Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hijackthis Log Analyzer #76

Closed
Woofer8878 opened this issue Jul 15, 2019 · 2 comments
Closed

Hijackthis Log Analyzer #76

Woofer8878 opened this issue Jul 15, 2019 · 2 comments
Labels

Comments

@Woofer8878
Copy link

Just would like to have this reviewed by an expert. Thanks!

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.19

Platform: x64 Windows 10 (Pro), 10.0.17763.557 (ReleaseId: 1809), Service Pack: 0
Time: 15.07.2019 - 13:04 (UTC-06:00)
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: Doggo (group: Administrator) on DOG, FirstRun: yes

Chrome: 75.0.3770.100
Edge: 11.0.17763.557
Internet Explorer: 11.0.17763.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
4 C:\Program Files (x86)\Battle.net\Battle.net.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
1 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
2 C:\Program Files (x86)\Dropbox\Client\76.4.126\QtWebEngineProcess.exe
3 C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
1 C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
20 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Gyazo\GyStation.exe
1 C:\Program Files (x86)\Origin\OriginWebHelperService.exe
1 C:\Program Files (x86)\PureVPN\PureVPNService.exe
1 C:\Program Files (x86)\Steam\Steam.exe
5 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
1 C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
1 C:\Program Files\Logitech Gaming Software\LCore.exe
1 C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.48.51.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.16510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19061.410.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\ProgramData\Battle.net\Agent\Agent.6732\Agent.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
4 C:\Users\ggshe\AppData\Local\Discord\app-0.0.305\Discord.exe
1 C:\Users\ggshe\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\ggshe\AppData\Roaming\Telegram Desktop\Telegram.exe
1 C:\Users\ggshe\Desktop\HiJackThis.exe
1 C:\Windows\SysWOW64\vmnat.exe
1 C:\Windows\SysWOW64\vmnetdhcp.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\DbxSvc.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
81 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
1 F:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
1 F:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
1 F:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_cigdxjtnqwo_18_44_01&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0DyDyD0E0AyByC0E0DtCyCyE0F0DtN0D0Tzu0StByEzytAtN1L2XzuyEtFtBzztFtDtFzzzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0EyE0DyDyDtA0BtGtBtA0BtBtGyB0D0AtAtGyC0D0D0EtG0EyCyEyCtDtByDtAyD0DyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE1Szz1StD1RyCyCtG1Rzy1SyDtGyEtDyEzytGzyyDzy1RtG1TtBtBtAzyyD1RzyyDyCzytA2QtN0A0LzutDtN1B2Z1V1T1S1NzutCzyyDzytCtN1Q2Z1B1P1RzutCyDyEtDzztBtBtAtCzz%26cr%3D566195545%26a%3Dbgy_cigdxjtnqwo_18_44_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{518b33ae-375d-712d-6742-d1fe0400268d}: [SuggestionsURL] = https://ie.search.yahoo.com/os?appid=fes&command={searchTerms} - Yahoo! Powered Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes{518b33ae-375d-712d-6742-d1fe0400268d}: [URL] = https://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=bgy_cigdxjtnqwo_18_44_01&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dwingy%26cd%3D2XzuyEtN2Y1L1Qzu0EtD0DyDyD0E0AyByC0E0DtCyCyE0F0DtN0D0Tzu0StByEzytAtN1L2XzuyEtFtBzztFtDtFzzzztN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StA0EyE0DyDyDtA0BtGtBtA0BtBtGyB0D0AtAtGyC0D0D0EtG0EyCyEyCtDtByDtAyD0DyCyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE1Szz1StD1RyCyCtG1Rzy1SyDtGyEtDyEzytGzyyDzy1RtG1TtBtBtAzyyD1RzyyDyCzytA2QtN0A0LzutDtN1B2Z1V1T1S1NzutCzyyDzytCtN1Q2Z1B1P1RzutCyDyEtDzztBtBtAtCzz%26cr%3D566195545%26a%3Dbgy_cigdxjtnqwo_18_44_01%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms} - Yahoo! Powered Search
O2 - HKLM..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O2-32 - HKLM..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll
O2-32 - HKLM..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll
O4 - HKCU..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU..\Run: [Discord] = C:\Users\ggshe\AppData\Local\Discord\app-0.0.305\Discord.exe
O4 - HKCU..\Run: [Gyazo] = C:\Program Files (x86)\Gyazo\GyStation.exe
O4 - HKCU..\Run: [HOTS Logs Uploader] = C:\Users\ggshe\Downloads\HOTS Logs Uploader.exe
O4 - HKCU..\Run: [OneDrive] = C:\Users\ggshe\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU..\Run: [Skype for Desktop] = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
O4 - HKCU..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKLM..\Run: [Launch LCore] = C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
O4 - HKLM..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - User Startup: C:\Users\ggshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk -> C:\Users\ggshe\AppData\Roaming\Telegram Desktop\Telegram.exe -autostart
O4-32 - HKLM..\Run: [Discord] = C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
O4-32 - HKLM..\Run: [Dropbox] = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup
O4-32 - HKLM..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM..\Run: [vmware-tray.exe] = F:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\vsocklib.dll
O17 - DHCP DNS 1: 192.168.2.1
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O21-32 - HKLM..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.0.dll
O22 - Task (.job): (Not scheduled) DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
O22 - Task (.job): (Not scheduled) DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
O23 - Service R2: DbxSvc - C:\WINDOWS\system32\DbxSvc.exe
O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\system32\ibtsiva.exe
O23 - Service R2: Logitech Gaming Registry Service - (LogiRegistryService) - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service R2: Microsoft Office Click-to-Run Service - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service R2: PureVPN Service - (PureVPNService) - C:\Program Files (x86)\PureVPN\PureVPNService.exe
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: VMware Authorization Service - (VMAuthdService) - F:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service R2: VMware DHCP Service - (VMnetDHCP) - C:\WINDOWS\SysWOW64\vmnetdhcp.exe
O23 - Service R2: VMware NAT Service - C:\WINDOWS\SysWOW64\vmnat.exe
O23 - Service R2: VMware USB Arbitration Service - (VMUSBArbService) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service R2: VMware Workstation Server - (VMwareHostd) - F:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -u "C:\ProgramData\VMware\hostd\config.xml"
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S2: Dropbox Update Service (dbupdate) - (dbupdate) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: Dropbox Update Service (dbupdatem) - (dbupdatem) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.100\elevation_service.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: OpenVpnService - C:\Program Files (x86)\PureVPN\bin\openvpnserv2.exe
O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe

--
End of file - Time spent: 16.8 sec. - 31836 bytes, CRC32: FFFFFFFF. Sign: 釲�

@dragokas
Copy link
Owner

Hi,
thank you for the log.
If you need our assistance:


Please, note that only members of VIRUSNET-Association are allowed to respond in PC cure topics.
Ignore any recommendations given by other users, including PM !!!

Assistance is provided free of charge at our free time. If you found our help useful, you can thank us with any amount using this form or you can leave a feedback in Guestbook.

@dragokas
Copy link
Owner

dragokas commented Aug 4, 2019

Closed.
Reason: no answer for 10 days.
If you still need our help, please, execute tha last steps, requested by helper.
Also, download again AutoLogger, prepare new CollectionLog and write what problems remained.

@dragokas dragokas closed this as completed Aug 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants