Премини към съдържанието

Препоръчан отговор


Проблема е когато стартирам firefox starting page ми излиза delta-homes.com. Не знам дали има сериозни последстви, но е много досадно.

Това е лог файла

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-12-2014
Ran by John (administrator) on JOHN-PC on 27-12-2014 21:09:34
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Taiwan Shui Mu Chih Ching Technology Limited.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\...\MountPoints2: {d8058ca7-28a3-11e4-bb6f-50e54934c8c1} - F:\setup.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsurf.com/?type=sc&ts=1408602902&from=smt&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-homes.com/web/?type=ds&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX&q={searchTerms}
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 46.40.72.17 46.40.72.18

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: Security Protection - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\detgdp@gmail.com [2014-12-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-04]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\extensions\detgdp@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-homes.com/?type=sc&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-15]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-15]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-15]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-15]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-15]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-21] (Cherished Technololgy LIMITED) [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [472064 2014-12-22] (Fuyu LIMITED) [File not signed]
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [470704 2014-12-17] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-21] (Disc Soft Ltd)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2004-05-05] (PowerQuest Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 21:09 - 2014-12-27 21:09 - 02122752 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2014-12-27 21:09 - 2014-12-27 21:09 - 00012167 _____ () C:\Users\John\Desktop\FRST.txt
2014-12-27 21:09 - 2014-12-27 21:09 - 00000000 ____D () C:\FRST
2014-12-27 21:04 - 2014-12-27 21:04 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\John\Downloads\SpyHunter-installer.exe
2014-12-27 21:01 - 2014-12-27 21:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-27 21:01 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-23 10:42 - 2014-12-27 18:02 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\Users\John\AppData\Roaming\WinZipper
2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
2014-12-22 21:59 - 2014-12-22 21:59 - 00013744 _____ () C:\Users\John\Downloads\A.Merry.Friggin.Christmas.2014.DVDRip.x264.AC3-iFT.torrent
2014-12-22 21:58 - 2014-12-22 21:58 - 00014443 _____ () C:\Users\John\Downloads\A.Merry.Friggin.Christmas.2014.HDRip.XViD-juggs[ETRG].torrent
2014-12-22 21:50 - 2014-12-22 21:51 - 00015024 _____ () C:\Users\John\Downloads\Mama.2013.BDRip.x264.AAC-WAR.torrent
2014-12-18 08:21 - 2014-12-13 07:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 08:21 - 2014-12-13 05:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-15 22:08 - 2014-12-15 22:08 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-12-11 18:17 - 2014-12-11 18:17 - 00015675 _____ () C:\Users\John\Downloads\Romantik.Komedi.2.2013.DVDRip.x264.DUAL-REFLUX.torrent
2014-12-11 09:14 - 2014-12-11 09:14 - 00000000 ____D () C:\Users\John\AppData\Roaming\library_dir
2014-12-11 09:14 - 2014-12-11 09:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-12-11 09:13 - 2014-12-27 20:20 - 00000000 ____D () C:\Users\John\AppData\Roaming\Raptr
2014-12-11 09:13 - 2014-12-11 09:14 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-11 09:13 - 2014-12-11 09:13 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201412110913363070.log
2014-12-11 09:13 - 2014-12-11 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-11 09:13 - 2014-12-11 09:13 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-11 09:12 - 2014-12-11 09:12 - 00000000 ____D () C:\ProgramData\ATI
2014-12-11 09:12 - 2014-12-11 09:12 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-11 09:03 - 2014-12-11 09:03 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 01:28 - 2014-10-18 04:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 01:28 - 2014-10-18 03:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 09:40 - 2014-12-04 04:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 09:40 - 2014-12-04 04:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 09:40 - 2014-12-04 04:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 09:40 - 2014-12-04 04:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 09:40 - 2014-12-04 04:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 09:40 - 2014-12-04 04:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 09:40 - 2014-12-04 04:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 09:40 - 2014-12-02 01:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 09:40 - 2014-11-27 03:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 09:40 - 2014-11-27 03:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 09:40 - 2014-11-22 05:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 09:40 - 2014-11-22 05:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 09:40 - 2014-11-22 05:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 09:40 - 2014-11-22 04:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 09:40 - 2014-11-22 04:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 09:40 - 2014-11-22 04:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 09:40 - 2014-11-22 04:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 09:40 - 2014-11-22 04:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 09:40 - 2014-11-22 04:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 09:40 - 2014-11-22 04:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 09:40 - 2014-11-22 04:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 09:40 - 2014-11-22 04:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 09:40 - 2014-11-22 04:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 09:40 - 2014-11-22 04:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 09:40 - 2014-11-22 04:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 09:40 - 2014-11-22 04:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 09:40 - 2014-11-22 04:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 09:40 - 2014-11-22 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 09:40 - 2014-11-22 04:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 09:40 - 2014-11-22 04:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 09:40 - 2014-11-22 04:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 09:40 - 2014-11-22 04:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 09:40 - 2014-11-22 04:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 09:40 - 2014-11-22 04:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 09:40 - 2014-11-22 04:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 09:40 - 2014-11-22 04:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 09:40 - 2014-11-22 04:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 09:40 - 2014-11-22 03:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 09:40 - 2014-11-22 03:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 09:40 - 2014-11-22 03:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 09:40 - 2014-11-22 03:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 09:40 - 2014-11-22 03:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 09:40 - 2014-11-22 03:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 09:40 - 2014-11-22 03:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 09:40 - 2014-11-22 03:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 09:40 - 2014-11-22 03:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 09:40 - 2014-11-22 03:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 09:40 - 2014-11-22 03:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 09:40 - 2014-11-22 03:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 09:40 - 2014-11-22 03:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 09:40 - 2014-11-22 03:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 09:40 - 2014-11-22 03:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 09:40 - 2014-11-22 03:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 09:40 - 2014-11-22 03:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 09:40 - 2014-11-22 03:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 09:40 - 2014-11-22 03:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 09:40 - 2014-11-22 03:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 09:40 - 2014-11-22 03:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 09:40 - 2014-11-22 03:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 09:40 - 2014-11-22 03:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 09:40 - 2014-11-22 02:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 09:40 - 2014-11-22 02:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 09:40 - 2014-11-11 05:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 09:40 - 2014-11-11 04:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 09:40 - 2014-11-11 03:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 09:40 - 2014-11-08 05:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 09:40 - 2014-11-08 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 09:40 - 2014-10-30 04:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 09:40 - 2014-10-30 03:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 09:40 - 2014-10-03 04:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 09:40 - 2014-10-03 04:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 09:40 - 2014-10-03 04:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 09:40 - 2014-10-03 04:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 09:40 - 2014-10-03 04:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 09:40 - 2014-10-03 03:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 09:40 - 2014-10-03 03:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 09:40 - 2014-10-03 03:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 09:40 - 2014-10-03 03:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 09:40 - 2014-10-03 03:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-04 10:45 - 2014-12-04 10:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 19:18 - 2014-12-01 19:18 - 00014871 _____ () C:\Users\John\Downloads\Blind.Dating.2006.BDRip.XviD.AC3.DUAL-REFLUX.torrent
2014-12-01 19:17 - 2014-12-01 19:17 - 00014931 _____ () C:\Users\John\Downloads\The.Invention.of.Lying.2009.BDRip.XviD.AC3.DUAL-REFLUX.torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-27 21:02 - 2014-08-15 07:39 - 01057732 _____ () C:\Windows\WindowsUpdate.log
2014-12-26 08:56 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 08:56 - 2009-07-14 06:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-25 19:48 - 2014-09-08 18:14 - 00000306 _____ () C:\Windows\Tasks\cphcqbkuw.job
2014-12-25 19:48 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-25 19:48 - 2009-07-14 06:51 - 00169989 _____ () C:\Windows\setupact.log
2014-12-24 12:23 - 2014-08-15 22:59 - 00000000 ____D () C:\Users\John\Desktop\Games
2014-12-23 10:41 - 2014-08-21 08:35 - 00001623 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-23 10:41 - 2014-08-21 08:35 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-23 10:41 - 2014-08-15 08:37 - 00001387 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-23 10:41 - 2014-08-15 07:40 - 00001641 _____ () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-22 22:13 - 2009-07-14 07:13 - 00006182 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 22:05 - 2014-08-15 09:21 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2014-12-11 11:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-12-11 09:13 - 2014-08-15 23:33 - 00000000 ____D () C:\ProgramData\AMD
2014-12-11 09:12 - 2014-08-15 23:28 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-11 09:11 - 2014-08-15 23:32 - 00000000 ____D () C:\Program Files\AMD
2014-12-11 09:11 - 2014-08-15 23:31 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-11 09:09 - 2014-08-15 23:27 - 00000000 ____D () C:\AMD
2014-12-11 09:03 - 2014-08-16 09:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 09:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 09:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-08 08:37 - 2014-08-15 08:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-27 01:07 - 2014-08-15 22:43 - 00000000 ____D () C:\Users\John\AppData\Local\Battle.net

