Před odesláním logu Extras zhasl monitor a po chvilce se objevila modrá obrazovka.
Anglicky neumím, tak nevím co tam bylo.
To je ta modrá smrt, jak se o tom píše?
Počítač nereagoval tak jsem ho natvrdo vypnula.
Po startu jsem odklikla "spustit systém obvyklým způsobem" a windows naběhl.
Asi jsem to zvorala tím vypnutím "natvrdo", co?
Trojan:JS/FrameRef Vyřešeno
-
memphisto
- Guru Level 13
- Příspěvky: 21113
- Registrován: září 06
- Bydliště: Zlín - České Budějovice
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
Jiná možnost nebyla...
Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.
Stáhni si a nainstaluj WhoCrashed
otevři ho a klikni na Analyze.
Program vytvoří zprávu , zkopíruj celou a vlož prosím sem.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Re: Trojan:JS/FrameRef
System Information (local)
--------------------------------------------------------------------------------
computer name: ADMIN
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 4201889792 total
VM: 2147352576, free: 1946898432
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Thu 31.1.2013 20:56:11 GMT your computer crashed
crash dump file: C:\Windows\Minidump\013113-13525-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7EFC0)
Bugcheck code: 0x109 (0xA3A039D89CA8B504, 0xB3B7465EEF26F14A, 0xFFFFF880031705C0, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Thu 31.1.2013 20:56:11 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x109 (0xA3A039D89CA8B504, 0xB3B7465EEF26F14A, 0xFFFFF880031705C0, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
2 crash dumps have been found and analyzed. No offending third party drivers have been found. Consider configuring your system to produce a full memory dump for better analysis.
Read the topic general suggestions for troubleshooting system crashes for more information.
Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
--------------------------------------------------------------------------------
computer name: ADMIN
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: GenuineIntel Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Intel586, level: 6
4 logical processors, active mask: 15
RAM: 4201889792 total
VM: 2147352576, free: 1946898432
--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------
Crash dump directory: C:\Windows\Minidump
Crash dumps are enabled on your computer.
On Thu 31.1.2013 20:56:11 GMT your computer crashed
crash dump file: C:\Windows\Minidump\013113-13525-01.dmp
This was probably caused by the following module: ntoskrnl.exe (nt+0x7EFC0)
Bugcheck code: 0x109 (0xA3A039D89CA8B504, 0xB3B7465EEF26F14A, 0xFFFFF880031705C0, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
file path: C:\Windows\system32\ntoskrnl.exe
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: NT Kernel & System
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
On Thu 31.1.2013 20:56:11 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: ntkrnlmp.exe (nt!KeBugCheckEx+0x0)
Bugcheck code: 0x109 (0xA3A039D89CA8B504, 0xB3B7465EEF26F14A, 0xFFFFF880031705C0, 0x2)
Error: CRITICAL_STRUCTURE_CORRUPTION
Bug check description: This indicates that the kernel has detected critical kernel code or data corruption.
This might be a case of memory corruption. More often memory corruption happens because of software errors in buggy drivers, not because of faulty RAM modules.
The crash took place in the Windows kernel. Possibly this problem is caused by another driver that cannot be identified at this time.
--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------
2 crash dumps have been found and analyzed. No offending third party drivers have been found. Consider configuring your system to produce a full memory dump for better analysis.
Read the topic general suggestions for troubleshooting system crashes for more information.
Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\ProgramData\P1210OS.HTM
C:\ProgramData\P1210SIG.GIF
C:\Windows\StwGLX.INI
C:\Windows\tbuninst2.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1190233474
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
IE - HKCU\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP
IE - HKCU\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2
FF - prefs.js..browser.search.selectedEngine: "Funmoods"
FF - prefs.js..browser.startup.homepage: "http://searchfunmoods.com/?f=1&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1190233474"
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll File not found
[2012.08.01 22:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uzivatel\AppData\Roaming\Mozilla\Extensions
[2013.01.30 18:58:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions
[2013.01.30 18:58:54 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com
[2012.04.09 09:23:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uzivatel\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5k7j4tla.default\extensions
[2013.01.30 18:58:59 | 000,002,329 | ---- | M] () -- C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\searchplugins\Funmoods.xml
[2012.11.13 13:48:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.11.13 13:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.11.13 13:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
CHR - homepage: http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2
CHR - homepage: http://searchfunmoods.com/?f=1&a=kno&ir ... 1190233474
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: VIDC.ACDV - ACDV.dll File not found
[2013.01.31 20:32:51 | 000,735,908 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.01.31 20:32:51 | 000,721,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.31 20:32:51 | 000,166,006 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.01.31 20:32:51 | 000,146,632 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
C:\WINDOWS\system32\DUMP*.tmp
c:\windows\Tasks\*.job /s
C:\*.tmp
C:\WINDOWS\System32\drivers\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Users\Uzivatel\AppData\Local\{0441D02E-73F3-433E-B79D-05BE5635BCF4}
C:\Users\Uzivatel\AppData\Local\{0B1E3F40-8397-49DE-9EB9-DB957275561A}
C:\Users\Uzivatel\AppData\Local\{1DD4C00B-772C-45D5-B7BC-9D802D52ACFD}
C:\Users\Uzivatel\AppData\Local\{79B108DC-F664-45B6-A447-B6DEC30669D5}
C:\Users\Uzivatel\AppData\Roaming\Funmoods
C:\Program Files (x86)\Funmoods
C:\Users\Uzivatel\AppData\Local\{EC5B291D-D27A-4BBD-8CE3-56F80BB14F59}
C:\Users\Uzivatel\AppData\Local\{970E4483-7AB5-4E9D-92DF-7ACE0BD7BD4A}
C:\Users\Uzivatel\Desktop\RK_Quarantine
C:\Users\Uzivatel\AppData\Local\{ED6D535C-79F4-48C4-B6F5-0B19A405F88F}
C:\Users\Uzivatel\AppData\Local\{370B13E3-ECDC-4010-A041-E6098DCF3E98}
C:\Users\Uzivatel\AppData\Local\{824BC989-2E10-459F-B696-CF1E7F56E7E5}
C:\Users\Uzivatel\AppData\Local\{98E32374-214A-44AB-881B-F7667EBB53BD}
C:\Users\Uzivatel\AppData\Local\{7793DC8D-425C-4F58-8B8B-66960E207FB6}
C:\Users\Uzivatel\AppData\Local\{F75FC207-E5CE-476B-B271-5C59A6843C82}
C:\Users\Uzivatel\AppData\Local\{3079BEB8-4066-41B7-A8F7-8B53A4A33987}
C:\Users\Uzivatel\AppData\Local\{31024CF9-2ABD-4DAA-9723-80A7510FDB2B}
C:\Users\Uzivatel\AppData\Local\{01D43D32-1F84-4E18-90BC-527489BA9D5D}
C:\Users\Uzivatel\AppData\Local\{4AC65A99-764E-4BD3-B8DE-24D2C44DD96D}
C:\Users\Uzivatel\AppData\Local\{AD86FB87-4862-47E3-AEF1-B89A024F8E1A}
C:\Users\Uzivatel\AppData\Local\{0E5664A2-54B2-4AAC-83ED-A9152F2130A9}
C:\Users\Uzivatel\AppData\Local\{1FE34710-163A-4569-97D2-41C2DECE566A}
