note lenta remaige repair

mariela

Miembro
Miembro
Les dejo el log de Esete online e Hijackthis, gracias desde ya.
Insertar CODE, HTML o PHP:
11/03/2019 19:44:44 p.m.
Archivos analizados: 99854
Archivos infectados: 311
Amenazas desinfectadas: 311
Tiempo total de análisis 00:49:27
Estado del análisis: Finalizado
Insertar CODE, HTML o PHP:
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x32 Windows 7 (Ultimate), 6.1.7600.0, Service Pack: 0 <=== Attention! (outdated SP)
Time:      11.03.2019 - 19:49 (UTC-03:00)
Language:  OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0x2C0A)
Elevated:  Yes
Ran by:    Usuario    (group: Administrator) on USUARIO-PC, FirstRun: yes

Chrome:  58.0.3029.110
Internet Explorer: 8.0.7600.16385
Default: "C:\Program Files\Everrice\Application\chrome.exe" "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files\AVAST Software\Avast\AvastSvc.exe
   1  C:\Program Files\AVAST Software\Avast\AvastUI.exe
   1  C:\Program Files\AVAST Software\Avast\aswidsagent.exe
   1  C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
   1  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
   1  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
   1  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
   1  C:\Program Files\Lenovo\Energy Management\Energy Management.exe
   1  C:\Program Files\Lenovo\Energy Management\utility.exe
   1  C:\Program Files\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Program Files\amulell\ed2k.exe
   1  C:\Users\Usuario\AppData\Local\background_fault\aswRD.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\hkcmd.exe
   1  C:\Windows\System32\igfxpers.exe
   1  C:\Windows\System32\igfxsrvc.exe
   1  C:\Windows\System32\igfxtray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  14  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskeng.exe
   2  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe
   1  E:\limpieza estela\HiJackThis_test\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = mylucky123.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = http://www.ourluckysites.com/search/?type=ds&ts=1494034896&z=c8415b42a5fec26f011b4dag0z2t1zce4c5zdb9t1e&from=che0812&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = http://www.ourluckysites.com/search/?type=ds&ts=1494034896&z=c8415b42a5fec26f011b4dag0z2t1zce4c5zdb9t1e&from=che0812&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page Redirect Cache] = Hotmail, Outlook, Skype, noticias y videos en MSN Argentina
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = mylucky123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = mylucky123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = mylucky123.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F4EC002556BBEA4A&affID=127886&tsp=5357 - Bueno Search R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: [URL] = http://www.ourluckysites.com/search/?type=ds&ts=1494034896&z=c8415b42a5fec26f011b4dag0z2t1zce4c5zdb9t1e&from=che0812&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms} - ourluckysites R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [SuggestionsURL_JSON] = http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&qu={searchTerms}&ft=json - Ask.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [URL] = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} - Ask.com
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: [URL] = http://istart.webssearches.com/web/?type=ds&ts=1409504299&from=tugs&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms} - webssearches
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [SuggestionsURL_JSON] = http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&qu={searchTerms}&ft=json - Ask.com
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [URL] = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} - Ask.com
O1 - Hosts: is empty
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - HKLM\..\Toolbar: (no name) - {6fcaba44-a441-481f-895e-bddfd81a6cc2} - (no file)
O4 - HKCU\..\Run: [background_fault] = C:\Users\Usuario\AppData\Local\background_fault\aswRD.exe "C:\Users\Usuario\AppData\Local\background_fault\bf.dll",background_fault_collector 
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui 
O4 - HKLM\..\Run: [Energy Management] = C:\Program Files\Lenovo\Energy Management\Energy Management.exe 
O4 - HKLM\..\Run: [EnergyUtility] = C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [HotKeysCmds] = C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] = C:\Windows\system32\igfxpers.exe
O4 - MSConfig\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk [backup] => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup (2014/08/17) (file missing)
O4 - MSConfig\startupreg: Adobe ARM [command] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2013/03/12) O4 - MSConfig\startupreg: Adobe Reader Speed Launcher [command] = C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (HKLM) (2013/03/12) (file missing) O4 - MSConfig\startupreg: Apoint [command] = C:\Program Files\Apoint2K\Apoint.exe (HKLM) (2014/08/17)
O4 - MSConfig\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [command] = C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (HKCU) (2013/03/12)
O4 - MSConfig\startupreg: NeroFilterCheck [command] = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (HKLM) (2013/03/12)
O4 - MSConfig\startupreg: fst_ar_109 [command] = (HKLM) (2014/09/21) (no file)
