search

dragokas / hijackthis

A free utility that finds malware, adware and other security threats
http://hjt.sf.net
GNU General Public License v2.0
692 stars 109 forks source link

hijack log analisys request #90

Closed LukeLarry closed 4 years ago

LukeLarry commented 4 years ago

Hi evrybody, I have sometime a crazymovement on my acer 10 the mouse moves randomly and clicks until I disconnect my keyboard and a new windows appears in my firefox browser I hope you can find something in the following log. thank you Luca

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x32 Windows 8.1 (Home), 6.3.9600.19652, Service Pack: 0 Time: 10.04.2020 - 11:41 (UTC+02:00) Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410) Elevated: Yes Ran by: luca (group: Administrator) on SCUOLA, FirstRun: yes

Firefox: 75.0.0.7398 Internet Explorer: 11.0.9600.19036 Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes: Number | Path 1 C:\Program Files\Acer\AOP Framework\BackgroundAgent.exe 1 C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe 1 C:\Program Files\Acer\AOP Framework\acer\ccd.exe 1 C:\Program Files\Acer\Care Center\ACCStd.exe 1 C:\Program Files\Avira\Antivirus\avgnt.exe 1 C:\Program Files\Avira\Antivirus\avguard.exe 1 C:\Program Files\Avira\Antivirus\avshadow.exe 1 C:\Program Files\Avira\Antivirus\protectedservice.exe 1 C:\Program Files\Avira\Antivirus\sched.exe 1 C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe 1 C:\Program Files\Avira\Launcher\Avira.Systray.exe 1 C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe 1 C:\Program Files\Avira\Security\Avira.Spotlight.Service.exe 1 C:\Program Files\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe 1 C:\Program Files\Avira\VPN\Avira.VpnService.exe 1 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 9 C:\Program Files\Mozilla Firefox\firefox.exe 1 C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe 1 C:\Program Files\Windows Media Player\wmpnetwk.exe 1 C:\Users\luca\Downloads\HiJackThis(1).exe 1 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 1 C:\Windows\System32\DptfParticipantProcessorService.exe 1 C:\Windows\System32\DptfPolicyCriticalService.exe 1 C:\Windows\System32\DptfPolicyLpmService.exe 1 C:\Windows\System32\SearchIndexer.exe 2 C:\Windows\System32\WUDFHost.exe 1 C:\Windows\System32\audiodg.exe 1 C:\Windows\System32\cmd.exe 3 C:\Windows\System32\conhost.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\dasHost.exe 1 C:\Windows\System32\dwm.exe 1 C:\Windows\System32\igfxCUIService.exe 1 C:\Windows\System32\igfxEM.exe 1 C:\Windows\System32\igfxHK.exe 1 C:\Windows\System32\igfxTray.exe 1 C:\Windows\System32\lsass.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\spoolsv.exe 11 C:\Windows\System32\svchost.exe 1 C:\Windows\System32\taskhostex.exe 1 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\System32\wlanext.exe 1 C:\Windows\explorer.exe

O4 - HKCU..\StartupApproved\StartupFolder: C:\Users\luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr (2018/06/08) O4 - HKLM..\Run: [Avira System Speedup User Starter] = C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe O4 - HKLM..\Run: [Avira SystrayStartTrigger] = C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe O8 - Context menu item: HKCU..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE (file missing) O8 - Context menu item: HKCU..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll (file missing) O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google) O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google) O17 - HKLM\System\CCS\Services\Tcpip..{9CFF5B8F-237C-4F0C-9960-A49B6ECB3B6B}: [NameServer] = 8.8.4.4 (Well-known DNS: Google) O17 - HKLM\System\CCS\Services\Tcpip..{9CFF5B8F-237C-4F0C-9960-A49B6ECB3B6B}: [NameServer] = 8.8.8.8 (Well-known DNS: Google) O23 - Service R2: Avira Optimizer Host - (AviraOptimizerHost) - C:\Program Files\Avira\Optimizer Host\Avira.OptimizerHost.exe O23 - Service R2: Avira Phantom VPN - (AviraPhantomVPN) - C:\Program Files\Avira\VPN\Avira.VpnService.exe O23 - Service R2: Avira Pianificatore - (AntiVirSchedulerService) - C:\Program Files\Avira\Antivirus\sched.exe O23 - Service R2: Avira Protezione in tempo reale - (AntiVirService) - C:\Program Files\Avira\Antivirus\avguard.exe O23 - Service R2: Avira Security - (AviraSecurity) - C:\Program Files\Avira\Security\Avira.Spotlight.Service.exe O23 - Service R2: Avira Service Host - (Avira.ServiceHost) - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe O23 - Service R2: Avira Servizio protetto - (AntivirProtectedService) - C:\Program Files\Avira\Antivirus\ProtectedService.exe O23 - Service R2: Avira Updater Service - (AviraUpdaterService) - C:\Program Files\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe O23 - Service R2: BTDevManager - C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe O23 - Service R2: CCDMonitorService - C:\Program Files\Acer\AOP Framework\CCDMonitorService.exe O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\windows\system32\diagtrack.dll O23 - Service R2: Intel(R) Dynamic Platform & Thermal Framework Critical Service Application - (DptfPolicyCriticalService) - C:\windows\system32\DptfPolicyCriticalService.exe O23 - Service R2: Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application - (DptfPolicyLpmService) - C:\windows\system32\DptfPolicyLpmService.exe O23 - Service R2: Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application - (DptfParticipantProcessorService) - C:\windows\system32\DptfParticipantProcessorService.exe O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\windows\system32\igfxCUIService.exe O23 - Service S2: Avira Protezione email - (AntiVirMailService) - C:\Program Files\Avira\Antivirus\avmailc7.exe O23 - Service S2: Avira Protezione web - (AntiVirWebService) - C:\Program Files\Avira\Antivirus\avwebg7.exe O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\windows\system32\IntelCpHeciSvc.exe O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service S3: User Experience Improvement Program - (UEIPSvc) - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

-- End of file - Time spent: 76 sec. - 13788 bytes, CRC32: FFFFFFFF. Sign: 渿甬

dragokas commented 4 years ago

Hi, thank you for the log. If you need our assistance:

Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics. Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.

dragokas commented 4 years ago

Closed. Reason: no answer for 10 days. If you still need our help, please, execute tha last steps, requested by helper. Also, download again AutoLogger, prepare new CollectionLog and write what problems remained.