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-25 12:11

==================== End Of Log ============================

 


Ето го и другия файл


Втори опит

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте и Весела Коледа! xmastree6.gif

 

Моля публикувайте съдържанието и на другия лог файл! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Здравейте,

 

Извинявам се за закъснението, но просто с тези празници нямах време да пиша досега.

 

 

СТЪПКА 1

 

 

Направете една точка за възстановяване за всеки случай:

Създаване на точка за възстановяване

 

 

СТЪПКА 2

 

 

Деинсталирайте следната програма от Control Panel-a:

 

WinZipper

 

 

СТЪПКА 3

 

След това изтеглете edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

Пишете дали проблема остава!

 

Това е засега. :)

 

Поздрави!

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

При стартиране на firefox отново зарежда delta-homes.com

 

 

Ето лога

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by John at 2014-12-28 21:24:10 Run:1
Running from C:\Users\John\Desktop
Loaded Profile: John (Available profiles: John)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...R1007D1B007D1BX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...R1007D1B007D1BX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...R1007D1B007D1BX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...R1007D1B007D1BX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...q={searchTerms}
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-...q={searchTerms}
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-hom...R1007D1B007D1BX
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-hom...R1007D1B007D1BX
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.istartsur...R1007D1B007D1BX
SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}
SearchScopes: HKU\S-1-5-21-1942577815-974979230-2030574014-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://search.delta-...q={searchTerms}
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} ->  No File
BHO: No Name -> {FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} ->  No File
FF NewTab: hxxp://www.delta-homes.com/newtab/?type=nt&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
FF SelectedSearchEngine: delta-homes
FF Homepage: hxxp://www.delta-homes.com/?type=hp&ts=1419324114&from=wpm12233&uid=HitachiXHDT725025VLA380_VFA100R1007D1B007D1BX
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml
FF Extension: Security Protection - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\detgdp@gmail.com [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\extensions\detgdp@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.delta-hom...R1007D1B007D1BX
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-21] (Cherished Technololgy LIMITED) [File not signed]
C:\ProgramData\IePluginServices
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [472064 2014-12-22] (Fuyu LIMITED) [File not signed]
C:\ProgramData\WindowsMangerProtect
R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [470704 2014-12-17] (Taiwan Shui Mu Chih Ching Technology Limited.) <==== ATTENTION
C:\Program Files (x86)\WinZipper
2014-12-23 10:42 - 2014-12-27 18:02 - 00000000 ____D () C:\Program Files (x86)\WinZipper
2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\Users\John\AppData\Roaming\WinZipper
2014-12-23 10:42 - 2014-12-23 10:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Task: {03604545-B4D5-4B45-91CA-D8FF9EC27AEB} - System32\Tasks\cphcqbkuw => Rundll32.exe "C:\Windows\SysWOW64\duserc.dll",ncfgbhsmo
Task: {0B2B39DD-C48B-4178-B965-9FDD87E7F9E3} - System32\Tasks\{44D6EA9B-0231-44B7-AF7E-8825800902E2} => pcalua.exe -a C:\Users\John\AppData\Roaming\istartsurf\UninstallManager.exe -c  -ptid=smt
Task: C:\Windows\Tasks\cphcqbkuw.job => C:\Windows\SysWOW64\duserc.dll
C:\Windows\SysWOW64\duserc.dll
C:\Users\John\AppData\Roaming\istartsurf
C:\Windows\Tasks\cphcqbkuw.job
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
emptytemp:
end
*****************

Processes closed successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKU\S-1-5-21-1942577815-974979230-2030574014-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1942577815-974979230-2030574014-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}" => Key deleted successfully.
HKCR\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}" => Key deleted successfully.
HKCR\CLSID\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71} => Key not found.
Firefox newtab deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\delta-homes.xml => Moved successfully.
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\detgdp@gmail.com => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\detgdp@gmail.com => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
IePluginServices => Service deleted successfully.
C:\ProgramData\IePluginServices => Moved successfully.
WindowsMangerProtect => Service deleted successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
winzipersvc => Service not found.
C:\Program Files (x86)\WinZipper => Moved successfully.
"C:\Program Files (x86)\WinZipper" => File/Directory not found.
C:\Users\John\AppData\Roaming\WinZipper => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{03604545-B4D5-4B45-91CA-D8FF9EC27AEB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03604545-B4D5-4B45-91CA-D8FF9EC27AEB}" => Key deleted successfully.
C:\Windows\System32\Tasks\cphcqbkuw => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cphcqbkuw" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B2B39DD-C48B-4178-B965-9FDD87E7F9E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B2B39DD-C48B-4178-B965-9FDD87E7F9E3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{44D6EA9B-0231-44B7-AF7E-8825800902E2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44D6EA9B-0231-44B7-AF7E-8825800902E2}" => Key deleted successfully.
C:\Windows\Tasks\cphcqbkuw.job => Moved successfully.
C:\Windows\SysWOW64\duserc.dll => Moved successfully.
"C:\Users\John\AppData\Roaming\istartsurf" => File/Directory not found.
"C:\Windows\Tasks\cphcqbkuw.job" => File/Directory not found.
C:\ProgramData\TEMP => ":56E2E879" ADS removed successfully.

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 742.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:24:19 ====


Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Да, това се очаква. Имаме още работа. :)

 

 

СТЪПКА 1

  • Изтеглете и стартирайтe 6sv1DN9.jpgAdwCleaner.exe.
  • Натиснете бутона Scan.
  • AdwCleaner ще започне да проверява компютъра.
  • След като проверката приключи натиснете бутона Clean.
  • Програмата ще затвори всички излишни процеси и след почистването ще иска да рестартира машината. Съгласете се.
  • Ще се появи автоматично лог файл с името (AdwCleaner[s0].txt) в C:\Adwcleaner
  • Публикувайте съдържанието му в следващия си коментар.


     
    СТЪПКА 2
     

     
    Моля изтеглете icon1351185104.png Junkware Removal Tool на вашия десктоп.
  • Спрете временно работата на защитните програми.
  • Стартирайте инструмента JRT.exe
  • Ще се отвори ДОС прозорец. Натиснете което и да е копче от клавиатурата.
  • Затворете излишните приложения и всички браузъри и изчакайте проверката да завърши.
  • Ще се появи лог файл (който можете да намерите и ръчно на десктопа с името JRT.txt).
  • Моля копирайте съдържанието на лог файла в следващия си пост.