C:\Users\Uzivatel\AppData\Local\{ABE3B1FA-8371-44B3-8C3D-6EB8015C4A29}
C:\Users\Uzivatel\AppData\Local\{04E4CE9A-1B7A-4A0F-B63C-673A4ABFF966}
C:\Users\Uzivatel\AppData\Local\{47AFE9FC-543E-47F8-91F9-A64B2C1F2424}
C:\Users\Uzivatel\AppData\Local\{F555198F-33CB-4251-91D4-18538811EBFC}
C:\Users\Uzivatel\AppData\Local\{36C193F8-1C50-4C46-876E-B60EAC5F61B7}
C:\Users\Uzivatel\AppData\Local\{72F01E0C-7867-4E1F-A611-701760330A1D}
C:\Users\Uzivatel\AppData\Local\{53C0B5C2-CFA7-4ED3-B073-D5D5D4A0309F}
C:\Users\Uzivatel\AppData\Local\{F81E2C88-FB8B-4B42-931D-A96D7B5C56DB}
C:\Users\Uzivatel\AppData\Local\{23C1FB3D-9ABD-49C4-A52A-3D9B56C47BCF}
C:\Users\Uzivatel\AppData\Local\{91B501E3-D5A5-4A2F-AA42-851405E99996}
C:\Users\Uzivatel\AppData\Local\{8FA48A65-CBE8-4271-98E9-FCB5814274A3}
C:\Users\Uzivatel\AppData\Local\{F1B85CA8-809F-4E55-8622-F3F51727FE0E}
C:\Users\Uzivatel\AppData\Local\{EF82276E-67CD-42EE-9715-100B710C1B26}
C:\Users\Uzivatel\AppData\Local\funmoods-speeddial_sf.crx
C:\Users\Uzivatel\AppData\Local\funmoods.crx
C:\ProgramData\P1210DEF.css
C:\Windows\SysWow64\cis-2.4.dll
C:\Windows\SysWow64\issacapi_bs-2.3.dll
C:\Windows\SysWow64\issacapi_pe-2.3.dll
C:\Windows\SysWow64\issacapi_se-2.3.dll
C:\Program Files (x86)\desktop.ini
:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\ProgramData\P1210OS.HTM
C:\ProgramData\P1210SIG.GIF
C:\Windows\StwGLX.INI
C:\Windows\tbuninst2.exe
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Nebo na:
http://www.virscan.org/
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Trojan:JS/FrameRef
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Prefs.js: "Funmoods" removed from browser.search.selectedEngine
Prefs.js: "http://searchfunmoods.com/?f=1&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1190233474" removed from browser.startup.homepage
Prefs.js: ffxtlbr@funmoods.com:1.5.1 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\2020Player_IKEA@2020Technologies.com\plugins folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\2020Player_IKEA@2020Technologies.com\META-INF folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\2020Player_IKEA@2020Technologies.com folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions folder moved successfully.
Folder C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\ not found.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5k7j4tla.default\extensions folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\searchplugins\Funmoods.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Office Excel\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\Drivers32 VIDC.ACDV not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.ACDV deleted successfully.
C:\Windows\SysNative\perfh005.dat moved successfully.
C:\Windows\SysNative\perfh009.dat moved successfully.
C:\Windows\SysNative\perfc005.dat moved successfully.
C:\Windows\SysNative\perfc009.dat moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
C:\Windows\SysNative\SET9D8A.tmp moved successfully.
C:\Windows\SysNative\SETA67B.tmp moved successfully.
C:\Windows\SysNative\SETA6DB.tmp moved successfully.
C:\Windows\SysNative\SETAA89.tmp moved successfully.
C:\Windows\SysNative\SETAB83.tmp moved successfully.
C:\Windows\SysNative\SETAE24.tmp moved successfully.
C:\Windows\SysNative\SETAE83.tmp moved successfully.
C:\Windows\SysNative\SETB2AD.tmp moved successfully.
C:\Windows\SysNative\SETB37A.tmp moved successfully.
C:\Windows\SysNative\SETBFA3.tmp moved successfully.
C:\Windows\SysNative\SETC639.tmp moved successfully.
C:\Windows\SysNative\SETFC83.tmp moved successfully.
