f-90c2-465e-9906-c1315aaa4fe8-7.job => moved successfully
C:\Windows\Tasks\Crossbrowse.job => moved successfully
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\SRnJqC1zypBTfUs.job => moved successfully
C:\Windows\Tasks\w9PkZhJalsisHJDt2gdddRisW.job => moved successfully
C:\Program Files\CinemaP-1.9cV21.09 => moved successfully
C:\Program Files\Crossbrowse => moved successfully
C:\Program Files\globalUpdate => moved successfully
"C:\Users\An?eli?\AppData\Roaming\SRnJqC1zypBTfUs.exe" => File/Folder not found.
"C:\Users\An?eli?\AppData\Roaming\w9PkZhJalsisHJDt2gdddRisW.exe" => File/Folder not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
Firefox "newtab" removed successfully.
Chrome StartupUrls removed successfully.
Chrome DefaultSearchURL removed successfully.
globalUpdate => service removed successfully.
globalUpdatem => service removed successfully.
c80c1c37 => service removed successfully.
c:\Program Files\TampaRunner => moved successfully
EmptyTemp: => 100 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:53:27 ====

AdwCleaner v5.008 - Logfile created 23/09/2015 at 21:05:53
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 7 Ultimate (x86)
# Username : Anđelić - ANĐELIĆ-PC
# Running from : C:\Users\Anđelić\Desktop\adwcleaner_5.008.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : swdumon

***** [ Folders ] *****

Folder Found : C:\Program Files\SalEPlUs
Folder Found : C:\ProgramData\10488468592945911276
Folder Found : C:\ProgramData\{b500819d-16da-8283-b500-0819d16d0674}
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
Folder Found : C:\Users\Anđelić\AppData\Local\globalUpdate
Folder Found : C:\Users\Anđelić\AppData\Local\Crossbrowse
Folder Found : C:\Users\Anđelić\AppData\Local\slimware utilities inc
Folder Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
Folder Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
Folder Found : C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\Extensions\AVJYFVOD75109374@HCDE39471360.com

***** [ Files ] *****

File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Users\Anđelić\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
File Found : C:\Windows\system32\drivers\swdumon.sys

***** [ Shortcuts ] *****

Shortcut Infected : C:\Users\Public\Desktop\Google Chrome.lnk ( hxxp://www.oursurfing.com/?type=sc&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888 )
Shortcut Infected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.oursurfing.com/?type=sc&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888 )
Shortcut Infected : C:\Users\Anđelić\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.oursurfing.com/?type=sc&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888 )
Shortcut Infected : C:\Users\Anđelić\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk ( hxxp://www.oursurfing.com/?type=sc&ts=1442908768&z=ce229debb6d0bef0576c287gfzbzao1tae0bbm2q5q&from=amt&uid=WDCXWD1600AAJS-08PSA0_WD-WMAP9H37688876888 )

***** [ Scheduled tasks ] *****

Task Found : amiupdaterExd

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
Key Found : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
Value Found : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
Key Found : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
Value Found : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
Value Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [Crossbrowse.job]
Value Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [Crossbrowse.job.fp]
Key Found : HKLM\SOFTWARE\628cd427-82fd-a1ef-b596-731bcd7fdc36
Key Found : HKLM\SOFTWARE\6ebaecdc-85e7-4b9b-9f88-dc345dff1a8f
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\CrossBrowser
Key Found : HKCU\Software\Crossbrowse
Key Found : HKCU\Software\YorkNewCin
Key Found : HKCU\Software\HighDefAction
Key Found : HKCU\Software\ArenaHD
Key Found : HKCU\Software\SlimWare Utilities Inc
Key Found : HKCU\Software\WEBAPP
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Key Found : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\yuna software
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\YorkNewCin
Key Found : HKLM\SOFTWARE\HighDefAction
Key Found : HKLM\SOFTWARE\oursurfingSoftware
Key Found : HKLM\SOFTWARE\ArenaHD
Key Found : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
Key Found : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\AppDataLow\Software\Crossrider
Key Found : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE

***** [ Web browsers ] *****

[C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Found : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.cookie.previous_page.value", "%22hxxp%3A//www.oursurfing.com/newtab/%3Ftype%3Dnt%26ts%3D1442908768%26z%3Dce229debb6d0bef0576c287gfzbza[...]
[C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Found : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anth[...]
[C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Found : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Found : user_pref("extensions.crossrider.bic", "14ff412a9784ccdcf0b6808d05a94e4a");
[C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch
[C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : oursurfing
[C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Found : hxxp://www.oursurfing.com/webfavicon.ico
[C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : lkadffjmnaiokkdncgdlecdegajoiemi
[C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : lkadffjmnaiokkdncgdlecdegajoiemi

