note lenta remaige repair

mariela

Miembro
Miembro
Les dejo el log de Esete online e Hijackthis, gracias desde ya.
Insertar CODE, HTML o PHP:
11/03/2019 19:44:44 p.m.
Archivos analizados: 99854
Archivos infectados: 311
Amenazas desinfectadas: 311
Tiempo total de análisis 00:49:27
Estado del análisis: Finalizado
Insertar CODE, HTML o PHP:
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x32 Windows 7 (Ultimate), 6.1.7600.0, Service Pack: 0 <=== Attention! (outdated SP)
Time:      11.03.2019 - 19:49 (UTC-03:00)
Language:  OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0x2C0A)
Elevated:  Yes
Ran by:    Usuario    (group: Administrator) on USUARIO-PC, FirstRun: yes

Chrome:  58.0.3029.110
Internet Explorer: 8.0.7600.16385
Default: "C:\Program Files\Everrice\Application\chrome.exe" "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files\AVAST Software\Avast\AvastSvc.exe
   1  C:\Program Files\AVAST Software\Avast\AvastUI.exe
   1  C:\Program Files\AVAST Software\Avast\aswidsagent.exe
   1  C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
   1  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
   1  C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
   1  C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
   1  C:\Program Files\Lenovo\Energy Management\Energy Management.exe
   1  C:\Program Files\Lenovo\Energy Management\utility.exe
   1  C:\Program Files\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Program Files\amulell\ed2k.exe
   1  C:\Users\Usuario\AppData\Local\background_fault\aswRD.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\hkcmd.exe
   1  C:\Windows\System32\igfxpers.exe
   1  C:\Windows\System32\igfxsrvc.exe
   1  C:\Windows\System32\igfxtray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  14  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskeng.exe
   2  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe
   1  E:\limpieza estela\HiJackThis_test\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = mylucky123.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = http://www.ourluckysites.com/search/?type=ds&ts=1494034896&z=c8415b42a5fec26f011b4dag0z2t1zce4c5zdb9t1e&from=che0812&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = http://www.ourluckysites.com/search/?type=ds&ts=1494034896&z=c8415b42a5fec26f011b4dag0z2t1zce4c5zdb9t1e&from=che0812&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page Redirect Cache] = Hotmail, Outlook, Skype, noticias y videos en MSN Argentina
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = mylucky123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = mylucky123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = mylucky123.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F4EC002556BBEA4A&affID=127886&tsp=5357 - Bueno Search R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: [URL] = http://www.ourluckysites.com/search/?type=ds&ts=1494034896&z=c8415b42a5fec26f011b4dag0z2t1zce4c5zdb9t1e&from=che0812&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms} - ourluckysites R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [SuggestionsURL_JSON] = http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&qu={searchTerms}&ft=json - Ask.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [URL] = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} - Ask.com
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: [URL] = http://istart.webssearches.com/web/?type=ds&ts=1409504299&from=tugs&uid=ST500LM012XHN-M500MBB_S2R7J9GCA13818&q={searchTerms} - webssearches
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [SuggestionsURL_JSON] = http://www.search.ask.com/suggest.php?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&qu={searchTerms}&ft=json - Ask.com
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: [URL] = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=295&systemid=102&v=a13277-320&apn_uid=8655501025124050&apn_dtid=BND102&o=APN10646&apn_ptnrs=AG7&q={searchTerms} - Ask.com
O1 - Hosts: is empty
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - HKLM\..\Toolbar: (no name) - {6fcaba44-a441-481f-895e-bddfd81a6cc2} - (no file)
O4 - HKCU\..\Run: [background_fault] = C:\Users\Usuario\AppData\Local\background_fault\aswRD.exe "C:\Users\Usuario\AppData\Local\background_fault\bf.dll",background_fault_collector 
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui 
O4 - HKLM\..\Run: [Energy Management] = C:\Program Files\Lenovo\Energy Management\Energy Management.exe 
O4 - HKLM\..\Run: [EnergyUtility] = C:\Program Files\Lenovo\Energy Management\utility.exe O4 - HKLM\..\Run: [HotKeysCmds] = C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] = C:\Windows\system32\igfxpers.exe
O4 - MSConfig\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk [backup] => C:\Users\Usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup (2014/08/17) (file missing)
O4 - MSConfig\startupreg: Adobe ARM [command] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2013/03/12) O4 - MSConfig\startupreg: Adobe Reader Speed Launcher [command] = C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (HKLM) (2013/03/12) (file missing) O4 - MSConfig\startupreg: Apoint [command] = C:\Program Files\Apoint2K\Apoint.exe (HKLM) (2014/08/17)
O4 - MSConfig\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [command] = C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (HKCU) (2013/03/12)
O4 - MSConfig\startupreg: NeroFilterCheck [command] = C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (HKLM) (2013/03/12)
O4 - MSConfig\startupreg: fst_ar_109 [command] = (HKLM) (2014/09/21) (no file)
O4 - MSConfig\startupreg: fst_ar_114 [command] = (HKLM) (2014/09/21) (no file) O4 - MSConfig\startupreg: removejZipdatamngr [command] = C:\Windows\system32\cmd.exe /c RD /S /Q "C:\Program Files\Music Toolbar" (HKLM) (2014/09/21)