     
    СТЪПКА 3


     
    Моля изтеглете Malwarebytes Anti-Malware 2.0.3.1025 Final и я запазете на вашия десктоп.
  • Стартирайте файла mbam-setup-2.0.3.1025.exe и следвайте указанията за да инсталирате програмата.
  • След като инсталацията приключи се уверете че сте сложили отметка пред:
  • Launch Malwarebytes Anti-Malware
  • Отметката активираща пробния 14 дневен период също е маркиран по-подразбиране. Ако не желаете да тествате защитата в реално време на програмата през следващите 14 дни тогава премахнете отметката.
  • Натиснете бутона Finish.
  • Отидете до табът Settings > Detection and Protection > и под категорията Detection Options включете опцията "Scan for rootkits".
  • Отидете до табът Scan, сложете радио-бутона пред Threat Scan и след това натиснете бутона Scan Now >> . Ако е намерена актуализация тогава натиснете бутона Update Now.
  • Ще започне проверка за зловреден софтуер.
  • При някои инфекции можете да видите съобщението:
  • "Could not load DDA driver"
  • Натиснете "Yes" на това съобщение за да позволите драйвера да се зареди след рестарт.
  • Разрешете на компютъра да се рестартира и след това продължете с останалите инструкции.
  • След като проверката приключи натиснете бутона Apply Actions.
  • Изчакайте да се появи прозореца подканващ ви да рестартирате и след това натиснете бутона Yes.
  • След рестарта, когато се появи десктопа MBAM ще се зареди още веднъж.
  • Отидете то табът History > Application Logs.
  • Отворете рапорта с последната дата и час и натиснете бутона "Copy to Clipboard"
  • Сега вече поставете съдържанието на лог файла с клавишната комбинация Ctrl + V и го публикувайте в следващия си коментар.


     
    СТЪПКА 4
     

     
    1.Изтеглете Hitman Pro.
    За 32-битова система - dEMD6.gif.
    За 64-битова система - Download-button3.gif


    2.Стартирайте програмата.

    3.След като сте стартирали програмата като кликнете върху иконата 5vo5F.jpg и натиснете бутона „Напред“ като се съгласите с лицензионното споразумение (EULA).

    4.Сложете отметка пред "Не, искам да завърша еднократно сканиране на компютъра".

    5.Натиснете бутона „Напред“.

    6.Програмата ще започне да сканира. Времето за сканиране е около 2 минути.

    7.След завършване на сканирането от списъка с намерените неща (ако има такива) изберете Apply to all => Ignore.

    8.Натиснете "Next" и след това натиснете "Изнеси резултата в XML file" и запазете лог файла на десктопа.

    9.Архивирайте файла и го прикачете в следващия си коментар или копирайте съдържанието му в следващия си коментар.
     
    Забележка: Ако няма падащо меню, където да изберете ignore както на снимката:
     
    6-scanfin-choose.jpg
     
    Тогава просто затворете програмата след края на проверката (без да премахвате нищо)...след това отворете C:Programdata\HitmanPro\Logs, отворете и публикувайте съдържанието на лог файла в следващия си коментар.

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Adwcleaner log file

 

# AdwCleaner v4.106 - Report created 29/12/2014 at 22:54:16
# Updated 21/12/2014 by Xplode
# Database : 2014-12-28.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : John - JOHN-PC
# Running from : C:\Users\John\Downloads\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Users\John\AppData\Local\globalUpdate
Folder Deleted : C:\Users\John\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Public\Documents\Goobzo
Folder Deleted : C:\Users\Public\Documents\ShopperPro
Folder Deleted : C:\Users\Public\Documents\YTAHelper

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\John\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\Mozilla\Extends
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FCE3FA8B-BA81-467C-81D8-E43C00D1BC71}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Goobzo
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Goobzo
Key Deleted : HKLM\SOFTWARE\hdcode
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\V9
Key Deleted : HKLM\SOFTWARE\winzipersvc
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-homes.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v34.0 (x86 en-US)

[19pfvmce.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "147f7818c6840b10937a46f0622a6cc1");
[19pfvmce.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[19pfvmce.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

-\\ Google Chrome v

[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [4026 octets] - [29/12/2014 22:51:11]
AdwCleaner[s0].txt - [4781 octets] - [29/12/2014 22:54:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4841 octets] ##########

 

 

 

JRT log file

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by John on Mon 12/29/2014 at 22:57:16.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\John\AppData\Roaming\mozilla\firefox\profiles\19pfvmce.default\minidumps [142 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/29/2014 at 22:59:06.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Malawarebytes log

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/29/2014
Scan Time: 11:06:34 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.29.07
Rootkit Database: v2014.12.29.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 318888
Time Elapsed: 9 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.iWebar.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\iWebar, Quarantined, [a6f67eeafc80c3738a349d00d92a16ea],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

Само да допълня, че след скенирането и apply actions не ми се наложи да рестартирам

 

 

HitmanPro log

 

 

HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : JOHN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : John-PC\John
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-12-29 23:23:06
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 44

   Objects scanned . . . : 1,046,569
   Files scanned . . . . : 15,854
   Remnants scanned  . . : 194,253 files / 836,462 keys