O4 - MSConfig\startupreg: fst_ar_114 [command] = (HKLM) (2014/09/21) (no file) O4 - MSConfig\startupreg: removejZipdatamngr [command] = C:\Windows\system32\cmd.exe /c RD /S /Q "C:\Program Files\Music Toolbar" (HKLM) (2014/09/21)
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows\System32
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows\System32\Wbem
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows\System32\WindowsPowerShell\v1.0
O17 - DHCP DNS 1: 186.130.128.131 O17 - DHCP DNS 2: 200.63.155.65 O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll O22 - Task (.job): (Not scheduled) APSnotifierPP2.job - C:\Program Files\AnyProtectEx\AnyProtect.exe (file missing) --notifier 4
O22 - Task (.job): (Ready) APSnotifierPP1.job - C:\Program Files\AnyProtectEx\AnyProtect.exe (file missing) --notifier2 A
O22 - Task (.job): (Running) 5d03aea6-734a-4385-9746-91774d1edb8f-5.job - C:\Program Files\videos MediaPlay-Air\5d03aea6-734a-4385-9746-91774d1edb8f-5.exe (file missing) /runupdater /agentregpath='videos MediaPlay-Air' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installationtime=1409504448 /statsdomain=http://stats.loadclientinput
O22 - Task (.job): (disabled) (Ready) 5d03aea6-734a-4385-9746-91774d1edb8f-1.job - C:\Program Files\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe (file missing) /reinstallapp /runfrom=task /agentregpath='videos MediaPlay-Air' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409
O22 - Task (.job): (disabled) (Ready) 5d03aea6-734a-4385-9746-91774d1edb8f-5_user.job - C:\Program Files\videos MediaPlay-Air\5d03aea6-734a-4385-9746-91774d1edb8f-5.exe (file missing) /runupdater /agentregpath='videos MediaPlay-Air' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installationtime=1409504448 /statsdomain=http://stats.loadclientinput
O22 - Task (.job): (disabled) (Ready) 5d03aea6-734a-4385-9746-91774d1edb8f-7.job - C:\Program Files\videos MediaPlay-Air\5d03aea6-734a-4385-9746-91774d1edb8f-7.exe (file missing) /updateapp /agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409504448 /statsd
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: TeamViewer 14 - (TeamViewer) - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: ed2k idle service - (ed2kidle) - C:\Program Files\amulell\ed2k.exe -downloadwhenidle
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: %1!s! Update Servicio (avast) - (avast) - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc
O23 - Service S2: Google Update Servicio (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: PicexaService - C:\Program Files\Picexa\PicexaSvc.exe Files\Picexa\PicexaSvc.exe (file missing)
O23 - Service S2: YAC Service - (iSafeService) - C:\Program Files\Elex-tech\YAC\iSafeSvc.exe Files\Elex-tech\YAC\iSafeSvc.exe (file missing)
O23 - Service S3: %1!s! Update Servicio (avastm) - (avastm) - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc
O23 - Service S3: Avast Secure Browser Elevation Service - (AvastSecureBrowserElevationService) - C:\Program Files\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe
O23 - Service S3: AvastVBox COM Service - (AvastVBoxSvc) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service S3: Google Update Servicio (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O26 - Debugger: HKLM\..\GoogleUpdate.exe: [Debugger] = 324095823984.exe (file missing)
O26 - Debugger: HKLM\..\GoogleUpdaterService.exe: [Debugger] = 8736459873644.exe (file missing) 
O26 - Debugger: HKLM\..\bitguard.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\bprotect.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\bpsvc.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\browserdefender.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\browserprotect.exe: [Debugger] = C:\Windows\system32\tasklist.exe 
O26 - Debugger: HKLM\..\browsersafeguard.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\dprotectsvc.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\jumpflip: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\protectedsearch.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchinstaller.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchprotection.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchprotector.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchsettings.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchsettings64.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\snapdo.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\stinst32.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\stinst64.exe: [Debugger] = C:\Windows\system32\tasklist.exe 
O26 - Debugger: HKLM\..\umbrella.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\utiljumpflip.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\volaro: [Debugger] = C:\Windows\system32\tasklist.exe
 O26 - Debugger: HKLM\..\vonteera: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\websteroids.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\websteroidsservice.exe: [Debugger] = C:\Windows\system32\tasklist.exe 
-- End of file - Time spent: 27,2 sec. - 30378 bytes, CRC32: FFFFFFFF. Sign: 包킚
 

jbex

El que peca y reza empata
Administrador
Hola Mariela, deja los logs con formato, quedan todos seguidas las entradas y si ya de por si es complejo leerlo, no veas tu todo en una línea :).
Por lo que respecta a tu log ejecuta HijackThis y elimina C:\Users\Usuario\AppData\Local\background_fault\aswRD.exe sigue estos pasos Limpieza de spyware
Si después de pasa el AdwCleaner aun persiste el problema restablece los navegadores manualmente.
Un saludo
 
Arriba Pie