Hola chicos, tengo desde el movil (o uno de ellos) y todos lo que pueda estar al alcance de una epidemia muy rara, en estado apto para quien guste de acertijos ya que si de formatear ordenadores, moviles, netbooks, tablets se tratara ya llevo mas de un año y he perdido para no caer en mas de lo mismo dispositivos que deje en stand by hasta que se solucione. Tambien puse otra red wifi y una mas eternet ya que todo me fue robado referido a cuentas, trabajo, acceso a siu guarani, facebook. Se que es mucho pero no quiero dar cada detalle, básicamente, además de este hackeo berreta y cambiar los S.O, acceso remoto y pagina que siempre se redireccionan…se me ocurre empezar con el log de hijack. Aca no soy nueva pero perdi mi user.
Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.10.0.6
Platform: x64 Windows 10 (Pro), 10.0.19042.1052 (ReleaseId: 2009), Service Pack: 0
Time: 21.06.2021 - 08:23 (UTC-03:00)
Language: OS: Spanish (0xC0A). Display: Spanish (0xC0A). Non-Unicode: Spanish (0xC0A)
Elevated: Yes
Ran by: MI PC (group: Administrator) on DESKTOP-IJKMKUH, FirstRun: yes
Chrome: 91.0.4472.106
Internet Explorer: 11.0.19041.1
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
1 C:\Program Files\AVG\Antivirus\aswidsagent.exe
1 C:\Program Files\AVG\Antivirus\AVGSvc.exe
1 C:\Program Files\AVG\Antivirus\avgToolsSvc.exe
4 C:\Program Files\AVG\Antivirus\AVGUI.exe
1 C:\Program Files\AVG\Antivirus\setup\New_15050c71\instup.exe
1 C:\Program Files\AVG\Antivirus\setup\sbr.exe
1 C:\Program Files\AVG\Antivirus\wsc_proxy.exe
14 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.143.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
1 C:\Users\MI PC\Downloads\HiJackThis (1).exe
1 C:\Users\MI PC\Downloads\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\slui.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spool\drivers\x64\3\E_YATIRQE.EXE
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\SppExtComObj.Exe
1 C:\Windows\System32\sppsvc.exe
26 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] = C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRQE.EXE /EPT "EPLTarget\P0000000000000000" /M "L380 Series" /EF "HKCU"
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2021/06/11)
O4 - HKLM\..\Run: [AVGUI.exe] = C:\Program Files\AVG\Antivirus\AvLaunch.exe /gui
O17 - DHCP DNS 1: 192.168.0.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\AVG\Antivirus\ashShell.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\AVG\Antivirus\x86\ashShell.dll
O22 - Task (.job): (Not scheduled) EPSON L380 Series Update {4F8417C9-ED97-4AE5-B26A-EDADE9003BA8}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRQE.EXE
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\Windows\system32\MusNotification.exe /RunOnAC Reboot (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\Windows\system32\MusNotification.exe /RunOnBattery Reboot (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (file missing)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (Microsoft)
O22 - Task: \AVG\Overseer - C:\Program Files\Common Files\AVG\Overseer\overseer.exe /from_scheduler:1
O22 - Task: Antivirus Emergency Update - C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EPSON L380 Series Update {4F8417C9-ED97-4AE5-B26A-EDADE9003BA8} - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSRQE.EXE /EXE:"{4F8417C9-ED97-4AE5-B26A-EDADE9003BA8}" /F:"Update"
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1506551049-1340079532-683474695-500 - C:\Users\MI PC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-3965273046-3430910187-3870962638-500 - C:\Users\MI PC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O23 - Service R2: AVG Antivirus - C:\Program Files\AVG\Antivirus\AVGSvc.exe /runassvc
O23 - Service R2: AVG Tools - C:\Program Files\AVG\Antivirus\avgToolsSvc.exe /runassvc
O23 - Service R2: AvgWscReporter - C:\Program Files\AVG\Antivirus\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R3: avgbIDSAgent - C:\Program Files\AVG\Antivirus\aswidsagent.exe
O23 - Service S2: Google Update Servicio (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\91.0.4472.106\elevation_service.exe
O23 - Service S3: Google Update Servicio (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
--
End of file - Time spent: 76,5 sec. - 15484 bytes, CRC32: FFFFFFFF. Sign: 년