Otro con el maldito virus de doble tilde

Buenas, pues tengo exactamente el mismo problema que otros usuaruis que he ido leyendo por aqu´´i. Prob´´e con todos los antimalware: Malwarebyte, Malware Fox, Grindinsoft, Spybot, HijackThis, etc.

El ´´unico que diri´´a que me encontr´´o algo interesante es este ´´ultimo, y algunos otros pero ahora no recuerdo, sobre el secuestro del navegador (algo llamado Really Good Search, que te redirige a Bing en una ventana nueva).

No quiero poner el script que puso Marr0n porque he visto que es algo as´´i como personalizado, pero la verdad que no s´´e qu´´e hacer, es muy inc´´omodo.

Una cosa curiosa: cuando reinicio los acentos funcionan perfectamente un rato, con lo que supongo que es un proceso que se carga a posteriori, pero no sabr´´ia decir cu´´al.

Es decir, cuando se reinicia y se abre un procesador de texto o un navegador, al principio parece haberse resuelto, pero nada m´´as lejos de la realidad. Al cabo de un minuto, imagino que cuando carga el proceso, vuelve a suceder lo mismo.

No s´´e bien c´´omo solucionarlo, he le´´ido lo del programa de artiller´´ia pesada, pero agradecer´´ia que me explicar´´ais en un post concreto para que os pueda pegar los logs.

Gracias.

P.D.: presumo que viene una ola de este tipo de virus, porque por lo que vi es de hace ya unos años, pero veo varios posts sobre este tema :confused:

Sigue los pasos indicados en éste tema y luego comenta los resultados aquí.

2 Me gusta
==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Hosts: 127.0.0.1         license.piriform.com
Tcpip\Parameters: [DhcpNameServer] 212.142.173.36 8.8.8.8
Tcpip\..\Interfaces\{b358ebe1-49e1-44fd-a7b2-f160cdf45696}: [DhcpNameServer] 212.142.173.36 8.8.8.8

Edge: 
=======
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-28]
Edge Extension: (Read it later!) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aaocbkeamabaniccpnbapflopmcnpjbg [2020-07-31]
Edge Extension: (Qlearly - Tab and Bookmark Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aicaflgmmblfaneodjfhkilgplnpjmig [2021-03-08]
Edge Extension: (Session Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2020-07-31]
Edge Extension: (Lighthouse) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blipmdconlkpinefehnmjammfjpmpbjk [2020-07-31]
Edge Extension: (Switchmark) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnocffbiglfjjcgmifcampfmcbkfbhgc [2020-07-31]
Edge Extension: (Resaltador Weava - PDF & Web) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbnaodkpfinfiipjblikofhlhlcickei [2021-04-16]
Edge Extension: (Pushbullet) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-24]
Edge Extension: (OneTab) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-07-24]
Edge Extension: (MozBar) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2021-09-09]
Edge Extension: (uBlock) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2020-07-31]
Edge Extension: (Aliexpress Dropship) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\faieahckjkcpljkaedbjidlhhcigddal [2021-11-23]
Edge Extension: (Facebook Pixel Helper) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-25]
Edge Extension: (Bookmarks Menu) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2020-07-31]
Edge Extension: (Musixmatch Lyrics for YouTube) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2020-07-31]
Edge Extension: (Skrapp Enrich) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gklkbifnmojjpmbkojffeamiblineife [2021-05-05]
Edge Extension: (Stream Video Downloader) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2020-07-31]
Edge Extension: (Bitwarden) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2021-11-16]
Edge Extension: (MEGA) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jemjknhgpjaacbghpdhgchbgccbpkkgf [2021-11-19]
Edge Extension: (Ver Imagen) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2021-08-05]
Edge Extension: (Tag Assistant Legacy (by Google)) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2021-09-27]
Edge Extension: (Raindrop.io) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldgfbffkinooeloadekpmfoklnobpien [2021-11-16]
Edge Extension: (Loom for Chrome) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-10-25]
Edge Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llhcnbijpnechllogkacbcjmkcgjbjfi [2021-11-24]
Edge Extension: (Barra lateral de marcadores) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lmjefbghkfeppnpofmbfmhgodpclipbl [2021-11-16]
Edge Extension: (SessionBox - Multi login to any website) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2021-10-25]
Edge Extension: (ePacket identification) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mjbenjfenckimeljabijmkcchnbdgako [2020-07-31]
Edge Extension: (Dictionarist - Diccionario) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npggnghnhkgioladlpfehafajnghlklc [2020-07-31]
Edge Extension: (Authenticator: 2FA Client) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ocglkepbibnalbgmbachknglpdipeoio [2021-10-25]
Edge Extension: (Invite post likers for Facebook™ - 2021) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oobofacgjpheigmglnjjlhfolhcamaia [2021-08-05]
Edge Extension: (Unmask Password - mostrar la contraseña) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmmeddaccflimcipblojlnfandenhicb [2020-07-31]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [pdhdldaneekjpoaldekpgomomeabpnek]

FireFox:
========
FF DefaultProfile: vrvzyjqi.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1 [2021-11-28]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-05]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-05]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-06]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-06]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrvzyjqi.default [2021-11-28]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vasfllwc.default-release [2021-11-28]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-19]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-19]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-19]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-19]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-20]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-20]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-20]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-20]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-20]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-20]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-20]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-20]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\user.js [2021-10-13]
FF Notifications: Mozilla\Firefox\Profiles\qlytl6mp.viernes4 -> hxxps://www.elviajerofisgon.com
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-19]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-19]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-19]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-19]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2021-06-29] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2021-11-18] [Heredado] [no firmado]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-11-25] <==== ATENCIÓN (Apunta a archivo *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-11-25] <==== ATENCIÓN

