Problematické chování PC, poshukach Vyřešeno
Napsal: 23 čer 2021 22:48
Dobrý den,
prosím o kontrolu logů a eventuální pomoc s řešením. V prohlížeči se mi objevil vyhledávač poshukach a s počítačem začaly být problémy: kromě obecného zpomalení se při restartu zacyklí na startovací sekvenci, pokud manuálně neotevřu startovací nabídku a nedám Spustit systém obvyklým způsobem, plus mi PS odmítá otevírat soubory. Na základě podobných témat jsem počítač prohnala ATF Cleanerem, TFC, AdwCleanerem a Malwarebytes. Přikládám logy z HJT i obou dalších programů:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:14, on 23.6.2021
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19597)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\Desktop\adwcleaner_8.2.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera_crashreporter.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Users\Charlie\AppData\Local\Temp\scoped_dir3400_527113872\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=v ... 27__190127
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Opera Browser Assistant] C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Discord] C:\Users\Charlie\AppData\Local\Discord\Update.exe --processStart Discord.exe --process-start-args --start-minimized
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: BackupRemind.lnk = C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe
O4 - Global Startup: Killer Network Manager.lnk = C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Killer Service V2 - Rivet Networks - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe (file missing)
--
End of file - 11063 bytes
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2021
# Duration: 00:00:49
# OS: Windows 7 Professional
# Scanned: 31985
# Detected: 15
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\ProgramData\iwin games
PUP.Optional.Legacy C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iwin games
PUP.Optional.Legacy C:\Users\Charlie\AppData\Roaming\iWin
PUP.Optional.Legacy C:\Users\Public\Documents\iWin
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.WildTangentGamesBundle File C:\Users\Charlie\Desktop\Jewel Quest Solitaire.lnk
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Malwarebytes
http://www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 23.06.21
Čas skenování: 22:13
Logovací soubor: 7eba4baa-d45f-11eb-8cc1-4ccc6a61ad3f.json
-Informace o softwaru-
Verze: 4.4.0.117
Verze komponentů: 1.0.1344
Aktualizovat verzi balíku komponent: 1.0.42145
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: THE-BEAST\Charlie
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 270559
Zjištěné hrozby: 4
Hrozby umístěné do karantény: 0
Uplynulý čas: 7 min, 22 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 4
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, Žádná uživatelská akce, 385, 359410, 1.0.42145, , ame, , 23A44D11917C4803DE9BAFEE6CAB1857, 3CE8E46087BA92AB00B37B1C9C2F6EA3BF4BB28847C7B3B6C19BBEB8D7552ADD
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, Žádná uživatelská akce, 385, 359410, 1.0.42145, , ame, , 0EF13D32B72849914764308556741681, FAB153114BFAA474ABB8A02D8A9CFD2EFF23B0C8AA5CEC9DDD092FC193EFF43E
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage, Žádná uživatelská akce, 385, 359416, 1.0.42145, , ame, , 21F0E140585136AE0C73ED8A51198D13, 506CC76AF83D145AF35D4178EBC9FB22C21C278D7BF35F86D6185FCFE95764B7
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage-journal, Žádná uživatelská akce, 385, 359416, 1.0.42145, , ame, , 4E7FCEF6C84B40AC9CDE888334B1A949, CDDE3761E0A422310732104AF87A4FE681AC7C44A8535B7A2667B537358A8DEE
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
WMI: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Za jakoukoliv pomoc předem děkuji.