Suspicious files ____________________________________________________________

   C:\Users\John\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,122,752 bytes
      Age  . . . . . . . : 2.1 days (2014-12-27 21:09:00)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9333A1396B8C066807415A0CEC5B8487DF4191EFF45DBA18A2F2A5A4C8313A9F
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\John\Desktop\FRST64.exe
      Size . . . . . . . : 2,123,264 bytes
      Age  . . . . . . . : 1.1 days (2014-12-28 21:23:55)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 8CF775131B705B240CA7817194B39F077788FA37405B0449719875FBAA05BB68
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\John\Desktop\FRST64.exe
          0.0s C:\Users\John\Desktop\FRST64.exe
          0.0s C:\Users\John\Desktop\FRST64.exe
          3.6s C:\Users\John\Desktop\FRST-OlderVersion\
          3.6s C:\Users\John\Desktop\FRST-OlderVersion\
         15.3s C:\FRST\Logs\ct
         15.3s C:\FRST\Logs\ct
         15.3s C:\Users\John\Desktop\Fixlog.txt
         15.7s C:\FRST\Quarantine\C\
         15.7s C:\FRST\Quarantine\C\
         15.7s C:\FRST\Quarantine\C\
         15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\
         15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\browser\
         15.7s C:\FRST\Quarantine\C\Program Files (x86)\
         15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\browser\searchplugins\
         15.7s C:\FRST\Quarantine\C\Program Files (x86)\mozilla firefox\browser\searchplugins\
         15.7s C:\FRST\Quarantine\C\Users\
         15.7s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\
         15.7s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\
         15.7s C:\FRST\Quarantine\C\Users\John\AppData\
         15.7s C:\FRST\Quarantine\C\Users\John\
         15.7s C:\FRST\Quarantine\C\Users\John\
         15.7s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\
         15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\
         15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\
         15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\
         15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\
         15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\
         15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\Extensions\
         15.8s C:\FRST\Quarantine\C\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\
         16.0s C:\FRST\Quarantine\C\ProgramData\
         16.0s C:\FRST\Quarantine\C\ProgramData\
         16.0s C:\FRST\Quarantine\C\ProgramData\
         16.1s C:\FRST\Quarantine\C\Windows\System32\Tasks\
         16.1s C:\FRST\Quarantine\C\Windows\
         16.1s C:\FRST\Quarantine\C\Windows\System32\
         16.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid
         16.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci
         16.3s C:\FRST\Quarantine\C\Windows\Tasks\
         16.3s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.dir
         16.3s C:\FRST\Quarantine\C\Windows\SysWOW64\
         16.5s C:\Windows\Prefetch\BITSADMIN.EXE-80E1BDAA.pf
         16.5s C:\Windows\Prefetch\BITSADMIN.EXE-80E1BDAA.pf
         17.4s C:\Windows\Prefetch\NETSH.EXE-3DD790C5.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         17.5s C:\Windows\Prefetch\IPCONFIG.EXE-62724FE6.pf
         18.5s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid
         18.5s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci
         18.7s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.dir
         19.2s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
         24.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid
         24.2s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci
         25.7s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir
         26.1s C:\Windows\Prefetch\SEARCHINDEXER.EXE-77D27BAC.pf
         33.0s C:\FRST\Logs\Fixlog_28-12-2014_21-24-28.txt
         34.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
         34.9s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
         35.0s C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir

   C:\Users\John\Downloads\JRT.exe
      Size . . . . . . . : 1,707,939 bytes
      Age  . . . . . . . : 0.0 days (2014-12-29 22:56:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 2DD0F84C137A2239E2194101FB1DB9FA38E70EA82B3C0761A2DF366A6C0B8FF4
      Running processes  : 4004
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
      Forensic Cluster
         -76.5s C:\Users\John\AppData\Roaming\Raptr\Unknown\config\prefs.xml
         -73.7s C:\Users\John\AppData\Roaming\Raptr\ltc\[help] Explorer.EXE.log
         -71.8s C:\Users\John\AppData\Roaming\Raptr\data\raptrguest8r1vrjq4\config\certificates\x509\tls_peers\xmpp-server4.raptr.com
         -69.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\043B9F6B2419DF60CD1450AAB52E6D048C63BFC1
         -69.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\D89139A34C4C7C021FCE3318B0CF62DCBD8EAB33
         -67.4s C:\Users\John\AppData\Roaming\Raptr\data\raptrguest8r1vrjq4\config\blist.xml
         -66.6s C:\Users\John\AppData\Roaming\Raptr\ltc\[help] firefox.exe.log
         -66.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\B783A864354FA3BCA55141CDA0E50E2D83221684
         -65.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\ACD530712C7E96D6A47D5C87958345D2B39AF546
         -65.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F302E984C8756C0FB75DD8C93533502D0C2CE9CF
         -64.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\5CEBA5E71C9CAC85BF3D744792E5FF3332AC1E3A
         -64.5s C:\Users\John\AppData\Roaming\Raptr\data\raptrguest8r1vrjq4\config\xmpp-caps.xml
         -64.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\479D431A6A63732BBF8CFB5179772AA3B62C0020
         -64.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\343F5CB838BD7F103127772D872180EF42D575C1
         -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\9873AC0174BE2D26774009E3E513B0731996C43C
         -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C8C9AC33B96F82DD017962730F443621E8673163
         -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\289E399E67FD10F4D518B70C33BFA522EE9477E8
         -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\02245BD9B07010DEE09730C11C109E7D26C05748
         -63.7s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\AD85FAE24CBFA591FB1FA23903A5FCF846045894
         -63.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\27149D7AD793392E343CB588AD53CB59D4BD30D9
         -63.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\68AE61A591D80B589033CFA393DEADCE68612BF4
         -63.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\06E32A6A3B3873A533784C415B93F2A69AC7ADD7
         -63.2s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\9AC4F034983499B161FB935610DEC78E82355394
         -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A86B16344FF29BDDBEB988304DBF9946F5E8BB07
         -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\B594CBE0E7AD25F5EF8F7113CF6B423BCF7EFB71
         -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\83136BDE10805CDF78E7D0F157741E335D4364B8
         -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\6D5CBAE7C55992B134C01611624C9DA39B60937C
         -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\AE3383DBC1940B7A2C6160CFD6785BBAF9AE2DCC
         -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\72570E4EF1EC230A310A5090C63D3FDD61643A34
         -61.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\E35DD83838C62650C67C074A48DB6B4EC7A567D9
         -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\29A77CE770FD9E5D3384EB5B1E571A380A3C62C3
         -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\5A83166600E36A2CA392DF02DE727B589B7FAA3F
         -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F45EA45414731AA75790AC61ED3E4E8C602AA447
         -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\2A5A4DB9EAF9D348EB80798BA694A739B07AC3A2
         -58.8s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\68CF8247B6F3D94EE9F18E84F8FD3D284A253C18
         -58.8s C:\Users\John\AppData\Roaming\Raptr\version_gold.txt
         -58.5s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A6F7B9692BDCBC7BBAE3D302158B2332C34EA4E6
         -58.3s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\E5ECDCB17F94348A5FE0E0BE47D1155C955784AC
         -58.3s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\99B6C39E369A56B0E50281860EDD8F996E2845E2
         -58.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\73625037A4C54D10764C5FAF0CBB44C4DFFE6A2F
         -58.1s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\15DD693F9E923B046BC25511B92B33E5CD3FCC44
         -58.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\61FAB1220BC966F299D54727C8488F6BF49C3C56
         -57.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\020167DE0B0F1B469EB87F29CBA5A1603A452DD4
         -57.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\22E0ABABA88BA61090C60D37DF8243004E05CE3A
         -52.6s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\86CA44F0918B28893D2B26C4286DB477BDD24C20
         -52.6s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\B2DE0ACAE9E657FA661B2964727E93614D74888B
         -49.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C19620050173DDAA65DA9E7CC69B3E80EB765F4E
         -48.5s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A3191767E90749DEA70657CD19BD5118B696CDB9
         -48.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\6C2431D76E8281FF74CA978EDB5219C918B528E4
         -48.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\694FCEC0C426F79A2DD7F4AE8E70C47C8F6DF052
