Eliminar Adware "Othersearch" (búsquedas falsas en Google)


#1

Buenos días.

Tengo un virus dentro de mi computadora que provoca que, dentro de las búsquedas de google, me surjan links que no son originales de la búsqueda.

Este es el registro:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Pro), 10.0.17134.523 (ReleaseId: 1803), Service Pack: 0
Time:      25.01.2019 - 09:40 (UTC-03:00)
Language:  OS: Spanish (0x80A). Display: Spanish (0x80A). Non-Unicode: Spanish (0x80A)
Elevated:  Yes
Ran by:    stc	(group: Administrator) on DESKTOP-P9T5R3M, FirstRun: yes

Chrome:  71.0.3578.98
Firefox: 50.0.0.6152
Edge:    11.0.17134.523
Internet Explorer: 11.0.17134.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
   1  C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
   1  C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
   1  C:\Program Files (x86)\360\Total Security\safemon\chrome\360webshield.exe
  40  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
   1  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
   1  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
   1  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
   1  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
   1  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
   1  C:\Program Files (x86)\TeamViewer\TeamViewer.exe
   1  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files (x86)\TeamViewer\tv_w32.exe
   1  C:\Program Files (x86)\TeamViewer\tv_x64.exe
   1  C:\Program Files\AVAST Software\Avast\AvastSvc.exe
   1  C:\Program Files\AVAST Software\Avast\AvastUI.exe
   1  C:\Program Files\CCleaner\CCleaner64.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeApp.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.37.98.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
   1  C:\Program Files\rempl\sedsvc.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1901.7-0\MsMpEng.exe
   1  C:\Users\stc\Downloads\HiJackThis.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\cmd.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  64  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http:// OEM17win10. msn .com/?pc=NMTE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https:// go.microsoft .com /fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [SuggestionsURL] = https:/ / api. bing. com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&pc=UE04 - Bing
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL] = https:// www.bing. com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 - Bing
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{B7299968-B542-4631-862C-4514DC2BF284}: [URL] = http:// www.bing. com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE - Bing
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\stc\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2018/10/02)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Session Manager: [BootExecute] = C:\WINDOWS\system32\sdnclean64.exe
O4-32 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4-32 - HKLM\..\Run: [QHSafeTray] = C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe /start
O4-32 - HKLM\..\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O9-32 - Button: HKLM\..\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: (no name) - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O9-32 - Tools menu item: HKLM\..\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Consola de Sun Java - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O15 - Trusted Zone: https:// login .claro. com.ar
O15 - Trusted Zone: https:// stealth .claro. com.ar
O16-32 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 1.6.0_35 [CODEBASE] = http://java.sun. 
 com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.6.0_35 [CODEBASE] = http://java. 
 sun.  com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.6.0_35 [CODEBASE] = http:// java. 
 sun.  com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
O17 - DHCP DNS 1: 200.42.4.198
O17 - DHCP DNS 2: 200.49.130.44
O20-32 - HKLM\..\Winlogon\Notify\SDWinLogon: [DllName] = SDWinLogon.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O22 - Task (.job): (disabled) (Not scheduled) Intel PTT EK Recertification.job - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe
O23 - Service R2: 360 Total Security - (QHActiveDefense) - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Spybot-S&D 2 Scanner Service - (SDScannerService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service R2: Spybot-S&D 2 Security Center Service - (SDWSCService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service R2: Spybot-S&D 2 Updating Service - (SDUpdateService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: Windows Remediation Service - (sedsvc) - C:\Program Files\rempl\sedsvc.exe
O23 - Service S2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S2: Google Update Servicio (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHDCPSvc.exe
O23 - Service S2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service S2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\igfxCUIService.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service S3: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service S3: Google Update Servicio (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_250db833a1cd577e\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe


--
End of file - Time spent: 20,9 sec. - 20504 bytes, CRC32: FFFFFFFF. Sign

Pase Malware bites, Adw y no sucedió nada, no lo encuentran.

Espero su ayuda, muchas gracias.


#2

Hola Federico_Aguirre

Pon los reportes de Malwarebytes y AdwCleaner para revisarlos.

Un saludo