[Log de HiJackThis] Para estar mas seguro

A ver, tengo el presentimiento(y la paranoia) que alguien puede espiar en mi pc, o ya lo esta haciendo. (Una larga historia). La cosa es que hago esto mas qeu todo por checkear si mis sospechas son ciertas o no

Log

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Pro), 10.0.18362.295 (ReleaseId: 1903), Service Pack: 0 Time: 05.09.2019 - 22:28 (UTC-04:00) Language: OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0xC0A) Elevated: Yes Ran by: Crra (group: Administrator) on CRRA-PC, FirstRun: yes

Chrome: 76.0.3809.132 Firefox: 69.0.0.7178 Edge: 11.0.18362.267 Internet Explorer: 11.0.18362.1 Default: “C:\Program Files\Mozilla Firefox\firefox.exe” -osint -url “%1” (Firefox)

Boot mode: Normal

Running processes: Number | Path 1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 1 C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe 1 C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe 1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 1 C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe 1 C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe 1 C:\Program Files (x86)\Origin\OriginWebHelperService.exe 1 C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe 1 C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe 1 C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe 1 C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe 1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe 1 C:\Program Files\AVAST Software\Avast\AvastUI.exe 1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe 1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe 1 C:\Program Files\AVAST Software\Avast\wsc_proxy.exe 1 C:\Program Files\AVAST Software\SecureLine\Vpn.exe 1 C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe 1 C:\Program Files\Bonjour\mDNSResponder.exe 1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 1 C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe 1 C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe 1 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 11 C:\Program Files\Mozilla Firefox\firefox.exe 1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe 1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.18920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.901.0_x64__8wekyb3d8bbwe\YourPhone.exe 1 C:\Program Files\iPod\bin\iPodService.exe 1 C:\Program Files\iTunes\iTunesHelper.exe 1 C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe 1 C:\Users\Crra\Downloads\HiJackThis.exe 1 C:\Users\Crra\Downloads\esetonlinescanner_esn.exe 2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 1 C:\Windows\System32\ApplicationFrameHost.exe 1 C:\Windows\System32\GameBarPresenceWriter.exe 7 C:\Windows\System32\RuntimeBroker.exe 1 C:\Windows\System32\SearchIndexer.exe 1 C:\Windows\System32\SecurityHealthService.exe 1 C:\Windows\System32\SecurityHealthSystray.exe 1 C:\Windows\System32\SettingSyncHost.exe 1 C:\Windows\System32\SgrmBroker.exe 1 C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe 1 C:\Windows\System32\WUDFHost.exe 1 C:\Windows\System32\atieclxx.exe 1 C:\Windows\System32\atiesrxx.exe 1 C:\Windows\System32\audiodg.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\ctfmon.exe 1 C:\Windows\System32\dasHost.exe 3 C:\Windows\System32\dllhost.exe 1 C:\Windows\System32\dwm.exe 2 C:\Windows\System32\fontdrvhost.exe 1 C:\Windows\System32\lsass.exe 1 C:\Windows\System32\mqsvc.exe 1 C:\Windows\System32\notepad.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\sihost.exe 1 C:\Windows\System32\smartscreen.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\spoolsv.exe 83 C:\Windows\System32\svchost.exe 1 C:\Windows\System32\taskhostw.exe 1 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\wbem\unsecapp.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe 1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 1 C:\Windows\explorer.exe 1 F:\Mega Downloads\Terraria v1 3 5 3-ImAres\Terraria v1.3.5.3-Eddyo\Terraria.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local O1 - Hosts: 127.0.0.1 app.drivereasy.com O2 - HKLM…\BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll O2 - HKLM…\BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll O2-32 - HKLM…\BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - F:\Visual Studio 2012\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll O4 - HKCU…\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR O4 - HKCU…\Run: [Discord] = C:\Users\Crra\AppData\Local\Discord\app-0.0.305\Discord.exe O4 - HKCU…\Run: [OneDrive] = C:\Users\Crra\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) O4 - HKCU…\Run: [ProtonVPN] = C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe O4 - HKCU…\Run: [Skype for Desktop] = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe O4 - HKCU…\Run: [uTorrent] = C:\Users\Crra\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED O4 - HKLM…\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui O4 - HKLM…\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe O4 - HKLM…\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM…\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avast SecureLine VPN.lnk -> C:\Program Files\AVAST Software\SecureLine\Vpn.exe /nogui O4 - User Startup: C:\Users\Crra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Crra\AppData\Local\MEGAsync\MEGAsync.exe O4-32 - HKLM…\Run: [LogMeIn Hamachi Ui] = C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start O4-32 - HKLM…\Run: [StartCCC] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun O4-32 - HKLM…\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O17 - DHCP DNS 1: 192.168.1.1 O21 - HKLM…\ShellIconOverlayIdentifiers\ MEGA (Pending): MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Crra\AppData\Local\MEGAsync\ShellExtX64.dll O21 - HKLM…\ShellIconOverlayIdentifiers\ MEGA (Synced): MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Crra\AppData\Local\MEGAsync\ShellExtX64.dll O21 - HKLM…\ShellIconOverlayIdentifiers\ MEGA (Syncing): MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Crra\AppData\Local\MEGAsync\ShellExtX64.dll O21 - HKLM…\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll O21 - HKLM…\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll O21 - HKLM…\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll O21 - HKLM…\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll O21-32 - HKLM…\ShellIconOverlayIdentifiers\ MEGA (Pending): MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Crra\AppData\Local\MEGAsync\ShellExtX32.dll O21-32 - HKLM…\ShellIconOverlayIdentifiers\ MEGA (Synced): MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Crra\AppData\Local\MEGAsync\ShellExtX32.dll O21-32 - HKLM…\ShellIconOverlayIdentifiers\ MEGA (Syncing): MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Crra\AppData\Local\MEGAsync\ShellExtX32.dll O22 - Task (.job): Driver Easy Scheduled Scan.job - C:\Program Files\Easeware\DriverEasy\DriverEasy.exe --scan O22 - Task (.job): G2MUpdateTask-S-1-5-21-2786473432-2039146945-1801121664-1001.job - C:\Users\Crra\AppData\Local\GoToMeeting\11584\g2mupdate.exe (file missing) O22 - Task (.job): G2MUploadTask-S-1-5-21-2786473432-2039146945-1801121664-1001.job - C:\Users\Crra\AppData\Local\GoToMeeting\11584\g2mupload.exe (file missing) O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service R2: Avast SecureLine - (SecureLine) - C:\Program Files\AVAST Software\SecureLine\VpnSvc.exe O23 - Service R2: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc /rpcserver O23 - Service R2: LMIGuardianSvc - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe O23 - Service R2: LogMeIn Hamachi Tunneling Engine - (Hamachi2Svc) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe -s O23 - Service R2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service R2: ProtonVPN Service - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe O23 - Service R2: RadeonPro Support Service - C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe O23 - Service R2: Razer Game Scanner - (Razer Game Scanner Service) - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe O23 - Service R2: RzSurroundVADStreamingService - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe O23 - Service R2: Servicio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service R2: Servicio Hacer clic y ejecutar de Microsoft Office - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service O23 - Service R3: Disc Soft Lite Bus Service - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service R3: Servicio del iPod - (iPod Service) - C:\Program Files\iPod\bin\iPodService.exe O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service S2: Servicio de Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service S3: GalaxyCommunication - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service S3: Servicio de Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService O23 - Service S3: VirtualBox system service - (VBoxSDS) - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe O23 - Service S3: Visual Studio Standard Collector Service 150 - (VSStandardCollectorService150) - E:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe

– End of file - Time spent: 81,1 sec. - 26846 bytes, CRC32: FFFFFFFF. Sign: 罔Ą

Hola @Crra

Bienvenido al Foro…!!!

Hijackthis ha quedado un poco obsoleto para el malware actual.

Si deseas verificar si tu equipo esta comprometido realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de CcleanerBrowser.
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes

  • No olvides actualizarlo.
  • Lee detenidamente su Manual
  • Realiza un Análisis Personalizado marcando todas las unidades
  • Pulsa en “Eliminar Seleccionados” para enviar lo encontrado a la cuarentena.
  • Reinicias el Sistema.
  • En el apartado del manual “Historial” >> Registros de Aplicación >> Scan Log/Registro de Análisis encontrarás el informe del MBAM, que debes copiar y pegar en tu próxima respuesta.

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2