         -43.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C91CDDE8BD14572652A2CFC20FB8BE8FB5D068BC
         -43.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\94CA507DCA4A266C57BDCD0B7BB9137100C303B7
         -38.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\71E8571A7C54B7CB32BC75403C0E59B12966E8BD
         -38.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\9CE9E0766BCD4368137E920F467BA29AE732D2F0
         -32.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\1AFC4482962F40CC5663209C13E495793E03FFCB
         -31.5s C:\Windows\Prefetch\ReadyBoot\Trace1.fx
         -30.5s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\E667B89115F4717F16C97B99A36CDA348F5BBDC2
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\16419496E6AFEBFDDFB3FF3184AE08120383F30D
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F5421BD28877F7D12678F72E3D4ADD5407DA44B7
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\ED1F414392F43B2A8CF3B788A7D4A5C498BC8FD0
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\FD32D59187048CEFF23A9F1B6B9E80C3185C1312
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\08DD57F9112DC7BF152A342CED8BD2D6FC84227C
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\55D1680AD31D0724BE70AD666797BE9B3A32889D
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\C7FDB99F36242790D9D4F414E4D335F4AEB32856
         -30.4s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\AB223F58720DD860473DF3FCA836DB1179BC1FCA
         -28.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\064AA66E1C7C13C71529FA06641B63A66307782F
         -28.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\0854B45E9A493BA8F3A9E0983F4A02A9A396E481
         -23.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\4AB25CB553FDD0186C88A6994DC251C0F47F6D2C
         -17.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\810CEE52531F085B5F8368309A3A2E3C129E1FF0
         -12.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\FC73336CE373147E7550788FA5A64EE54CDAC995
         -8.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\77BFCBD99FD6E5629E4BD6C9237F00B66E5FF233
         -7.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\05F87D96C4D0366DE71D6D2500D7C54B622D66D4
         -7.7s C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9974cc49-14d5-4086-9735-db63d57875ab}\
         -7.6s C:\Windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\{9974cc49-14d5-4086-9735-db63d57875ab}\snapshot.etl
         -2.9s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\4B79FC3632E53324FE6E7B0443E1BEFAD86DB960
          0.0s C:\Users\John\Downloads\JRT.exe
          2.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\A386E9630A68D22C0B1EE10B0C7129C8E1E4AAF2
          2.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\2B40495B50859EC01F390ABDAA9137085C1A2E59
          7.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\8627FA7F7F2CC6BE0D3B946F5457E2AEE5D83AC5
         12.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\F3D2293463C9DBEF63F8C071321C6D6733E84EFB
         12.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\8C4302FC366A43632CA14D1571CA2BBD8EC64BB7
         17.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\BA30035848BA6FF9F6CC9B85E9D6FCD36AAD8EC8
         17.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\3E5A65AFAFF1DE5A11EF931041A148A91EEA6E1A
         21.1s C:\Users\John\AppData\Local\Temp\jrt\
         21.3s C:\Users\John\AppData\Local\Temp\jrt\erunt\
         21.3s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
         21.3s C:\Users\John\AppData\Local\Temp\jrt\ask.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\chrome.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\delfolders.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\ev_clear.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\firefox.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\get.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\iexplore.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\medfos.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\misc.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\mws.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\prelim.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\runvalues.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\searchlnk.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\surfvox.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\TDL4.bat
         21.3s C:\Users\John\AppData\Local\Temp\jrt\clean_shortcut.vbs
         21.3s C:\Users\John\AppData\Local\Temp\jrt\erunt\README.TXT
         21.3s C:\Users\John\AppData\Local\Temp\jrt\currentmd5.txt
         21.3s C:\Users\John\AppData\Local\Temp\jrt\sednewline.txt
         21.3s C:\Users\John\AppData\Local\Temp\jrt\appinit64_null.reg
         21.3s C:\Users\John\AppData\Local\Temp\jrt\appinit_null.reg
         21.3s C:\Users\John\AppData\Local\Temp\jrt\CHR_open_x64.reg
         21.3s C:\Users\John\AppData\Local\Temp\jrt\CHR_open_x86.reg
         21.3s C:\Users\John\AppData\Local\Temp\jrt\datamngr_del.reg
