quiero saber si mi pc esta hackeada

Cerrado
undertone
Mensajes: 1
Registrado: 07 Jul 2019, 05:13

quiero saber si mi pc esta hackeada

Mensaje por undertone » 07 Jul 2019, 15:57

Mi pc iene comportamientos raros a veces. Es la primera vez que entro a este foro, disculpen mi ignorancia. si leen el log de Hijackthis podrian por favor decirme si hay algo malo?


Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x32 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time: 07.07.2019 - 11:00 (UTC+00:00)
Language: OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0x2C0A)
Elevated: Yes
Ran by: gerardo (group: Administrator) on ROSARIO-PC, FirstRun: yes

Chrome: 74.0.3729.169
Firefox: 66.0.3.7038
Internet Explorer: 11.0.9600.17840
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
1 C:\Program Files\360\Total Security\safemon\QHWatchdog.exe
2 C:\Program Files\AnyDesk\AnyDesk.exe
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\Device Doctor\DDTray.exe
9 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\gerardo\Downloads\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\Users\gerardo\Downloads\HijackThisPortable\HijackThisPortable.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\taskmgr.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} [SuggestionsURL] = https://ie.search.yahoo.com/os?appid=fe ... earchTerms} - Search Powered by Yahoo!
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [SuggestionsURL] = https://ie.search.yahoo.com/os?appid=fe ... earchTerms} - Search Powered by Yahoo!
O1 - Hosts: 127.0.0.1 www.r2rdownload.com
O2 - HKLM\..\BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk -> C:\Program Files\AnyDesk\AnyDesk.exe --control
O4 - HKCU\..\Run: [DiscordCanary] = C:\Users\Rosario\AppData\Local\DiscordCanary\app-0.0.197\DiscordCanary.exe
O4 - HKLM\..\Run: [QHSafeTray] = C:\Program Files\360\Total Security\safemon\QHSafeTray.exe /start
O4 - MSConfig\startupreg: Codec Pack Update Checker [command] = C:\Windows\system32\Codecs\UpdateChecker.exe (HKCU) (2018/12/17)
O4 - Startup other users: C:\Users\Kirian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk -> C:\Users\gerardo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe /autostart
O17 - DHCP DNS 1: 190.1.0.196
O17 - DHCP DNS 2: 190.1.0.195
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
O22 - Task (Job): (Ready) update-S-1-5-21-3574981907-1559418393-3250806138-1002.job - C:\Program Files\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task (Job): (Ready) update-sys.job - C:\Program Files\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run (Microsoft)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Task: (disabled) (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate
O22 - Task: (disabled) Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: (disabled) GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
O22 - Task: (disabled) GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: (disabled) \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn - C:\Program Files\Microsoft Office\Office15\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Consolidator - C:\Windows\System32\wsqmcons.exe (file missing)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: Device Doctor automatic scan and new device notifications - C:\Program Files\Device Doctor\DDTray.exe
O22 - Task: GyazoUpdateTaskMachine - C:\Program Files\Gyazo\GyazoUpdate.exe
O22 - Task: GyazoUpdateTaskMachineDaily - C:\Program Files\Gyazo\GyazoUpdate.exe
O22 - Task: Halo 2 for Vista restart - C:\Program Files\Microsoft Games\Halo 2\startup.exe 808 832 804 (file missing)
O22 - Task: \Microsoft\Windows\End Of Support\Notify1 - C:\Windows\system32\sipnotify.exe -LogonOrUnlock (Microsoft)
O22 - Task: \Microsoft\Windows\End Of Support\Notify2 - C:\Windows\system32\sipnotify.exe -Daily (Microsoft)
O22 - Task: update-S-1-5-21-3574981907-1559418393-3250806138-1002 - C:\Program Files\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task: update-sys - C:\Program Files\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O23 - Service R2: 360 Total Security - (QHActiveDefense) - C:\Program Files\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files\AnyDesk\AnyDesk.exe --service
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service R2: Temas - (Themes) - C:\Windows\System32\svchost.exe -k netsvcs; "ServiceDll" = C:\Windows\system32\themeservice.dll
O23 - Service R2: Windows Live ID Sign-in Assistant - (wlidsvc) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
O23 - Service S3: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service S3: AMD FUEL Service - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service S3: Google Update Servicio (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Update Servicio (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Microsoft IME Dictionary Update - (ImeDictUpdateService) - C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servicio de estado de ASP.NET - (aspnet_state) - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
O23 - Service S3: Steam Client Service - C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService


--
End of file - Time spent: 25 sec. - 18040 bytes, CRC32: FFFFFFFF. Sign: 箼넵

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: quiero saber si mi pc esta hackeada

Mensaje por msc hotline sat » 10 Jul 2019, 06:38

Usuario de Buenos Aires, Argentina

HJT con utilidades de allá , veamos lo que dicen que son ...

wsqmcons

Mira al respecto en :

https://www.solvusoft.com/es/files/erro ... mcons-exe/


Aparte puedes mirar tambien estas otras:


http://www.r2rdownload.com/ en el Hosts

GyazoUpdate

IMEDICTUPDATE

GameRanger


Mira si todos ellos los has instalado voluntariamente, por si alguno pudiera haber entrado maliciosamente, y procede en consecuencia

Jokovich
Mensajes: 2
Registrado: 07 Oct 2020, 12:33

Re: quiero saber si mi pc esta hackeada

Mensaje por Jokovich » 07 Oct 2020, 12:46

Tu publicación ha sido muy útil porque fue clara y la redacción concisa hizo que fuera fácil de entender. Gracias!

Avatar de Usuario
msc hotline sat
Mensajes: 93500
Registrado: 09 Mar 2004, 20:39
Ubicación: BARCELONA (ESPAÑA)
Contactar:

Re: quiero saber si mi pc esta hackeada

Mensaje por msc hotline sat » 07 Oct 2020, 16:33

Pues lo celebramos, y dada laantigüedad del post, procedemos a cerrar el Tema

saludos

ms, 7-10-2020

Cerrado

Volver a “Foro HijackThis - copia y pega tu log”