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-29]
CHR Notifications: Default -> hxxps://app.polymail.io; hxxps://app.slack.com; hxxps://calendar.google.com; hxxps://forobeta.com; hxxps://meet.google.com; hxxps://socialpubli.com; hxxps://www.cronoshare.com; hxxps://www.facebook.com; hxxps://www.loom.com; hxxps://www.milanuncios.com
CHR NewTab: Default ->  Active:"chrome-extension://pgoflfgdgcmjcbhgcfjffcaeibhipmkd/board-detail2.html", Active:"chrome-extension://aicaflgmmblfaneodjfhkilgplnpjmig/board-detail2.html"
CHR Extension: (Traductor de Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-19]
CHR Extension: (Qlearly - Tab and Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicaflgmmblfaneodjfhkilgplnpjmig [2021-03-11]
CHR Extension: (Workona Tab Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ailcmbgekjpnablpdkmaaccecekgdhlh [2021-08-09]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-31]
CHR Extension: (Session Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2019-02-20]
CHR Extension: (Authenticator) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2021-11-11]
CHR Extension: (Lighthouse) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blipmdconlkpinefehnmjammfjpmpbjk [2020-04-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-20]
CHR Extension: (Switchmark) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnocffbiglfjjcgmifcampfmcbkfbhgc [2019-02-20]
CHR Extension: (Pushbullet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-28]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-07-24]
CHR Extension: (MozBar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2021-09-03]
CHR Extension: (Aliexpress Dropship) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\faieahckjkcpljkaedbjidlhhcigddal [2021-11-25]
CHR Extension: (Emoji Keyboard - Emojis For Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcgkphadgmbalmlklhbdagcicajenei [2021-08-09]
CHR Extension: (Facebook Pixel Helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-12]
CHR Extension: (Bookmarks Menu) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2021-11-26]
CHR Extension: (Bitdefender Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2021-11-25]
CHR Extension: (Skrapp.io - Email Finder) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geplbbbmdpmdodfmohpikfacgkfpkhec [2021-11-25]
CHR Extension: (Musixmatch Lyrics for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2019-02-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-16]
CHR Extension: (Guardio Protection for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2021-11-26]
CHR Extension: (Skrapp Enrich) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklkbifnmojjpmbkojffeamiblineife [2021-05-13]
CHR Extension: (Screen Recorder - Grabador de pantalla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden [2021-05-25]
CHR Extension: (Tab Session Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiomicjabeggjcfkbimgmglanimpnae [2021-10-16]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-25]
CHR Extension: (Barra lateral de marcadores) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbnofccmhefkmjbkkdkfiicjkgofkdh [2021-11-17]
CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhgpjbcoignfibliobpclhpfnadhofn [2021-11-25]
CHR Extension: (Tag Assistant Legacy (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2021-09-29]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-11-25]
CHR Extension: (Bookmarks Bar Switcher) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcaelgondnfehcambmdhhfokjknhfahc [2021-05-29]
CHR Extension: (Raindrop.io) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgfbffkinooeloadekpmfoklnobpien [2021-11-11]
CHR Extension: (Loom for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-11-25]
CHR Extension: (Menú de aplicaciones de Drive (de Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23]
CHR Extension: (SessionBox - Multi login to any website) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2021-11-28]
CHR Extension: (Name2Email: Find email by name for free) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbdclgaeiapdnhfpbfalfjfcjddfaii [2021-08-30]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2021-11-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Bitwarden) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2021-10-30]
CHR Extension: (Dictionarist - Diccionario) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\npggnghnhkgioladlpfehafajnghlklc [2019-02-20]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2021-11-13]
CHR Extension: (Invite post likers for Facebook™ - 2021) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobofacgjpheigmglnjjlhfolhcamaia [2021-08-09]
CHR Extension: (Enlace al fragmento de texto) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcodcjpfjdpcineamnnmbkkmkdpajjg [2021-09-29]
CHR Extension: (Qlearly Basic - Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoflfgdgcmjcbhgcfjffcaeibhipmkd [2021-02-05]
CHR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2021-11-11]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Unmask Password - mostrar la contraseña) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmeddaccflimcipblojlnfandenhicb [2019-02-20]
CHR Extension: (Scraper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poegfpiagjgnenagjphgdklmgcpjaofi [2019-02-20]
CHR Extension: (Udemy Downloader) - C:\Users\User\Downloads [2021-11-29]
CHR Extension: (AVG Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Ext\iaddtteidixfxyvefybtdwlgybuabxnorviwe [2021-11-25]
CHR Extension: (ySpellWeb) - C:\ProgramData\Rerccj\Xlbbz [2021-11-29]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-28]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci]
CHR HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.24.0.7961\BVDChromeExt.crx [2021-11-17]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

Opera: 
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-11-29]
OPR Notifications: Opera Stable -> hxxps://www.dia.es; hxxps://www.truepush.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-29]
OPR Extension: (Login Helper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\jlmmcmlofgjbafflkfccgainkpccfngl [2020-04-11]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-17]
OPR Extension: (ySpellWeb) - C:\ProgramData\Rerccj\Xlbbz [2021-11-29] 

Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 26-11-2021
Ejecutado por User (29-11-2021 20:10:10)
Ejecutado desde C:\Users\User\Desktop
Microsoft Windows 10 Pro Versión 20H2 19042.1348 (X64) (2021-03-28 19:34:05)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================


(Si una entrada es incluida en el fixlist, será eliminada.)