C:\Users\Uzivatel\AppData\Local\{0441D02E-73F3-433E-B79D-05BE5635BCF4} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{0B1E3F40-8397-49DE-9EB9-DB957275561A} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{1DD4C00B-772C-45D5-B7BC-9D802D52ACFD} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{79B108DC-F664-45B6-A447-B6DEC30669D5} folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Funmoods\UpdateProc folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Funmoods folder moved successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh folder moved successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22 folder moved successfully.
C:\Program Files (x86)\Funmoods folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{EC5B291D-D27A-4BBD-8CE3-56F80BB14F59} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{970E4483-7AB5-4E9D-92DF-7ACE0BD7BD4A} folder moved successfully.
C:\Users\Uzivatel\Desktop\RK_Quarantine folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{ED6D535C-79F4-48C4-B6F5-0B19A405F88F} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{370B13E3-ECDC-4010-A041-E6098DCF3E98} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{824BC989-2E10-459F-B696-CF1E7F56E7E5} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{98E32374-214A-44AB-881B-F7667EBB53BD} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{7793DC8D-425C-4F58-8B8B-66960E207FB6} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F75FC207-E5CE-476B-B271-5C59A6843C82} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{3079BEB8-4066-41B7-A8F7-8B53A4A33987} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{31024CF9-2ABD-4DAA-9723-80A7510FDB2B} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{01D43D32-1F84-4E18-90BC-527489BA9D5D} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{4AC65A99-764E-4BD3-B8DE-24D2C44DD96D} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{AD86FB87-4862-47E3-AEF1-B89A024F8E1A} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{0E5664A2-54B2-4AAC-83ED-A9152F2130A9} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{1FE34710-163A-4569-97D2-41C2DECE566A} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{ABE3B1FA-8371-44B3-8C3D-6EB8015C4A29} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{04E4CE9A-1B7A-4A0F-B63C-673A4ABFF966} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{47AFE9FC-543E-47F8-91F9-A64B2C1F2424} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F555198F-33CB-4251-91D4-18538811EBFC} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{36C193F8-1C50-4C46-876E-B60EAC5F61B7} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{72F01E0C-7867-4E1F-A611-701760330A1D} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{53C0B5C2-CFA7-4ED3-B073-D5D5D4A0309F} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F81E2C88-FB8B-4B42-931D-A96D7B5C56DB} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{23C1FB3D-9ABD-49C4-A52A-3D9B56C47BCF} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{91B501E3-D5A5-4A2F-AA42-851405E99996} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{8FA48A65-CBE8-4271-98E9-FCB5814274A3} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F1B85CA8-809F-4E55-8622-F3F51727FE0E} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{EF82276E-67CD-42EE-9715-100B710C1B26} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\funmoods-speeddial_sf.crx moved successfully.
C:\Users\Uzivatel\AppData\Local\funmoods.crx moved successfully.
C:\ProgramData\P1210DEF.css moved successfully.
C:\Windows\SysWow64\cis-2.4.dll moved successfully.
C:\Windows\SysWow64\issacapi_bs-2.3.dll moved successfully.
C:\Windows\SysWow64\issacapi_pe-2.3.dll moved successfully.
C:\Windows\SysWow64\issacapi_se-2.3.dll moved successfully.
C:\Program Files (x86)\desktop.ini moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Hanka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Opera cache emptied: 2050698 bytes
->Flash cache emptied: 57133 bytes
User: Hanka.ADMIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68135442 bytes
->Google Chrome cache emptied: 352323166 bytes
->Opera cache emptied: 5448330 bytes
->Flash cache emptied: 61652 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Uzivatel
->Temp folder emptied: 58999198 bytes
->Temporary Internet Files folder emptied: 3014464 bytes
->Java cache emptied: 133367 bytes
->FireFox cache emptied: 70696447 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 21719300 bytes
->Flash cache emptied: 60720 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83812 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36113412 bytes
RecycleBin emptied: 521082254 bytes
Total Files Cleaned = 1 087,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Hanka
->Flash cache emptied: 0 bytes
User: Hanka.ADMIN
->Flash cache emptied: 0 bytes
User: Public
User: Uzivatel
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01312013_224701
Files\Folders moved on Reboot...
C:\Users\Uzivatel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}\ not found.
Prefs.js: "Funmoods" removed from browser.search.selectedEngine
Prefs.js: "http://searchfunmoods.com/?f=1&a=kno&ir=kno&cd=2XzuyEtN2Y1L1Qzu0FtD0D0E0FtC0D0A0ByE0DtA0A0B0D0AtN0D0Tzu0CtAzytBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1190233474" removed from browser.startup.homepage
Prefs.js: ffxtlbr@funmoods.com:1.5.1 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\META-INF folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content\images folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\2020Player_IKEA@2020Technologies.com\plugins folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\2020Player_IKEA@2020Technologies.com\META-INF folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\2020Player_IKEA@2020Technologies.com folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions folder moved successfully.
Folder C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\extensions\ffxtlbr@funmoods.com\ not found.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\SeaMonkey\Profiles\5k7j4tla.default\extensions folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\f02gkc6c.default\searchplugins\Funmoods.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}\ not found.
Use Chrome's Settings page to change the HomePage.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ deleted successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Office Excel\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\Drivers32 VIDC.ACDV not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.ACDV deleted successfully.
C:\Windows\SysNative\perfh005.dat moved successfully.
C:\Windows\SysNative\perfh009.dat moved successfully.
C:\Windows\SysNative\perfc005.dat moved successfully.
C:\Windows\SysNative\perfc009.dat moved successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
C:\Windows\SysNative\SET9D8A.tmp moved successfully.
C:\Windows\SysNative\SETA67B.tmp moved successfully.
C:\Windows\SysNative\SETA6DB.tmp moved successfully.
C:\Windows\SysNative\SETAA89.tmp moved successfully.
C:\Windows\SysNative\SETAB83.tmp moved successfully.
C:\Windows\SysNative\SETAE24.tmp moved successfully.
C:\Windows\SysNative\SETAE83.tmp moved successfully.
C:\Windows\SysNative\SETB2AD.tmp moved successfully.
C:\Windows\SysNative\SETB37A.tmp moved successfully.
C:\Windows\SysNative\SETBFA3.tmp moved successfully.
C:\Windows\SysNative\SETC639.tmp moved successfully.
C:\Windows\SysNative\SETFC83.tmp moved successfully.
C:\Users\Uzivatel\AppData\Local\{0441D02E-73F3-433E-B79D-05BE5635BCF4} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{0B1E3F40-8397-49DE-9EB9-DB957275561A} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{1DD4C00B-772C-45D5-B7BC-9D802D52ACFD} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{79B108DC-F664-45B6-A447-B6DEC30669D5} folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Funmoods\UpdateProc folder moved successfully.
C:\Users\Uzivatel\AppData\Roaming\Funmoods folder moved successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22\bh folder moved successfully.
C:\Program Files (x86)\Funmoods\1.5.23.22 folder moved successfully.
C:\Program Files (x86)\Funmoods folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{EC5B291D-D27A-4BBD-8CE3-56F80BB14F59} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{970E4483-7AB5-4E9D-92DF-7ACE0BD7BD4A} folder moved successfully.
