Trojan.Agent.AutoIt

JavierHF · 20 Mayo, 2020 12:02

Bien… y ahora sigue estos pasos, MUY Importante Realiza una copia de seguridad del registro :

Para hacerlo descarga DelFix.exe(en tu escritorio).
Doble clic para ejecutarlo.(Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona -Ejecutar como Administrador-).
Atención, ahora marca/selecciona únicamente la casilla Create registry backup, las demás casillas NO.
Pulsar en Run.

Se abrirá el informe (DelFix.txt), guárdalo por si fuera necesario y cierra la herramienta.

Con los demás programas cerrados ve a Inicio Ejecutar y escribe Notepad.exe.

Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.

START
CREATERESTOREPOINT:
CLOSEPROCESSES:
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [225]
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Run: [AceStream] => C:\Users\migue\AppData\Roaming\ACEStream\engine\ace_engine.exe [27960 2018-08-23] (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [27775672 2020-05-01] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Run: [AceStream] => C:\Users\migue\AppData\Roaming\ACEStream\engine\ace_engine.exe [27960 2018-08-23] (INNOVATIVE DIGITAL TECHNOLOGIES LLC -> Innovative Digital Technologies)
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Run: [5431fa94] => C:\ProgramData\Intel\Wireless\788d1f8\idcjdac.exe C:\ProgramData\Intel\Wireless\788d1f8\40f2e73.au3
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-17] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
Task: {1DC50C8A-EDE9-49BB-AE69-008BC9672CAB} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {66D62973-750A-4B6C-B919-D4EA5C295FAB} - System32\Tasks\update-S-1-5-21-1055259697-3518968227-3811586982-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {BCAA3981-DD2B-42C1-B615-E78580B4584F} - System32\Tasks\App Explorer => C:\Users\migue\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7499944 2020-05-13] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATENCIÓN
Task: C:\WINDOWS\Tasks\update-S-1-5-21-1055259697-3518968227-3811586982-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
BHO: Sin Nombre -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> Ningún archivo
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: EGet Class -> {1E871FF8-029C-4732-8AA7-39E3D3872057} -> C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\eagleSniffer.dll => Ningún archivo
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll => Ningún archivo
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] => no encontrado
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] => no encontrado
FF HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\migue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Extension: (Ace Script) - C:\Users\migue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi [2018-11-26]
FF HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\Firefox\Extensions: [[email protected]] - C:\Users\migue\AppData\Roaming\ACEStream\extensions\awe\firefox\acewebextension_unlisted.xpi
FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [Ningún archivo]
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\migue\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001: eagleget.com/EagleGet32 -> C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\npEagleget.dll [Ningún archivo]
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269: @acestream.net/acestreamplugin,version=3.1.32 -> C:\Users\migue\AppData\Roaming\ACEStream\player\npace_plugin.dll [2017-01-13] (Innovative Digital Technologies -> Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269: eagleget.com/EagleGet32 -> C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\npEagleget.dll [Ningún archivo]
CHR Profile: C:\Users\migue\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-05-20]
CHR Profile: C:\Users\migue\AppData\Local\Google\Chrome\User Data\System Profile [2020-05-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
CHR HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Users\migue\AppData\Local\Temp\Rar$EXa15816.39237\addon\[email protected] <no encontrado>
S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [X]
U3 aswbdisk; no ImagePath
Ace Stream Media 3.1.32 (HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\AceStream) (Version: 3.1.32 - Ace Stream Media) <==== ATENCIÓN
Ace Stream Media 3.1.32 (HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\AceStream) (Version: 3.1.32 - Ace Stream Media) <==== ATENCIÓN
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Ningún archivo
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [225]
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-1055259697-3518968227-3811586982-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192020104841269\...\StartupApproved\Run: => "AceStream"
C:\ProgramData\Intel\Wireless
C:\Users\migue\AppData\Roaming\acestream
C:\Users\migue\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo
C:\Program Files\Common Files\McAfee
C:\Program Files (x86)\Steam\bin\cef\cef.win7
HOSTS:
REMOVEPROXY:
EMPTYTEMP:
CMD: netsh winsock reset
CMD: ipconfig /renew
CMD: ipconfig /flushdns
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
END

Guárdalo bajo el nombre de FIXLIST.TXT en el escritorio Esto es muy importante.

Nota Es importante que la herramienta FRST.exe(Farbar Recovery Scanner Tool) y FIXLIST.TXT se encuentren en la misma ubicación (escritorio) o si no, no trabajara.

Y ahora usa el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

Ejecuta FRST.exe.(Si usas Windows Vista/7/8 o 10, presiona clic derecho y seleccionas -Ejecutar como Administrador-).
Presionar el botón FIX/Corregir y aguardar a que termine.
La Herramienta guardara el reporte de reparación en el escritorio (FIXLOG.TXT).

Pegar el contenido de este fichero en tu próxima respuesta.

Reiniciar el equipo y comprobar su funcionamiento en relación al problema planteado y comentarlo.

Saludos.