Administrador (S-1-5-21-1739314480-4207500633-2825667379-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1739314480-4207500633-2825667379-503 - Limited - Disabled)
Invitado (S-1-5-21-1739314480-4207500633-2825667379-501 - Limited - Disabled)
Invitado2 (S-1-5-21-1739314480-4207500633-2825667379-1003 - Limited - Enabled) => C:\Users\Invitado2
User (S-1-5-21-1739314480-4207500633-2825667379-1001 - Administrator - Enabled) => C:\Users\User
WDAGUtilityAccount (S-1-5-21-1739314480-4207500633-2825667379-504 - Limited - Disabled)

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Bitdefender Antivirus (Disabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Cortafuego (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

ACDSee Pro 9 (64-bit) (HKLM\...\{AAB2B2D2-1B27-4EEC-B033-6F9B6FFEEF4C}) (Version: 9.1.0.453 - ACD Systems International Inc.)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Allavsoft 3.24.0.7961 (HKLM-x32\...\{6EBED4D8-13D9-4370-8D44-B57DDB7A787C}_is1) (Version:  - Allavsoft Corporation)
AOMEI Partition Assistant 9.4 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Aplicaciones de Microsoft 365 para empresas - es-es (HKLM\...\O365ProPlusRetail - es-es) (Version: 16.0.14430.20270 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 26.0.1.198 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 26.0.3.29 - Bitdefender)
Bitwarden (HKLM\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 1.12.0 - 8bit Solutions LLC)
Botsol Crawler (HKLM-x32\...\{8BACC5B7-60EC-4FE0-81C8-F75B29CAC3A2}) (Version: 8.0 - Botsol)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Clipboard Help+Spell 2.17.01 (HKLM-x32\...\Clipboard Help+Spell_is1) (Version:  - )
Comprobación de estado de PC Windows (HKLM\...\{75741B4B-FC87-494A-A380-0EBA06DB89F9}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Comprobación de estado de PC Windows (HKLM\...\{F826D305-4405-44F4-A332-2D1BE70A1481}) (Version: 3.3.2110.22002 - Microsoft Corporation)
CrystalDiskInfo 8.10.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 8.10.0 - Crystal Dew World)
Dashboard (HKLM-x32\...\Western Digital SSD Dashboard) (Version: 3.3.2.18 - Western Digital Corporation)
Data Lifeguard Diagnostic version 1.37 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Digital Video Repair 3.7.0.0 (HKLM-x32\...\Digital VideoRepair_is1) (Version: 3.7.0.0 - Rising Research)
Disk Drill 4.1.551.0 (HKLM-x32\...\{a3191359-c53e-459e-a364-bdb79ed35b57}) (Version: 4.1.551.0 - CleverFiles)
Disk Drill 4.1.551.0 (x64) (HKLM\...\{E17DB604-AFC0-4B5E-916D-65D5BFF75774}) (Version: 4.1.551.0 - CleverFiles) Hidden
DiskInternals Partition Recovery (HKLM-x32\...\DiskInternals Partition Recovery) (Version: 8.0.4 - DiskInternals Research)
Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Hidden
Dokan Library 1.4.0.1000 Bundle (HKLM-x32\...\{97cfdb6c-2faa-43ba-afbc-469e01845e99}) (Version: 1.4.0.1000 - Dokany Project)
Driver Booster 8 (HKLM-x32\...\Driver Booster_is1) (Version: 8.6.0 - IObit)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version:  - EaseUS)
EaseUS Partition Master 15.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
Easy Foto (64-Bit) (HKLM\...\STARTER_PROJECTS_1_2_B9A73F1C_is1) (Version: 1.12 - Franzis Verlag GmbH)
Easy Video Logo Remover (HKLM-x32\...\Easy Video Logo Remover_is1) (Version:  - dandans)
ENE_QSI_Loki_HAL (HKLM\...\{BDE43F26-5917-44F8-B86A-F1D9A6B80B32}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
ENE_QSI_Loki_HAL (HKLM-x32\...\{205ef3a8-937b-43cb-90fc-2f58f71408d8}) (Version: 1.0.3.0 - ENE TECHNOLOGY INC.) Hidden
FileZilla Client 3.55.1 (HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\FileZilla Client) (Version: 3.55.1 - Tim Kosse)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
GetDataBack Pro version 5.55 (HKLM\...\GetDataBack Pro Install_is1) (Version: 5.55 - Runtime Software, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 53.0.8.0 - Google LLC)
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.2.14 - Gridinsoft LLC)
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 1.1.3 - Alexander Shaduri)
Hetman Partition Recovery (HKLM-x32\...\Hetman Partition Recovery) (Version: 4.1 - Hetman Software)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.580 - Huawei Technologies Co., Ltd.)
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.2.2 - HP)
HP Hotkey Support (HKLM-x32\...\{5DD83992-50E9-44E7-B7EA-D706BDDE0874}) (Version: 6.2.43.1 - HP)
HP HSPA+ Mobile Broadband Drivers (HKLM-x32\...\{81F8560B-41E7-498c-81CE-EE7BA9956A96}) (Version: 13.1803.2.2 - Hewlett-Packard)
HP PC Hardware Diagnostics Windows (HKLM-x32\...\{02E639C2-2C8A-4A55-8DFF-43666B46E8F3}) (Version: 1.5.6.0 - HP Inc.)
HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
HxD Hex Editor 2.5 (HKLM\...\HxD_is1) (Version: 2.5 - Maël Hörz)
Intel(R) Extreme Tuning Utility (HKLM-x32\...\{b5dc28d7-72cb-4bb1-a9a7-3ae096f0980f}) (Version: 6.5.1.360 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 21.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000060-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.60.0 - Intel Corporation)
IObit Uninstaller 11 (HKLM-x32\...\IObitUninstall) (Version: 11.1.0.18 - IObit)
Java 8 Update 311 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180311F0}) (Version: 8.0.3110.11 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kernel Photo Repair Version 20.9 (HKLM-x32\...\Kernel Photo Repair_is1) (Version:  - KernelApps Private Limited.)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
Kingston SSD Manager x64 1.5.1.3 (HKLM-x32\...\{53F657CD-C4FC-4DCD-826E-6862917532AC}_is1) (Version: 1.5.1.3 - @2021 Kingston Digital, Inc.)
Loom 0.107.1 (HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\3643b966-bc28-5bc8-95ff-3d47d66438db) (Version: 0.107.1 - Loom, Inc.)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.34 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\OneDriveSetup.exe) (Version: 21.180.0905.0007 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1739314480-4207500633-2825667379-1003\...\OneDriveSetup.exe) (Version: 21.196.0921.0007 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29325 (HKLM-x32\...\{d7a6435f-ac9a-4af6-8fdc-ca130d13fac9}) (Version: 14.28.29325.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MiniTool Partition Wizard (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12 - MiniTool Software Limited)
MiniTool Power Data Recovery 9.2 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 9.2 - MiniTool Software Limited)
Mozilla Firefox (x64 es-ES) (HKLM\...\Mozilla Firefox 94.0.2 (x64 es-ES)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 90.0.2 - Mozilla)
MSTech Folder Icon Basic (HKLM-x32\...\{5E8A60B7-28E8-4AEA-888F-BAF899087701}) (Version: 3.0.0.0 - MSTech (Modern Software Technology))
Nitro Pro (HKLM\...\{47AAD2F4-1C68-423A-A280-DDE1AED22113}) (Version: 13.2.3.26 - Nitro)
NordVPN (HKLM-x32\...\{61912B8D-78D2-4C3A-B566-F72B189F9E30}) (Version: 6.28.13 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.28.13) (Version: 6.28.13 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NVIDIA Controlador de 3D Vision 427.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 427.48 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 427.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 427.48 - NVIDIA Corporation)
NVIDIA nView 149.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 149.77 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA WMI 2.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.33.0 - NVIDIA Corporation)
ObjectDock Plus (HKLM-x32\...\ObjectDock Plus2.01) (Version: 2.01 - Stardock Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14430.20270 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0C0A-1000-0000000FF1CE}) (Version: 16.0.14430.20234 - Microsoft Corporation) Hidden
Ontrack EasyRecovery Enterprise (HKLM-x32\...\{AE695CA4-8847-4462-98CC-023874D29E72}_is1) (Version: 11.0.2.0 - Kroll Ontrack Inc.)
Opera Stable 81.0.4196.60 (HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Opera 81.0.4196.60) (Version: 81.0.4196.60 - Opera Software)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/27/2012 7.0.0000.00004) (HKLM\...\D43FD4059F47ACA9539247D6CF690AAEA503AF2D) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.)
Paquete de controladores de Windows - Microsoft (xb1usb) XB1UsbClass  (05/26/2014 6.2.11059.0) (HKLM\...\55C4E3678D9D65A8FE9ACBE6091488E6111A5192) (Version: 05/26/2014 6.2.11059.0 - Microsoft)
Paquete de controladores de Windows - PDP (xb1usb) XB1UsbClass  (05/26/2014 6.2.11059.0) (HKLM\...\6E998C0FC2050FEB6758F876BFAA2253AF44A7FF) (Version: 05/26/2014 6.2.11059.0 - PDP)
Paquete de controladores de Windows - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Paquete de controladores de Windows - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Paquete de controladores de Windows - SAMSUNG Electronics Co., Ltd.  (WinUSB) AndroidUsbDeviceClass  (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
PDP Controller Driver x64 (HKLM-x32\...\{FBDE0A93-17B3-4548-A611-69633F3C0A6F}) (Version: 1.00.0003 - Performance Designed Products)
Polymail 2.2.4 (HKLM\...\375d0994-5a2b-594d-a7dc-c1c8f39e7496) (Version: 2.2.4 - Polymail, Inc.)
Prima Cartoonizer versión 2.2 (HKLM-x32\...\{DD2AE33E-132A-42CF-9849-8F9F55D1EB27}_is1) (Version: 2.2 - Primacartoonizer.com)
PUSH Video Wallpaper 4.59 (HKLM-x32\...\PUSH Video Wallpaper_is1) (Version: 4.59 - LRepacks)
PuTTY release 0.76 (64-bit) (HKLM\...\{1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}) (Version: 0.76.0.0 - Simon Tatham)
Python 3.9.7 (64-bit) (HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\{0f0bf1a5-3ec1-459b-ab7c-916db941f50d}) (Version: 3.9.7150.0 - Python Software Foundation)
Python 3.9.7 Add to Path (64-bit) (HKLM\...\{832BFE8B-69A2-4E1D-8998-DFB9CBA4B4D3}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Core Interpreter (64-bit) (HKLM\...\{88D4EF59-607D-43AD-B7C7-F5A753740FD1}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Development Libraries (64-bit) (HKLM\...\{97496FC6-5044-4A2A-BACD-40A44F38D483}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Documentation (64-bit) (HKLM\...\{AA408E09-EBB3-470F-8D63-5AA0C46C2DA2}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Executables (64-bit) (HKLM\...\{870EC220-FEAE-481D-8B29-B4B0DF5402FA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 pip Bootstrap (64-bit) (HKLM\...\{F1280AA2-AAC3-41AB-9616-CCF00814E626}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Standard Library (64-bit) (HKLM\...\{05903EEF-72A2-4C1A-AD35-41AD6C7094A8}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Tcl/Tk Support (64-bit) (HKLM\...\{6E8EAD3C-6F0C-494C-9C12-E10C5B5EE7EA}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Test Suite (64-bit) (HKLM\...\{67D79D6E-8497-4EE6-850B-834D3A27553F}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python 3.9.7 Utility Scripts (64-bit) (HKLM\...\{4110826A-903C-410C-9785-7848A51B9CC9}) (Version: 3.9.7150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{99719382-D7A9-4DC2-BF0C-C23B730A313D}) (Version: 3.9.7546.0 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8899.1 - Realtek Semiconductor Corp.)
Remo Recover 5.0 (HKLM\...\{A573D759-F894-448D-A420-3A9C31879F88}_is1) (Version: 5.0.0.42 - Remo Software)
Remo Repair AVI (HKLM\...\{30741E14-728C-4BA0-84C6-102155D65D89}_is1) (Version: 2.0.0.15 - Remo Software)
Remo Repair MOV (HKLM\...\{8DD5B1BF-E1BB-43DB-965C-DC6180A19518}_is1) (Version: 2.0.0.60 - Remo Software)
Remo Repair RAR (HKLM\...\{665680CE-EABF-4678-94AA-F3253AD70B0A}_is1) (Version: 2.0.0.21 - Remo Software)
RS Photo Recovery (HKLM-x32\...\RS Photo Recovery) (Version: 4.9 - Recovery Software)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 13.6.1 - ShareX Team)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.4.5 - IObit)
Software Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
Software para dispositivos de chipset Intel® (HKLM-x32\...\{314d4c01-f54b-4125-a71f-1e2722c29050}) (Version: 10.1.1.40 - Intel(R) Corporation) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Spotify) (Version: 1.1.72.439.gc253025e - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
Stellar Data Recovery (HKLM\...\Stellar Data Recovery_is1) (Version: 9.0.0.3 - Stellar Information Technology Pvt Ltd.)
Stellar Phoenix JPEG Repair (HKLM-x32\...\Stellar Phoenix JPEG Repair_is1) (Version: 3.0.0.0 - Stellar Information Technology Pvt Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.69 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{27C0EFD7-75C6-46E9-86EC-9033B2D1F49F}) (Version: 4.5.351.0 - Synaptics)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.23.9 - TeamViewer)
UltData for Android 6.4.0.12 (HKLM-x32\...\{UltData for Android}_is1) (Version: 6.4.0.12 - Tenorshare, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
WD Access (HKLM-x32\...\{6fb450ea-fc3e-4c3a-9e4c-c9bf944b128a}) (Version: 1.5.6698.5488 - Western Digital Technologies, Inc.)
WD Access (HKLM-x32\...\{C0624809-D60D-4AFF-8AF3-9452125AF4C1}) (Version: 1.5.6698.5488 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{3CF15262-0E5C-4BFE-AA93-D611E8F18D71}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{f7fe19a0-12b9-4318-95fd-0579f21114f0}) (Version: 2.0.0.76 - Western Digital Technologies, Inc.)
WebView2 Runtime de Microsoft Edge (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.34 - Microsoft Corporation)
WinRAR 5.90 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.90.0 - win.rar GmbH)
Wondershare PDFelement(Build 7.6.8) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.6.8.5031 - Wondershare Software Co.,Ltd.)
X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.7.4 - X Codec Pack team)