C:\Users\Uzivatel\Desktop\RK_Quarantine folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{ED6D535C-79F4-48C4-B6F5-0B19A405F88F} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{370B13E3-ECDC-4010-A041-E6098DCF3E98} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{824BC989-2E10-459F-B696-CF1E7F56E7E5} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{98E32374-214A-44AB-881B-F7667EBB53BD} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{7793DC8D-425C-4F58-8B8B-66960E207FB6} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F75FC207-E5CE-476B-B271-5C59A6843C82} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{3079BEB8-4066-41B7-A8F7-8B53A4A33987} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{31024CF9-2ABD-4DAA-9723-80A7510FDB2B} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{01D43D32-1F84-4E18-90BC-527489BA9D5D} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{4AC65A99-764E-4BD3-B8DE-24D2C44DD96D} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{AD86FB87-4862-47E3-AEF1-B89A024F8E1A} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{0E5664A2-54B2-4AAC-83ED-A9152F2130A9} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{1FE34710-163A-4569-97D2-41C2DECE566A} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{ABE3B1FA-8371-44B3-8C3D-6EB8015C4A29} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{04E4CE9A-1B7A-4A0F-B63C-673A4ABFF966} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{47AFE9FC-543E-47F8-91F9-A64B2C1F2424} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F555198F-33CB-4251-91D4-18538811EBFC} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{36C193F8-1C50-4C46-876E-B60EAC5F61B7} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{72F01E0C-7867-4E1F-A611-701760330A1D} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{53C0B5C2-CFA7-4ED3-B073-D5D5D4A0309F} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F81E2C88-FB8B-4B42-931D-A96D7B5C56DB} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{23C1FB3D-9ABD-49C4-A52A-3D9B56C47BCF} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{91B501E3-D5A5-4A2F-AA42-851405E99996} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{8FA48A65-CBE8-4271-98E9-FCB5814274A3} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{F1B85CA8-809F-4E55-8622-F3F51727FE0E} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\{EF82276E-67CD-42EE-9715-100B710C1B26} folder moved successfully.
C:\Users\Uzivatel\AppData\Local\funmoods-speeddial_sf.crx moved successfully.
C:\Users\Uzivatel\AppData\Local\funmoods.crx moved successfully.
C:\ProgramData\P1210DEF.css moved successfully.
C:\Windows\SysWow64\cis-2.4.dll moved successfully.
C:\Windows\SysWow64\issacapi_bs-2.3.dll moved successfully.
C:\Windows\SysWow64\issacapi_pe-2.3.dll moved successfully.
C:\Windows\SysWow64\issacapi_se-2.3.dll moved successfully.
C:\Program Files (x86)\desktop.ini moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Hanka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Opera cache emptied: 2050698 bytes
->Flash cache emptied: 57133 bytes
User: Hanka.ADMIN
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 68135442 bytes
->Google Chrome cache emptied: 352323166 bytes
->Opera cache emptied: 5448330 bytes
->Flash cache emptied: 61652 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Uzivatel
->Temp folder emptied: 58999198 bytes
->Temporary Internet Files folder emptied: 3014464 bytes
->Java cache emptied: 133367 bytes
->FireFox cache emptied: 70696447 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 21719300 bytes
->Flash cache emptied: 60720 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83812 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36113412 bytes
RecycleBin emptied: 521082254 bytes
Total Files Cleaned = 1 087,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Hanka
->Flash cache emptied: 0 bytes
User: Hanka.ADMIN
->Flash cache emptied: 0 bytes
User: Public
User: Uzivatel
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01312013_224701
Files\Folders moved on Reboot...
C:\Users\Uzivatel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
Udělej ještě kontrolu svým antivirem a nahlaš zda něco našel.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
C:\Windows\Minidump---pošli někam na server obsah složky Minidump.
třeba sem:
http://leteckaposta.cz/
Stáhni si Memtest:
Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
třeba sem:
http://leteckaposta.cz/
Stáhni si Memtest:
Do políčka vlož největší velikost Tvé jednotlivé paměti RAM (256,512 nebo 1024,2048) dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
Je třeba zkontrolovat HDD na chyby , zkusit jeho defragmentaci ..
Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Trojan:JS/FrameRef
Ok.
Spusť OTL a klikni na Vyčisti.
UIdělej Memtest , CDI a pošli mi někam obsah Minidumpu.
Budu za chvíli končit..
Spusť OTL a klikni na Vyčisti.
UIdělej Memtest , CDI a pošli mi někam obsah Minidumpu.
Budu za chvíli končit..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 6 hostů