         21.3s C:\Users\John\AppData\Local\Temp\jrt\FF_open_x64.reg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FF_open_x86.reg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\IE_open_x64.reg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\IE_open_x86.reg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\winlogon.reg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\badFOLDERS.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\badFOLDERScom.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\badFOLDERSstart.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\badLNK.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\badvalues.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\browsermngr_keys.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\browsermngr_values.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\CHRregkey_x64.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\CHRregkey_x86.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\CHR_extensions.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\defaultscope.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFwhtlist.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\IEwhtlst.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\runvalues_x64.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\runvalues_x86.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\serviceseventlog.cfg
         21.4s C:\Users\John\AppData\Local\Temp\jrt\askCLSID.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\askregkey_x64.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\askregkey_x86.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\askregvalue_x64.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\askregvalue_x86.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\askservices.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\badAPPINIT.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\BHO_clsid.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\BHO_name.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\CHOICE.DAT
         21.4s C:\Users\John\AppData\Local\Temp\jrt\CUT.DAT
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFbrowsermngr.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFextensions.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFpluginREG.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFplugins.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFprefs.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFregkey_x64.dat
         21.4s C:\Users\John\AppData\Local\Temp\jrt\FFregkey_x86.dat
         21.7s C:\Users\John\AppData\Local\Temp\jrt\FFXML.dat
         21.7s C:\Users\John\AppData\Local\Temp\jrt\FFXPI.dat
         21.7s C:\Users\John\AppData\Local\Temp\jrt\GREP.DAT
         21.7s C:\Users\John\AppData\Local\Temp\jrt\IFEO.dat
         21.7s C:\Users\John\AppData\Local\Temp\jrt\NIRCMD.DAT
         21.7s C:\Users\John\AppData\Local\Temp\jrt\SED.DAT
         21.7s C:\Users\John\AppData\Local\Temp\jrt\services.dat
         21.7s C:\Users\John\AppData\Local\Temp\jrt\SHORTCUT.DAT
         21.7s C:\Users\John\AppData\Local\Temp\jrt\WGET.DAT
         21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERDNT.E_E
         21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERDNTDOS.LOC
         21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERDNTWIN.LOC
         21.7s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.LOC
         21.9s C:\Users\John\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
         21.9s C:\Users\John\AppData\Local\Temp\jrt\libiconv2.dll
         21.9s C:\Users\John\AppData\Local\Temp\jrt\libintl3.dll
         21.9s C:\Users\John\AppData\Local\Temp\jrt\pcre3.dll
         21.9s C:\Users\John\AppData\Local\Temp\jrt\regex2.dll
         21.9s C:\Users\John\AppData\Local\Temp\jrt\temp\null.txt
         21.9s C:\Users\John\AppData\Local\Temp\jrt\temp\
         22.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\index
         22.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\1438E6CC6202E2E05AFE22DE82277EB8E22107D8
         22.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\1E8E6F4382943177B8E9AF52571B846F0C47C47B
         22.7s C:\Windows\Prefetch\TASKKILL.EXE-B1536702.pf
         23.0s C:\Windows\Prefetch\NIRCMD.DAT-1964F7AF.pf
         23.1s C:\Windows\Prefetch\PING.EXE-6B29C0CD.pf
         23.6s C:\Users\John\AppData\Local\Temp\jrt\newmd5.txt
         23.6s C:\Windows\Prefetch\WGET.DAT-7C63DC99.pf
         23.7s C:\Windows\Prefetch\FC.EXE-1E325414.pf
         25.8s C:\Windows\ERUNT\
         25.8s C:\Windows\ERUNT\JRT\
         25.8s C:\Windows\ERUNT\JRT\ERDNT.INF
         25.9s C:\Windows\ERUNT\JRT\ERDNT.CON
         25.9s C:\Windows\ERUNT\JRT\BCD
         25.9s C:\Windows\ERUNT\JRT\SOFTWARE
         26.9s C:\Windows\ERUNT\JRT\SYSTEM
         27.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\3EF9F3D0CEF7141BBE132AADA0B3687F2FBD3EB5
         27.2s C:\Windows\ERUNT\JRT\DEFAULT
         27.3s C:\Windows\ERUNT\JRT\SECURITY
         27.4s C:\Windows\ERUNT\JRT\SAM
         27.4s C:\Windows\ERUNT\JRT\Users\
         27.4s C:\Windows\ERUNT\JRT\Users\00000001\
         27.4s C:\Windows\ERUNT\JRT\Users\00000001\NTUSER.DAT
         27.6s C:\Windows\ERUNT\JRT\Users\00000002\
         27.6s C:\Windows\ERUNT\JRT\Users\00000002\UsrClass.dat
         27.7s C:\Windows\ERUNT\JRT\ERDNT.EXE
         27.7s C:\Windows\ERUNT\JRT\ERDNTWIN.LOC
         27.7s C:\Windows\ERUNT\JRT\ERDNTDOS.LOC
         27.7s C:\Windows\Prefetch\ERUNT.EXE-8E69453B.pf
         27.8s C:\Windows\Prefetch\REG.EXE-8826EE4D.pf
         27.9s C:\Windows\Prefetch\FINDSTR.EXE-7F3B6129.pf
         31.1s C:\Windows\Prefetch\JRT.EXE-2D4345BA.pf
         37.0s C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\19pfvmce.default\cache2\entries\7E35457F4D382D61AFF6A971307C449DE556B9AF
         37.3s C:\Windows\Prefetch\GREP.DAT-4FBAF2FC.pf
         48.6s C:\Windows\Prefetch\SC.EXE-4502142D.pf
         48.7s C:\Windows\Prefetch\FIND.EXE-CEB858FC.pf
         64.4s C:\Windows\Prefetch\REGEDIT.EXE-32FE412B.pf
         70.3s C:\Users\John\AppData\Local\Temp\WPDNSE\