Packages:
=========
Complemento de motor del medio de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-11-25] (Microsoft Corporation)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.10.188.0_x64__rz1tebttyb220 [2021-11-25] (Dolby Laboratories)
Excel Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Excel_16001.14326.20588.0_x64__8wekyb3d8bbwe [2021-11-25] (Microsoft Corporation)
Extensión de vídeo MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-11-25] (Microsoft Corporation)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2021-11-25] (Fitbit)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.10.85.0_x64__v10z8vjag6ke6 [2021-11-25] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_7.0.15.0_x64__v10z8vjag6ke6 [2021-11-25] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-11-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-11-25] (Microsoft Corporation) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.57.43142.0_x64__8wekyb3d8bbwe [2021-11-25] (Microsoft Corporation) [Startup Task]
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.27.4.0_x64__nfy108tqq3p12 [2021-11-25] (Thumbmunkeys Ltd)
WiFi Analyzer -> C:\Program Files\WindowsApps\19965MATTHAFNER.WIFIANALYZER_2.6.1.0_x64__gs5k5vmxr2ste [2021-11-25] (Matt Hafner)
Word Mobile -> C:\Program Files\WindowsApps\Microsoft.Office.Word_16001.14326.20588.0_x64__8wekyb3d8bbwe [2021-11-25] (Microsoft Corporation)
WritePlus -> C:\Program Files\WindowsApps\50620ZigHM.PureWriter_2.0.1.2_neutral__tg7mbfdxx73f0 [2021-11-25] (Zig HM) [MS Ad]