prosím o kontrolu logů a eventuální pomoc s řešením. V prohlížeči se mi objevil vyhledávač poshukach a s počítačem začaly být problémy: kromě obecného zpomalení se při restartu zacyklí na startovací sekvenci, pokud manuálně neotevřu startovací nabídku a nedám Spustit systém obvyklým způsobem, plus mi PS odmítá otevírat soubory. Na základě podobných témat jsem počítač prohnala ATF Cleanerem, TFC, AdwCleanerem a Malwarebytes. Přikládám logy z HJT i obou dalších programů:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:14, on 23.6.2021
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19597)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\AppData\Local\Discord\app-1.0.9002\Discord.exe
C:\Users\Charlie\Desktop\adwcleaner_8.2.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera_crashreporter.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Opera\77.0.4054.90\opera.exe
C:\Users\Charlie\AppData\Local\Temp\scoped_dir3400_527113872\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=v ... 27__190127
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Opera Browser Assistant] C:\Program Files (x86)\Opera\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Discord] C:\Users\Charlie\AppData\Local\Discord\Update.exe --processStart Discord.exe --process-start-args --start-minimized
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: BackupRemind.lnk = C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Addins\AndroidBackupRestore\BackupRemind.exe
O4 - Global Startup: Killer Network Manager.lnk = C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Killer Service V2 - Rivet Networks - C:\Program Files\Killer Networking\Network Manager\KillerService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Unknown owner - C:\Program Files (x86)\Wondershare\dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe (file missing)
--
End of file - 11063 bytes
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 06-23-2021
# Duration: 00:00:49
# OS: Windows 7 Professional
# Scanned: 31985
# Detected: 15
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy C:\ProgramData\iwin games
PUP.Optional.Legacy C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iwin games
PUP.Optional.Legacy C:\Users\Charlie\AppData\Roaming\iWin
PUP.Optional.Legacy C:\Users\Public\Documents\iWin
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
PUP.Optional.Legacy HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}
PUP.Optional.Legacy HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
PUP.Optional.WebCompanion HKCU\Software\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKLM\Software\Wow6432Node\Lavasoft\Web Companion
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
PUP.Optional.WebCompanion HKU\.DEFAULT\Software\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\SOFTWARE\Mozilla\NativeMessagingHosts\com.webcompanion.native
PUP.Optional.WebCompanion HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.WildTangentGamesBundle File C:\Users\Charlie\Desktop\Jewel Quest Solitaire.lnk
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Malwarebytes
http://www.malwarebytes.com
-Podrobnosti logovacího souboru-
Datum skenování: 23.06.21
Čas skenování: 22:13
Logovací soubor: 7eba4baa-d45f-11eb-8cc1-4ccc6a61ad3f.json
-Informace o softwaru-
Verze: 4.4.0.117
Verze komponentů: 1.0.1344
Aktualizovat verzi balíku komponent: 1.0.42145
Licence: Zkušební
-Systémová informace-
OS: Windows 7 Service Pack 1
CPU: x64
Systém souborů: NTFS
Uživatel: THE-BEAST\Charlie
-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 270559
Zjištěné hrozby: 4
Hrozby umístěné do karantény: 0
Uplynulý čas: 7 min, 22 sek
-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Detekovat
Potenciálně nežádoucí modifikace: Detekovat
-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)
Modul: 0
(Nebyly zjištěny žádné škodlivé položky)
Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)
Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)
Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)
Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)
Soubor: 4
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage, Žádná uživatelská akce, 385, 359410, 1.0.42145, , ame, , 23A44D11917C4803DE9BAFEE6CAB1857, 3CE8E46087BA92AB00B37B1C9C2F6EA3BF4BB28847C7B3B6C19BBEB8D7552ADD
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_search.newtabtvsearch.com_0.localstorage-journal, Žádná uživatelská akce, 385, 359410, 1.0.42145, , ame, , 0EF13D32B72849914764308556741681, FAB153114BFAA474ABB8A02D8A9CFD2EFF23B0C8AA5CEC9DDD092FC193EFF43E
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage, Žádná uživatelská akce, 385, 359416, 1.0.42145, , ame, , 21F0E140585136AE0C73ED8A51198D13, 506CC76AF83D145AF35D4178EBC9FB22C21C278D7BF35F86D6185FCFE95764B7
PUP.Optional.NewTabTV, C:\USERS\CHARLIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_newtabtv.com_0.localstorage-journal, Žádná uživatelská akce, 385, 359416, 1.0.42145, , ame, , 4E7FCEF6C84B40AC9CDE888334B1A949, CDDE3761E0A422310732104AF87A4FE681AC7C44A8535B7A2667B537358A8DEE
Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)
WMI: 0
(Nebyly zjištěny žádné škodlivé položky)
(end)
Za jakoukoliv pomoc předem děkuji.