Estimados amigos ayer a través de un app de torrent quise descargarme unas peliculas…creo que fue el error más grande porque horas más tarde mi GMAIL fue hackeado, le cambiaron el nombre, le pusieron un correo de recuperación (EDITADO POR MODERADOR@**. ) cambiaron mi canal de youtube.
Pude recuperarlo pero GMAIL me informa que nuevamente intentaron hacerlo hoy, no sé que programa más puedo eliminar, este es el resultado que me arrojó Hijackthis:
*Por cierto, ya le pase CCLEANER, Superantispyware y JRT ¡AYUDA!
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16
Platform: x64 Windows 10 (Pro), 10.0.19044.1586 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 28.03.2022 - 09:23 (UTC-05:00)
Language: OS: Spanish (0x80A). Display: Spanish (0x80A). Non-Unicode: Spanish (0x80A)
Elevated: Yes
Ran by: Harold (group: Administrators) on DESKTOP-89CA6D4, FirstRun: yes
Chrome: 99.0.4844.82
Firefox: 98.0.2.8116
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\ESET\ESET Security\eguiProxy.exe
1 C:\Program Files\ESET\ESET Security\ekrn.exe
10 C:\Program Files\Mozilla Firefox\firefox.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22011.10031.0_x64__8wekyb3d8bbwe\Video.UI.exe
4 C:\Users\Harold\AppData\Roaming\Spotify\Spotify.exe
1 C:\Users\Harold\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
O4 - HKCU\..\Run: [Advanced SystemCare] = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto (file missing)
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
O4 - HKCU\..\Run: [Spotify] = C:\Users\Harold\AppData\Roaming\Spotify\Spotify.exe --autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\StartupApproved\Run: [com.squirrel.Teams.Teams] = C:\Users\Harold\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (2022/03/08)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_8CE01346F34B1BAD3AC153D2BEC0EE5F] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2022/02/18)
O4 - HKLM\..\Run: [egui] = C:\Program Files\ESET\ESET Security\ecmds.exe /run /hide /proxy
O4 - HKLM\..\Run: [NvBackend] = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\StartupApproved\Run32: [APSDaemon] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (2022/03/15)
O17 - DHCP DNS 1: 200.48.225.130
O17 - DHCP DNS 2: 200.48.225.146
O22 - BITS Job: (download) {823717B0-AF21-4F00-B221-08DD716A9A85} - http://asp-cdn.ff.avast.com/swhealth/avg/swhealthex2.x64.dll -> C:\WINDOWS\TEMP\Tuneup_ash2\AVG Software Updater (Tuneup)\swhealthex2.18.0.1110.dll
O22 - BITS Job: Fix all (including legit)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-1436553111-3840471436-3105025709-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} (file missing)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /AllUsersRun (file missing)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /CalendarRun (file missing)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /WakeupRun (file missing)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: ASC_PerformanceMonitor - C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task (file missing)
O22 - Task: ASC_SkipUac_Harold - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Task: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - Harold - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore{B11B9B72-A8F3-4283-906E-F45C46296511} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA{6DD9C962-B1B9-42BF-B475-04F38E4851D9} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-2259804650-3522866991-2534745720-500 - C:\Users\Harold\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R3: ESET Firewall Helper - (ekrnEpfw) - C:\Program Files\ESET\ESET Security\ekrn.exe
O23 - Service S2: Advanced SystemCare Service 15 - (AdvancedSystemCareService15) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (file missing)
O23 - Service S2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
O23 - Service S2: Google Update Servicio (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: GUBootService - C:\Program Files (x86)\Common Files\Glarysoft\StartupManager\1.0\GUBootService.exe
O23 - Service S2: GUPMService - C:\Program Files (x86)\Glary Utilities 5\GUPMService.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\99.0.4844.82\elevation_service.exe
O23 - Service S3: Google Update Servicio (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O26 - Tools: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath (default) = C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe (file missing)
--
End of file - Time spent: 31.8 sec. - 24232 bytes, CRC32: FFFFFFFF. Sign: ᵟ
Desde otro dispositivo que no sea tu ordenador (tu smartphone, por ejemplo) accede a tu cuenta de GMail y activa la verificación en dos pasos. Con esta medida de seguridad les harás imposible a los ciberdelincuentes que te puedan volver a hackear la cuenta, ya que esta medida se basa en dos cosas: una cosa que sabes (la contraseña) y una cosa que tienes (tu smartphone, etc.). Es decir, que para poder hackear tu cuenta de GMail, los ciberdelincuentes deberían de tener tu contraseña y el dispositivo que uses para la verificación en dos pasos.
Una vez que lo hayas hecho, en tu ordenador ejecuta el ESET Online Scanner tal y como se explica en su