rolování oken Vyřešeno

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

bara1317
Level 1
Level 1
Příspěvky: 62
Registrován: listopad 17
Pohlaví: Žena
Stav:
Offline

Re: rolování oken

Příspěvekod bara1317 » 16 lis 2017 00:14

Neměla jsem to spustit jako správce? (hláška: Unable to save new HOSTS file)

Reklama
bara1317
Level 1
Level 1
Příspěvky: 62
Registrován: listopad 17
Pohlaví: Žena
Stav:
Offline

Re: rolování oken

Příspěvekod bara1317 » 16 lis 2017 00:16

A ještě jeden dotaz - dá se zjistit, čím to rolování bylo způsobeno? Pro případ, že se to objeví někdy znovu...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: rolování oken

Příspěvekod jaro3 » 16 lis 2017 09:07

Ten script zkus znovu a spusťit OTL jako správce.

-určit se to asi přesně nedá , jen po jakém nástroji to přestalo a pak zkoumat výpis logu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bara1317
Level 1
Level 1
Příspěvky: 62
Registrován: listopad 17
Pohlaví: Žena
Stav:
Offline

Re: rolování oken

Příspěvekod bara1317 » 16 lis 2017 10:49

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE05ADCA-C6D7-41AF-B640-890F5F15D3ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE05ADCA-C6D7-41AF-B640-890F5F15D3ED}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AE05ADCA-C6D7-41AF-B640-890F5F15D3ED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE05ADCA-C6D7-41AF-B640-890F5F15D3ED}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=11.151.2\ not found.
File C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2\ not found.
File C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ not found.
File C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@unity3d.com/UnityPlayer64,version=1.0\ not found.
File C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\adobe.com/AdobeAAMDetect\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater\ not found.
File C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0\ not found.
File C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nvidia.com/3DVision\ not found.
File C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming\ not found.
File C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ not found.
File C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ not found.
File C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ not found.
File C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\PDF Architect 5\ not found.
File C:\Program Files (x86)\PDF Architect 5\np-previewer.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\jpl.nasa.gov/NASAEyes\ not found.
File C:\Users\barbara\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll not found.
File C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0 not found.
C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0\_metadata folder moved successfully.
C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.6_0 folder moved successfully.
C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\_metadata folder moved successfully.
C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0 folder moved successfully.
File C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp\1.5.3_0 not found.
File C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_1 not found.
File C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_1 not found.
File C:\Users\barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6217.911.0.3_1 not found.
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
Unable to save new HOSTS file
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Převést &webovou stránku do Adobe PDF\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Převést cíl vazby do Adobe PDF\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Přidat webovou stránku do existujícího PDF\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Připojit cíl vazby &k existujícímu PDF\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Převést &webovou stránku do Adobe PDF\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Převést cíl vazby do Adobe PDF\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Přidat webovou stránku do existujícího PDF\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Připojit cíl vazby &k existujícímu PDF\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMF_ActionCenterDownloader.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMF_ActionCenterDownloader.exe\ not found.
File C:\WINDOWS\assembly\Desktop.ini not found.
File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\WINDOWS\system32\DUMP*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\WINDOWS\System32\drivers\*.tmp not found.
File\Folder C:\Program Files\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\ProgramData\Spybot - Search & Destroy not found.
File\Folder C:\Program Files (x86)\Spybot - Search & Destroy 2 not found.
File\Folder C:\Users\barbara\AppData\Local\FSDART not found.
File\Folder C:\Users\barbara\AppData\Local\F-Secure not found.
File\Folder C:\ProgramData\F-Secure not found.
C:\ProgramData\DP45977C.lfl moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: barbara
->Temp folder emptied: 1090585 bytes
->Temporary Internet Files folder emptied: 1078268 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 11422085 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11162017_104101

Files\Folders moved on Reboot...
C:\Users\barbara\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\barbara\AppData\Local\Temp\ws_Crypto_20171116_0.log moved successfully.
C:\Users\barbara\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43054
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: rolování oken

Příspěvekod jaro3 » 16 lis 2017 16:34

asi už tam není.

Spusť OTL a klikni na Vyčisti.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt
Další odkazy:
http://ccm.net/download/download-24087-delfix
https://www.bleepingcomputer.com/download/delfix/

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

bara1317
Level 1
Level 1
Příspěvky: 62
Registrován: listopad 17
Pohlaví: Žena
Stav:
Offline

Re: rolování oken  Vyřešeno

Příspěvekod bara1317 » 16 lis 2017 23:22

# DelFix v1.013 - Logfile created 16/11/2017 at 23:19:58
# Updated 17/04/2016 by Xplode
# Username : barbara - LENOVOBA
# Operating System : Windows 8.1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\zoek-results.log
Deleted : C:\Users\barbara\Desktop\Extras.Txt
Deleted : C:\Users\barbara\Desktop\Fixlog.txt
Deleted : C:\Users\barbara\Desktop\FRST64.exe
Deleted : C:\Users\barbara\Desktop\JRT.txt
Deleted : C:\Users\barbara\Desktop\HJT_1.pdf
Deleted : C:\Users\barbara\Desktop\HJT_2.pdf
Deleted : C:\Users\barbara\Desktop\OTL.Txt
Deleted : C:\Users\barbara\Desktop\OTL.exe
Deleted : C:\Users\barbara\Desktop\zoek.rar
Deleted : C:\Users\barbara\Downloads\Addition.txt
Deleted : C:\Users\barbara\Downloads\AdwCleaner.exe
Deleted : C:\Users\barbara\Downloads\FRST.txt
Deleted : C:\Users\barbara\Downloads\JRT.exe
Deleted : C:\Users\barbara\Downloads\HiJackThis.exe
Deleted : C:\Users\barbara\Downloads\hijackthis.log
Deleted : C:\Users\barbara\Downloads\OTL.exe
Deleted : C:\Users\barbara\Downloads\RogueKiller_portable64 (1).exe
Deleted : C:\Users\barbara\Downloads\RogueKiller_portable64.exe
Deleted : C:\Users\barbara\Downloads\TFC.exe
Deleted : C:\Users\barbara\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #133 [Scheduled Checkpoint | 11/15/2017 13:12:38]

New restore point created !

########## - EOF - ##########


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 16 hostů