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001_Classes\CLSID\{04271989-C4D2-B545-F543-A76A7D5EB3E3} -> [OneDrive - Merced College] => C:\Users\User\OneDrive - Merced College [2021-02-16 15:52]
CustomCLSID: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001_Classes\CLSID\{75f92b33-bbaa-b4b4-04ac-a7c07959e5a66}\InprocServer32 -> 0x4B0F11C2EF89D501622095AAC78AD501020000002C00000000000000 => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xDA0A49606488D5011A7C0CC2EF89D501030000001A00000000000000 => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001_Classes\CLSID\{fa35f03e-d81d-4cc2-a1f8-3fbadccda46e}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Windows -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Ningún archivo
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Ningún archivo
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-11-26] (Zemana Ltd. -> )
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Ningún archivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Ningún archivo
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [FormatFactoryShell] -> {A3777921-CFD3-4A6B-89BF-08E6B95716E8} => C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_103.dll [2013-06-17] (Free Time) [Archivo no firmado]
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} =>  -> Ningún archivo
ContextMenuHandlers1: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-11-15] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers1: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Ningún archivo
ContextMenuHandlers1: [Nitro.Pro.ShellExtension.Shim] -> {211B6F25-950C-49CD-AB86-A448EF85686A} => C:\Program Files\Common Files\Nitro\Nitro.Pro.ShellExtension.Shim.dll [2019-09-26] (Nitro Software, Inc. -> Nitro Software, Inc.)
ContextMenuHandlers1: [PeContextMenuExtension] -> {098A124A-AA1C-38C8-A65E-D1199A14516A} => C:\Program Files (x86)\Common Files\Wondershare\PDFelement\AddIns\PEShellExt_x64.dll [2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare)
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2015-08-28] (ACD Systems International -> ACD Systems International Inc.)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-11-15] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers2: [Hetman Partition Recovery] -> {10F746A1-1503-4761-9651-D4BDD7052E47} => C:\Program Files\Hetman Software\Hetman Partition Recovery\Explorer\ContextMenu.dll [2021-09-15] (Hetman Software -> Hetman Software)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Ningún archivo
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Ningún archivo
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers4: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-11-15] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers4: [Hetman Partition Recovery] -> {10F746A1-1503-4761-9651-D4BDD7052E47} => C:\Program Files\Hetman Software\Hetman Partition Recovery\Explorer\ContextMenu.dll [2021-09-15] (Hetman Software -> Hetman Software)
ContextMenuHandlers4: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers4: [MSTechFolderIconBasicShellEx] -> {7628cf1a-d28f-381d-aa9b-66a97a2c6900} => C:\Program Files (x86)\MSTech (Modern Software Technology)\MSTech Folder Icon Basic\MSTechFolderIconBasicShellEx.DLL [2019-10-25] (MSTech (Modern Software Technology)) [Archivo no firmado]
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\53.0.8.0\drivefsext.dll [2021-11-19] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\MalwareFox AntiMalware\ZAMShellExt64.dll [2021-11-26] (Zemana Ltd. -> )
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers6: [GridinSoft Anti-Malware] -> {F77F27A6-89F3-471A-AFA8-3B280940A10C} => C:\Program Files\GridinSoft Anti-Malware\shellext.dll [2021-11-15] (GridinSoft, LLC -> Gridinsoft LLC)
ContextMenuHandlers6: [IObitUnstaler] -> {836AB26C-2DE4-41D3-AC24-4C6C2699B960} => C:\Program Files (x86)\IObit\IObit Uninstaller\IUMenuRight.dll [2020-07-31] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2019-04-15] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll [2019-09-12] (IObit Information Technology -> IObit)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2020-03-26] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [msacm.ac3filter] => C:\Windows\SysWOW64\ac3filter.acm [1679360 2013-04-05] () [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\Download Codecs & Tools.lnk -> hxxp://www.codecs.com
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\Talk about Codecs.lnk -> hxxp://codecs.com/foru
Shortcut: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\X Codec Pack 2.7.4\Useful links\X Codec Pack homepage.lnk -> hxxp://www.xpcodecpack.com
ShortcutWithArgument: C:\Users\User\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"
ShortcutWithArgument: C:\Users\User\Desktop\Raindrop.io.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bndmnggfngpgmmijcogkkgglhalbpomk
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Raindrop.io.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=bndmnggfngpgmmijcogkkgglhalbpomk
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"

==================== Módulos cargados (Lista blanca) =============

2011-08-11 21:12 - 2021-10-16 12:02 - 000807936 _____ () [Archivo no firmado] C:\Program Files (x86)\Stardock\ObjectDock Plus\CrashRpt.dll
2011-11-12 00:49 - 2011-11-12 00:49 - 000730624 _____ () [Archivo no firmado] C:\Program Files (x86)\Stardock\ObjectDock Plus\Dock64.dll
2011-11-12 00:49 - 2011-11-12 00:49 - 000626688 _____ () [Archivo no firmado] C:\Program Files (x86)\Stardock\ObjectDock Plus\DockShellHook.dll
2011-08-11 21:12 - 2011-08-11 21:12 - 000053760 _____ () [Archivo no firmado] C:\Program Files (x86)\Stardock\ObjectDock Plus\zlib.dll
2020-04-23 10:42 - 2013-01-24 15:24 - 000359936 _____ (CANON INC.) [Archivo no firmado] C:\WINDOWS\System32\CNMN6PPM.DLL
2013-06-17 18:33 - 2013-06-17 18:33 - 000090112 _____ (Free Time) [Archivo no firmado] C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_103.dll
2011-08-11 21:12 - 2011-08-11 21:12 - 001038848 _____ (Microsoft Corporation) [Archivo no firmado] C:\Program Files (x86)\Stardock\ObjectDock Plus\dbghelp.dll
2011-08-11 21:12 - 2011-08-11 21:12 - 000106496 _____ (Microsoft) [Archivo no firmado] [El archivo está en uso] C:\Program Files (x86)\Stardock\ObjectDock Plus\RenderPanel.dll

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\ProgramData\TEMP:960C67A0 [129]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [94]
AlternateDataStreams: C:\ProgramData\TEMP:FC595E85 [354]

