Analisi Logfile di Hijacktis - wirgilio - 04/01/2020
Buona sera! Per favore, mi potete verificare se ci sono dei problemi di sicurezza nel mio pc. Grazie e saluti.
Codice: Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x32 Windows 10 (Home), 10.0.18363.535 (ReleaseId: 1909), Service Pack: 0
Time: 03.01.2020 - 18:25 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: walter (group: Administrator) on WALTER-PC, FirstRun: yes
Chrome: 79.0.3945.88
Firefox: 71.0.0.7275
Edge: 11.0.18362.476
Internet Explorer: 11.535.18362.0
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files\Autorun Organizer\AutorunOrganizer.exe
1 C:\Program Files\Autorun Organizer\StartupCheckingService.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\CCleaner\CCleaner.exe
1 C:\Program Files\CONEXANT\Flow\Flow.exe
1 C:\Program Files\CONEXANT\SA3\HP-NB-AIO\SmartAudio3.exe
1 C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe
1 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
1 C:\Program Files\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
1 C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
1 C:\Program Files\Google\Update\1.3.35.422\GoogleCrashHandler.exe
1 C:\Program Files\Intel Driver and Support Assistant\DSAService.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Macrium\Common\ReflectMonitor.exe
1 C:\Program Files\Macrium\Common\ReflectUI.exe
1 C:\Program Files\MemoRex\MemoRex.exe
1 C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
1 C:\Program Files\NETGEAR\WNA1100\jswpbapi.exe
1 C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
1 C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
1 C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x86__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x86__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x86__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19112.111.0_x86__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\Wondershare\WAF\2.4.3.236\WsAppService.exe
1 C:\Program Files\iPod\bin\iPodService.exe
1 C:\Program Files\iTunes\iTunesHelper.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
1 C:\Users\walter\Downloads\Nuova cartella\HiJackThis.exe
1 C:\Windows\CxSvc\CxAudioSvc.exe
1 C:\Windows\CxSvc\CxUtilSvc.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2 C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_x86_772bc7bcc8c1c0c4\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_x86_772bc7bcc8c1c0c4\IntelCpHeciSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_x86_772bc7bcc8c1c0c4\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh.inf_x86_772bc7bcc8c1c0c4\igfxEM.exe
1 C:\Windows\System32\MicTray.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
27 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [SearchAssistant] = www.google.com
O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
O2 - HKLM\..\BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [XperiaCompanionAgent] = C:\Program Files\Sony\Xperia Companion\XperiaCompanionAgent.exe
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner.exe /MONITOR (2018/09/23)
O4 - HKLM\..\Run: [MemoREX] = C:\Program Files\MemoRex\MemoRexStart.exe
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\StartupApproved\Run: [CanonQuickMenu] = C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE /logon (2019/04/04)
O4 - HKLM\..\StartupApproved\Run: [Reflect UI] = C:\Program Files\Macrium\Common\ReflectUI.exe (2019/04/04)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk -> C:\Program Files\NETGEAR\WNA1100\WNA1100.exe (2019/04/04)
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft)
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - User Startup: C:\Users\walter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MemoRex.lnk -> C:\Program Files\MemoRex\MemoRexStart.exe
O5 - HKCU\Control Panel\don't load: [RTSndMgr.cpl] (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver: (default) = C:\Windows\system32\GPhotos.scr
O15 - Trusted Zone: *.localhost
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Apple Mobile Device - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: Canon Inkjet Printer/Scanner/Fax Extended Survey Program - (IJPLMSVC) - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service R2: Chemtable Startup Checking - C:\Program Files\Autorun Organizer\StartupCheckingService.exe
O23 - Service R2: CxAudioSvc - C:\WINDOWS\CxSvc\CxAudioSvc.exe
O23 - Service R2: CxUtilSvc - C:\WINDOWS\CxSvc\CxUtilSvc.exe
O23 - Service R2: Digital Wave Update Service - (DigitalWave.Update.Service) - C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh.inf_x86_772bc7bcc8c1c0c4\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files\Intel Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh.inf_x86_772bc7bcc8c1c0c4\igfxCUIService.exe
O23 - Service R2: Italy Canon IJ Scan Utility register event - (CIJSRegister) - C:\Program Files\Canon\IJ Scan Utility\SETEVENT.exe
O23 - Service R2: JumpStart Push-Button Service - (jswpbapi) - C:\Program Files\NETGEAR\WNA1100\jswpbapi.exe
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: Servizio Xperia Companion - (XperiaCompanionService) - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
O23 - Service R2: UMVPFSrv - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service R2: WSWNA1100 - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files\Wondershare\WAF\2.4.3.236\WsAppService.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh.inf_x86_772bc7bcc8c1c0c4\IntelCpHeciSvc.exe
O23 - Service R3: Servizio iPod - (iPod Service) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service S2: Intel(R) Common Connectivity Framework - (STCServ) - C:\Program Files\Intel\STCServ\STCServ.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service S3: Google Updater Service - (gusvc) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: JumpStart Wi-Fi Protected Setup - (jswpsapi) - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service S3: Logitech Bluetooth Service - (LBTServ) - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: ServiceLayer - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O26 - Debugger: HKLM\..\adb.exe: [Debugger] = C:\WINDOWS\system32\systray.exe
O26 - Debugger: HKLM\..\dlltool.exe: [Debugger] = C:\WINDOWS\system32\systray.exe
O26 - Debugger: HKLM\..\dllwrap.exe: [Debugger] = C:\WINDOWS\system32\systray.exe
O26 - Debugger: HKLM\..\luadrocks-admin.exe: [Debugger] = C:\WINDOWS\system32\systray.exe
RE: Analisi Logfile di Hijacktis - rage75 - 04/01/2020
Non mi sembra di vedere nulla di grave, le voci che di solito sono più a rischio, ovvero BHO ,Toolbar e Service F(programmi autoavviati) non sono presenti, meglio così.
Hai un programma del gruppo Wondershare, non è proprio il massimo......
Citazione:Ti faccio presente comunque che HijackThis non è più supportato se non da sviluppatori indipendenti e la versione attuale è ormai vecchia e quindi non aggiornata contro le attuali minacce.
Ti consiglio Adwcleaner (basato sul Database aggiornato di AntiMalwarebites), è un file .exe e non necessita di installazione, trova, mostra e se tu vuoi elimina in automatico ogni minaccia.
Giusto per farti un esempio l'ho appena lanciato nel mio PC, mi ha trovato 15 minacce, 1 era un programma senza certificato e l'ho lasciata, 12 erano semplici chiavi di registro di vecchi Programmi e le ho eliminate, ma una invece era un Miner!
RE: Analisi Logfile di Hijacktis - wirgilio - 04/01/2020
Grazie rage75! Uso Adwcleaner regolarmente ma ho voluto provare anche HijackThis per ulteriore verifica. Saluti
|