Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log HijackThis

Log HijackThis Opzioni
Topic Precedente · Topic Sucessivo
mcbua
Inviato: Friday, September 18, 2020 7:15:14 PM
Rank: Member

Iscritto dal : 4/11/2005
Posts: 2
Ciao a tutti posso chiedere aiuto per interpretare il log di HijackThis?

Firefox: 80.0.1.7548
Internet Explorer: 11.0.9600.19597
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
7 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
2 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1 C:\Program Files\Microsoft Security Client\NisSrv.exe
1 C:\Program Files\Microsoft Security Client\msseces.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
2 C:\Users\Maria\Desktop\Applicazioni\HiJackThis.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxext.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_201\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_201\bin\ssv.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [HotKeysCmds] = C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [MSC] = c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey
O4 - HKLM\..\Run: [Persistence] = C:\Windows\system32\igfxpers.exe
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk [backup] => C:\Program Files\McAfee Security Scan\3.11.1924\SSScheduler.exe (2020/09/17) (file missing)
O4 - MSConfig\startupfolder: C:^Users^Maria^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration THE SETTLERS - L'Eredità dei Re.LNK [backup] => (lnk is corrupted) (2019/08/04) (file missing)
O4 - MSConfig\startupreg: CCleaner Smart Cleaning [command] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (HKCU) (2020/05/13)
O4 - MSConfig\startupreg: Dropbox [command] = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup (HKLM) (2019/08/04) (file missing)
O4 - MSConfig\startupreg: GoogleDriveSync [command] = C:\Program Files\Google\Drive\googledrivesync.exe /autostart (HKCU) (2019/08/04)
O4 - MSConfig\startupreg: cacaoweb [command] = C:\Users\Maria\AppData\Roaming\cacaoweb\cacaoweb.exe -noplayer (HKCU) (2020/05/13)
O4 - MSConfig\startupreg: iTunesHelper [command] = C:\Program Files\iTunes\iTunesHelper.exe (HKLM) (2019/08/04)
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O17 - DHCP DNS 1: 213.205.32.70
O17 - DHCP DNS 2: 213.205.36.70
O21 - HKLM\..\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted: Google Drive Shell extension - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - C:\Program Files\Google\Drive\googledrivesync64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ GoogleDriveSynced: Google Drive Shell extension - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - C:\Program Files\Google\Drive\googledrivesync64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ GoogleDriveSyncing: Google Drive Shell extension - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - C:\Program Files\Google\Drive\googledrivesync64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run (Microsoft)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task: (disabled) McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare (file missing)
O22 - Task: (disabled) Synaptics TouchPad Enhancements - \Program Files\Synaptics\SynTP\SynTPEnh.exe
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance (Microsoft)
O22 - Task: (update) \Microsoft\Windows\End Of Support\Notify1 - C:\Windows\system32\sipnotify.exe -LogonOrUnlock (Microsoft)
O22 - Task: (update) \Microsoft\Windows\End Of Support\Notify2 - C:\Windows\system32\sipnotify.exe -Daily (Microsoft)
O22 - Task: (update) \Microsoft\Windows\Setup\EOSNotify - C:\Windows\system32\EOSNotify.exe (Microsoft)
O22 - Task: (update) \Microsoft\Windows\Setup\EOSNotify2 - C:\Windows\system32\EOSNotify.exe -Daily (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_433_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: Driver Booster SkipUAC (Maria) - C:\Program Files (x86)\IObit\Driver Booster\4.4.0\DriverBooster.exe /skipuac (file missing)
O22 - Task: EasyDisplayMgr - C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe /runassvc
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
O23 - Service S2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Servizio iPod - (iPod Service) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
Torna in alto
 
Sponsor
Inviato: Friday, September 18, 2020 7:15:14 PM

 
Torna in alto
 
wolfestein
Inviato: Friday, September 18, 2020 10:13:09 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,785
Nell'attesa dell'amico cbbusto qualche consiglio:
Apri CCleaner/Strumenti/Avvio,disattiva questi servizi non essenziali.
O4 - MSConfig\startupfolder: C:^Users^Maria^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration THE SETTLERS - L'Eredità dei
O4 - MSConfig\startupreg: CCleaner Smart Cleaning [command] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (HKCU) (2020/05/13)
O4 - MSConfig\startupreg: Dropbox [command] = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup (HKLM) (2019/08/04) (file missing)
O4 - MSConfig\startupreg: GoogleDriveSync [command] = C:\Program Files\Google\Drive\googledrivesync.exe /autostart (HKCU) (2019/08/04)
O4 - MSConfig\startupreg: cacaoweb [command] = C:\Users\Maria\AppData\Roaming\cacaoweb\cacaoweb.exe -noplayer (HKCU) (2020/05/13)
O4 - MSConfig\startupreg: iTunesHelper [command] = C:\Program Files\iTunes\iTunesHelper.exe (HKLM) (2019/08/04)
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Inoltre lancia HijackThis e Fixa questa riga:
Files\McAfee Security Scan\3.11.1924\SSScheduler.exe (2020/09/17) (file missing)
Re.LNK [backup] => (lnk is corrupted) (2019/08/04) (file missing)
Non specifici il sistema operativo ma se hai W8.1 o W10 disinstalla Avast che è un mattone con il suo tool Windows Defender è più che sufficiente.
https://www.avast.com/it-it/uninstall-utility
Altra cosa disinstalla Cacaoweb è un nido di trojan e fai una scansione con ADWCleaner.
Buon Weekend Maria.
P.S.Il computer è un portatile?
Benvenuta su Aiutamici.
Torna in alto
 
mcbua
Inviato: Friday, September 18, 2020 11:16:30 PM
Rank: Member

Iscritto dal : 4/11/2005
Posts: 2
Si è un portatile che spero non mi abbandoni da un momento all'altro. Ti ringrazio davvero per la tua gentilezza.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log HijackThis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.