==================== Modo Seguro (Lista blanca) ==================

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
SearchScopes: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2020-01-31] (IObit Information Technology -> IObit)
BHO: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll [2021-11-18] (Bitdefender SRL -> Bitdefender)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2021-11-18] (Bitdefender SRL -> Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Bitdefender Trackers Blocking -> {159ff5d5-55f1-4d2f-b706-767a55f77abb} -> C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll [2021-11-18] (Bitdefender SRL -> Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2021-11-18] (Bitdefender SRL -> Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\ssv.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\jp2ssv.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2021-11-18] (Bitdefender SRL -> Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2021-11-18] (Bitdefender SRL -> Bitdefender)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-10-11] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2018-09-15 08:31 - 2021-11-28 17:36 - 000000040 ____R C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1         license.piriform.com

2020-07-07 18:43 - 2020-07-07 18:43 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\AutoFirma\AutoFirma;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\PuTTY\
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-1739314480-4207500633-2825667379-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: El medio no está conectado a internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Firewall de Windows está habilitado.

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "TuneupUI.exe"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\StartupFolder: => "Mailspring.lnk"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\Run: => "GoogleDriveFS"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\Run: => "SharewareOnSale Notifier"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\Run: => "ACDSeeCommanderPro9"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\StartupApproved\Run: => "electron.app.Polymail"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [{63D02622-5C72-4342-B0DD-97A3D3F42BDF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C71A18B6-BFCB-46C0-80B2-A97DED7DA1F6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{60ED002A-F500-4432-A8B2-7C01BFB15CB1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{345D568A-5623-4419-8B4C-88EE6EC2DA79}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D8A32B14-EFBD-4B3E-84FD-C97639697638}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{47447953-AF88-434F-BFF2-17E63FF0C540}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{779359E9-495A-4D39-82F7-52BFF4341244}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{6CDE3A2B-5E5A-42E1-98EC-84678043A555}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [UDP Query User{9E1B83A0-603F-4FF3-907D-0AD8AAAD68E1}C:\users\user\downloads\anydesk.exe] => (Allow) C:\users\user\downloads\anydesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{50E3C355-1647-48A0-B5E1-6E7F32CA87F6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C749BF15-6AAD-47A9-AF16-6E34B1C74291}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{284B975C-FF12-46B2-AD54-8AD2D1F3F9E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{84E28C33-971E-4BF4-A7AF-AE0F0888FD45}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BFB40809-215C-4827-99A8-1525CA3400AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{0E0B91D6-D996-4248-B0B9-CF6453E7C5AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1166A9FF-AD60-444B-A70C-19AD4AC55307}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FDE49BD1-1011-4C27-8192-44CE39F41F1A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BF94388C-19DE-4151-BA0D-450D1B7ACEBB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{CD65D392-7BEF-44C5-A8D1-D7899F80CDFB}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.34\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0895CD2-5B40-4D90-A4DA-F1747DB3D9B1}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\81.0.4196.37\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{B80659B7-A959-411D-8430-23C4FCA78AAE}] => (Allow) C:\Users\User\AppData\Local\Programs\Opera\81.0.4196.60\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{88AB606C-54B8-4D5D-9D22-6405E5DA1278}C:\program files (x86)\google\chrome\application\launcher.exe] => (Allow) C:\program files (x86)\google\chrome\application\launcher.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{8B9D59AB-225D-41D0-A173-9CA7084D43AA}C:\program files (x86)\google\chrome\application\launcher.exe] => (Allow) C:\program files (x86)\google\chrome\application\launcher.exe (Google LLC -> Google LLC)
FirewallRules: [{BC1DF884-1CFA-4112-B1E7-09C8356FD43A}] => (Block) C:\Program Files\GridinSoft Anti-Malware\gsam.exe (GridinSoft, LLC -> Gridinsoft LLC)
FirewallRules: [{ED87EE3C-416F-4F84-9BFF-EC8494E853D7}] => (Block) C:\Program Files\GridinSoft Anti-Malware\gsam.exe (GridinSoft, LLC -> Gridinsoft LLC)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service

==================== Puntos de Restauración =========================

26-11-2021 20:31:32 Installed Microsoft Keyboard Layout Creator 1.4
26-11-2021 21:03:29 Removed Microsoft Keyboard Layout Creator 1.4
27-11-2021 17:10:01 Installed Windows PC Health Check
28-11-2021 18:22:42 ZHPcleaner
29-11-2021 00:00:16 Malwarebytes Anti-Rootkit Restore Point

==================== Dispositivos defectuosos en el Administrador de dispositivos ============


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (11/29/2021 08:04:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x5350
Hora de inicio de la aplicación con errores: 0x01d7e553ec52788d
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: 1e74808e-3a81-47e2-a42f-fcab18069018
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2021 07:57:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x475c
Hora de inicio de la aplicación con errores: 0x01d7e552eb7e28e2
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: 3931e5c6-361d-40d2-8d57-a79e1da9b427
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2021 07:55:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x5674
Hora de inicio de la aplicación con errores: 0x01d7e5529a434439
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: 67abc229-2bed-4612-88dd-4fa79f0711d0
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2021 07:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x57c0
Hora de inicio de la aplicación con errores: 0x01d7e54d54fa3d53
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: ca83a42f-51a7-4db8-8e69-cc798e1ae212
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2021 07:14:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x52fc
Hora de inicio de la aplicación con errores: 0x01d7e54cf02f48c7
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: f30f6194-0399-44cc-be99-472031ea56be
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2021 07:07:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x5264
Hora de inicio de la aplicación con errores: 0x01d7e54bef58b0ce
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: 4db8d05b-18a2-4727-a02a-5c870ce62425
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2021 07:04:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x2200
Hora de inicio de la aplicación con errores: 0x01d7e54b8a8da43a
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: be48d366-0a84-4161-a389-0ae096eff66b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2021 06:57:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Nombre del módulo con errores: SDUpdate.exe, versión: 2.8.68.100, marca de tiempo: 0x5ea5e0d1
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00005c92
Identificador del proceso con errores: 0x194c
Hora de inicio de la aplicación con errores: 0x01d7e54a89b7fb46
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Identificador del informe: f2a584f8-4475-4606-94cd-1059c7e0a10b
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
Errores del sistema:
=============
Error: (11/29/2021 07:54:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "87" al intentar iniciar el servicio wuauserv con argumentos "No disponible" para ejecutar el servidor:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/29/2021 07:54:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio wuauserv no pudo iniciarse debido al siguiente error: 
El parámetro no es correcto.