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows\System32
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows\System32\Wbem
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\Windows\System32\WindowsPowerShell\v1.0
O17 - DHCP DNS 1: 186.130.128.131 O17 - DHCP DNS 2: 200.63.155.65 O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll O22 - Task (.job): (Not scheduled) APSnotifierPP2.job - C:\Program Files\AnyProtectEx\AnyProtect.exe (file missing) --notifier 4
O22 - Task (.job): (Ready) APSnotifierPP1.job - C:\Program Files\AnyProtectEx\AnyProtect.exe (file missing) --notifier2 A
O22 - Task (.job): (Running) 5d03aea6-734a-4385-9746-91774d1edb8f-5.job - C:\Program Files\videos MediaPlay-Air\5d03aea6-734a-4385-9746-91774d1edb8f-5.exe (file missing) /runupdater /agentregpath='videos MediaPlay-Air' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installationtime=1409504448 /statsdomain=http://stats.loadclientinput
O22 - Task (.job): (disabled) (Ready) 5d03aea6-734a-4385-9746-91774d1edb8f-1.job - C:\Program Files\videos MediaPlay-Air\videos MediaPlay-Air-codedownloader.exe (file missing) /reinstallapp /runfrom=task /agentregpath='videos MediaPlay-Air' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409
O22 - Task (.job): (disabled) (Ready) 5d03aea6-734a-4385-9746-91774d1edb8f-5_user.job - C:\Program Files\videos MediaPlay-Air\5d03aea6-734a-4385-9746-91774d1edb8f-5.exe (file missing) /runupdater /agentregpath='videos MediaPlay-Air' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installationtime=1409504448 /statsdomain=http://stats.loadclientinput
O22 - Task (.job): (disabled) (Ready) 5d03aea6-734a-4385-9746-91774d1edb8f-7.job - C:\Program Files\videos MediaPlay-Air\5d03aea6-734a-4385-9746-91774d1edb8f-7.exe (file missing) /updateapp /agentregpath='videos MediaPlay-Air-nv' /appid=61799 /srcid='001673' /subid='verticals-shopping' /zdata='0' /bic=C2EF425A28D04F04B3A9B66D626CAF36IE /verifier=818654c84318bf3560b9a6f2fd8362ae /installerversion=1_34_08_12 /installerfullversion=1.34.8.12 /installationtime=1409504448 /statsd
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: TeamViewer 14 - (TeamViewer) - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: ed2k idle service - (ed2kidle) - C:\Program Files\amulell\ed2k.exe -downloadwhenidle
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: %1!s! Update Servicio (avast) - (avast) - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc
O23 - Service S2: Google Update Servicio (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: PicexaService - C:\Program Files\Picexa\PicexaSvc.exe Files\Picexa\PicexaSvc.exe (file missing)
O23 - Service S2: YAC Service - (iSafeService) - C:\Program Files\Elex-tech\YAC\iSafeSvc.exe Files\Elex-tech\YAC\iSafeSvc.exe (file missing)
O23 - Service S3: %1!s! Update Servicio (avastm) - (avastm) - C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc
O23 - Service S3: Avast Secure Browser Elevation Service - (AvastSecureBrowserElevationService) - C:\Program Files\AVAST Software\Browser\Application\72.0.1174.121\elevation_service.exe
O23 - Service S3: AvastVBox COM Service - (AvastVBoxSvc) - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service S3: Google Update Servicio (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O26 - Debugger: HKLM\..\GoogleUpdate.exe: [Debugger] = 324095823984.exe (file missing)
O26 - Debugger: HKLM\..\GoogleUpdaterService.exe: [Debugger] = 8736459873644.exe (file missing) 
O26 - Debugger: HKLM\..\bitguard.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\bprotect.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\bpsvc.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\browserdefender.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\browserprotect.exe: [Debugger] = C:\Windows\system32\tasklist.exe 
O26 - Debugger: HKLM\..\browsersafeguard.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\dprotectsvc.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\jumpflip: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\protectedsearch.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchinstaller.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchprotection.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchprotector.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchsettings.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\searchsettings64.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\snapdo.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\stinst32.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\stinst64.exe: [Debugger] = C:\Windows\system32\tasklist.exe 
O26 - Debugger: HKLM\..\umbrella.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\utiljumpflip.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\volaro: [Debugger] = C:\Windows\system32\tasklist.exe
 O26 - Debugger: HKLM\..\vonteera: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\websteroids.exe: [Debugger] = C:\Windows\system32\tasklist.exe
O26 - Debugger: HKLM\..\websteroidsservice.exe: [Debugger] = C:\Windows\system32\tasklist.exe 
-- End of file - Time spent: 27,2 sec. - 30378 bytes, CRC32: FFFFFFFF. Sign: 包킚
 

jbex

El que peca y reza empata
Administrador
Hola Mariela, deja los logs con formato, quedan todos seguidas las entradas y si ya de por si es complejo leerlo, no veas tu todo en una línea :).
Por lo que respecta a tu log ejecuta HijackThis y elimina C:\Users\Usuario\AppData\Local\background_fault\aswRD.exe sigue estos pasos Limpieza de spyware
Si después de pasa el AdwCleaner aun persiste el problema restablece los navegadores manualmente.
Un saludo
 

mariela

Miembro
Miembro
me parece que acabo de repetir un tema por favor controlen y cualquier cosa eliminen el nuevo, mil disculpas. pasa que recien ahora la prende y no abren los navegadores.
 
Arriba Pie