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [13625 bytes] ##########

Dopuna: 23 Sep 2015 21:34

# AdwCleaner v5.008 - Logfile created 23/09/2015 at 21:07:54
# Updated 18/09/2015 by Xplode
# Database : 2015-09-23.1 [Server]
# Operating system : Windows 7 Ultimate (x86)
# Username : Anđelić - ANĐELIĆ-PC
# Running from : C:\Users\Anđelić\Desktop\adwcleaner_5.008.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SalEPlUs
[-] Folder Deleted : C:\ProgramData\10488468592945911276
[-] Folder Deleted : C:\ProgramData\{b500819d-16da-8283-b500-0819d16d0674}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
[-] Folder Deleted : C:\Users\Anđelić\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Anđelić\AppData\Local\Crossbrowse
[-] Folder Deleted : C:\Users\Anđelić\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[!] Folder Not Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[-] Folder Deleted : C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\Extensions\AVJYFVOD75109374@HCDE39471360.com

***** [ Files ] *****

[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage-journal
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Users\Anđelić\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys

***** [ Shortcuts ] *****

[-] Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Anđelić\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Anđelić\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Scheduled tasks ] *****

[-] Task Deleted : amiupdaterExd

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Mediaplayer\Shiminclusionlist\crossbrowse.exe
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Crossbrowse
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [Crossbrowse]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\globalupdate.exe
[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[+] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [Crossbrowse.job]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures [Crossbrowse.job.fp]
[-] Key Deleted : HKLM\SOFTWARE\628cd427-82fd-a1ef-b596-731bcd7fdc36
[-] Key Deleted : HKLM\SOFTWARE\6ebaecdc-85e7-4b9b-9f88-dc345dff1a8f
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6137A08F-29B1-4E48-B6A1-70CC3ABF50F7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKCU\Software\CrossBrowser
[-] Key Deleted : HKCU\Software\Crossbrowse
[-] Key Deleted : HKCU\Software\YorkNewCin
[-] Key Deleted : HKCU\Software\HighDefAction
[-] Key Deleted : HKCU\Software\ArenaHD
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\yuna software
[-] Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
[-] Key Deleted : HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : HKLM\SOFTWARE\oursurfingSoftware
[-] Key Deleted : HKLM\SOFTWARE\ArenaHD
[-] Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-21-3060246460-3445727265-2582410140-1000\Software\AppDataLow\Software\Crossrider
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GLOBALUPDATE.EXE

***** [ Web browsers ] *****

[-] [C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.cookie.previous_page.value", "%22hxxp%3A//www.oursurfing.com/newtab/%3Ftype%3Dnt%26ts%3D1442908768%26z%3Dce229debb6d0bef0576c287gfzbza[...]
[-] [C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anth[...]
[-] [C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Deleted : user_pref("extensions.aAVJYFVOD75109374HCDE39471360com72895.72895.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%[...]
[-] [C:\Users\Anđelić\AppData\Roaming\Mozilla\Firefox\Profiles\a39r34t3.default-1441567625322\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "14ff412a9784ccdcf0b6808d05a94e4a");
[-] [C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch
[-] [C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : oursurfing
[-] [C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.oursurfing.com/webfavicon.ico
[-] [C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi
[-] [C:\Users\Anđelić\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13933 bytes] ##########

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Odlicno. Kakvo je stanje sada?

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 439
  • Gde živiš: Berlin

Sada mi mnogo bolje radi.

Ko je trenutno na forumu
 

Ukupno su 1089 korisnika na forumu :: 72 registrovanih, 11 sakrivenih i 1006 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., alexa_pg, Apok, Arsenije, Atomski čoban, Bane san, bigfoot, cavatina, ccoogg123, chica, DeerHunter, Dejan84, DH, Duh sa sekirom, dukajov, dule10savic, goflja76, GORDI, hurmiza, Ivica1102, Još malo pa deda, Konda, krlebgd77, kunktator, laki_bb, Lord Nem, LUDI, mercedesamg, mikrimaus, Milan A. Nikolic, mile23, milimoj, milos.cbr, Miskohd, nemkea71, pein, raf87, randja26, raptorsi, raykan, Regrut Boskica, RobinHood12, rovac, Shinobi, sickmouse, slonic_tonic, sombrero, Srky Boy, stegonosa, Tex Viler, tmanda323, Toni, torlak 1, trikomso, uruk, vaso1, Viceroy, Vlad000, VladaNS1978, vladas87, Vladko, vobo, Voja1978, vranjanac29, wexy, x9, yrraf, YugoSlav, Zmaj Ognjeni Vuk, zmajbre, zxstole, |_MeD_|