Potential Unwanted Programs _________________________________________________

   HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPDRIVER_1.37.0.486\ (ShopperPro)
   HKLM\SYSTEM\ControlSet001\services\eventlog\Application\winzipersvc\ (AirZip)
   HKLM\SYSTEM\ControlSet002\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet002\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPDRIVER_1.37.0.486\ (ShopperPro)
   HKLM\SYSTEM\ControlSet002\services\eventlog\Application\winzipersvc\ (AirZip)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPDRIVER_1.37.0.486\ (ShopperPro)
   HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\winzipersvc\ (AirZip)
   HKU\.DEFAULT\Software\AppDataLow\Software\Sense\ (SaveSense)
   HKU\S-1-5-18\Software\AppDataLow\Software\Sense\ (SaveSense)
   HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)
   HKU\S-1-5-21-1942577815-974979230-2030574014-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} (ShopperPro)

Cookies _____________________________________________________________________

   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ad.360yield.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ad.mlnadvertising.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.ad4game.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.kaldata.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.pubmatic.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ads.stickyadstv.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:adtech.de
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:adtechus.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:advertising.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:at.atwola.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:atdmt.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:burstnet.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:casalemedia.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:diff3.smartadserver.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:doubleclick.net
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:fastclick.net
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:media6degrees.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:revsci.net
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:ru4.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:smartadserver.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:solutions.tradedoubler.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:tradedoubler.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:www.burstnet.com
   C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\19pfvmce.default\cookies.sqlite:www.googleadservices.com
 

 

Дано съм се справил
 

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Струва ми се, че проблема е решен. Вече не ми се стартира delta-homes за начална страница

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Почти сме готови :)

 

 

СТЪПКА 1

 

Изтеглете обновения edit-text.giffixlist.txt и го запазете в папката от която стартирахте FRST.exe.
Стартирайте FRST.exe и натиснете бутона Fix веднъж!
След като приключи, ако ви поиска рестарт - съгласете се. След рестарта публикувайте лог файла - fixlog.txt, който ще се създаде след работата на програмата.
 
Внимание: Скрипта е създаден за текущата система. Да не се ползва за други системи с подобни проблеми!

 

 

 

СТЪПКА 2

 

 

Повторете проверката само с HitmanPro и публикувайте новия лог файл.

 

 

 

СТЪПКА 3

 

  • Моля изтеглете и стартирайте exe файла от линка отдолу:
    ESET OnlineScan
  • Сложете отметка пред esetAcceptTerms.png
  • Натиснете бутона esetStart.png и изчакайте компонентите да се инсталират.
  • Сложете отметка пред: Enable detection of potentially unwanted applications
  • Сеха натиснете линка с името Advanced Settings и се уверете, че няма отметка пред Remove found threats.
  • Сложете следните други отметки:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating memory and drive C:\

fhSji42.png

 

  • Натиснете бутона esetStart.png.
  • Програмата ще започне да тегли и инсталира ъпдейти и след това ще започне да проверява вашата система.Бъдете търпеливи, защото проверката е доста бавно и може да отнеме повече време (за предпочтане е да я направите, когато имате време и не сте пред компютъра, например през нощта докато спите).
  • След като сканирането приключи натиснете бутона esetListThreats.png
  • Сега натиснете линка esetExport.pngи запазете файла с име по ваш избор като например ESETScan.txt.
  • Натиснете бутона esetBack.png.
  • След това натиснете бутона esetFinish.png
  • Публикувайте лог файла в следващия си коментар.

 

 

СТЪПКА 4

 

 

Както и да видим за стар и уязвим софтуер:

 

 

Изтеглете Security Check от screen317 от този линк или и го запаметете на вашия десктоп.
Кликнете два пъти върху SecurityCheck.exe и следвайте инструкциите.
Накрая, автоматично ще се отвори текстов документ, наречен checkup.txt, моля прикачете го в следващия ви коментар в тази тема.

 

 

Пишете и как е положението след гореспоменатите процедури.
 

 

Поздрави! :)

Сподели този отговор


Линк към този отговор
Сподели в други сайтове

Регистрирайте се или влезете в профила си за да коментирате

Трябва да имате регистрация за да може да коментирате това

Регистрирайте се

Създайте нова регистрация в нашия форум. Лесно е!

Нова регистрация

Вход

Имате регистрация? Влезте от тук.

Вход

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.