Error: (11/29/2021 07:54:57 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "87" al intentar iniciar el servicio wuauserv con argumentos "No disponible" para ejecutar el servidor:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/29/2021 07:54:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio wuauserv no pudo iniciarse debido al siguiente error: 
El parámetro no es correcto.

Error: (11/29/2021 07:24:24 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "87" al intentar iniciar el servicio wuauserv con argumentos "No disponible" para ejecutar el servidor:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/29/2021 07:24:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio wuauserv no pudo iniciarse debido al siguiente error: 
El parámetro no es correcto.

Error: (11/29/2021 07:00:44 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Error de DCOM "87" al intentar iniciar el servicio wuauserv con argumentos "No disponible" para ejecutar el servidor:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (11/29/2021 07:00:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio wuauserv no pudo iniciarse debido al siguiente error: 
El parámetro no es correcto.


Windows Defender:
================
Date: 2021-11-25 23:09:49
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/ExcludeProc.C&threatid=2147797730&enterprise=0
Nombre: VirTool:Win32/ExcludeProc.C
Id.: 2147797730
Gravedad: Grave
Categoría: Herramienta
Ruta de acceso: CmdLine:_C:\Windows\System32\cmd.exe cmd /c powershell -Command Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force & powershell -Command Add-MpPreference -ExclusionExtension @('exe','dll') -Force & exit
Origen de detección: Desconocido
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Versión de motor: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 20:15:12
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/ExcludeProc.C&threatid=2147797730&enterprise=0
Nombre: VirTool:Win32/ExcludeProc.C
Id.: 2147797730
Gravedad: Grave
Categoría: Herramienta
Ruta de acceso: CmdLine:_C:\Windows\System32\cmd.exe cmd /c powershell -Command Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force & powershell -Command Add-MpPreference -ExclusionExtension @('exe','dll') -Force & exit
Origen de detección: Desconocido
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Versión de motor: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 19:19:03
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Zapchast.B!MTB&threatid=2147799408&enterprise=0
Nombre: Trojan:Win32/Zapchast.B!MTB
Id.: 2147799408
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\User\AppData\LocalLow\IGDump\hozigktbdftdgbyagkgwidbaksdqrste\gvflopxjsihvoywziuveqxvsdynraqit.ext
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-J7JLHF8\User
Nombre de proceso: C:\Users\User\AppData\LocalLow\IGDump\hozigktbdftdgbyagkgwidbaksdqrste\ig.exe
Versión de inteligencia de seguridad: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Versión de motor: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 19:12:41
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Floxif.AV!MTB&threatid=2147799364&enterprise=0
Nombre: Trojan:Win32/Floxif.AV!MTB
Id.: 2147799364
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\User\AppData\LocalLow\IGDump\xetorrxmoetfdeglpwdcetpluvzneflk\iuikegtktsoxdeyhbbhskgfbllmpyauv.ext->(PECompact2 v2.50+)
Origen de detección: Equipo local
Tipo de detección: Concreto
Origen de detección: Protección en tiempo real
Usuario: DESKTOP-J7JLHF8\User
Nombre de proceso: C:\Users\User\AppData\LocalLow\IGDump\xetorrxmoetfdeglpwdcetpluvzneflk\ig.exe
Versión de inteligencia de seguridad: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Versión de motor: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 18:46:06
Description: 
Antivirus de Microsoft Defender detectó malware u otro software potencialmente no deseado.
Para más información, consulta lo siguiente:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:Win32/ExcludeProc.C&threatid=2147797730&enterprise=0
Nombre: VirTool:Win32/ExcludeProc.C
Id.: 2147797730
Gravedad: Grave
Categoría: Herramienta
Ruta de acceso: CmdLine:_C:\Windows\System32\cmd.exe cmd /c powershell -Command Add-MpPreference -ExclusionPath @(($pwd).path, $env:UserProfile,$env:AppData,$env:Temp,$env:SystemRoot,$env:HomeDrive,$env:SystemDrive) -Force & powershell -Command Add-MpPreference -ExclusionExtension @('exe','dll') -Force & exit
Origen de detección: Desconocido
Tipo de detección: Concreto
Origen de detección: Sistema
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: Unknown
Versión de inteligencia de seguridad: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Versión de motor: AM: 1.1.18700.4, NIS: 1.1.18700.4
Event[0]:

Date: 2021-11-25 17:14:31
Description: 
La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80004005
Descripción del error: Error no especificado 
Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2021-11-25 17:14:31
Description: 
La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80004005
Descripción del error: Error no especificado 
Motivo: La protección en tiempo real dejó de funcionar por motivos desconocidos. Reinicie el servicio para recuperarla.

Date: 2021-11-25 17:14:30
Description: 
La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80004005
Descripción del error: Error no especificado 
Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2021-11-23 18:59:51
Description: 
La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80004005
Descripción del error: Error no especificado 
Motivo: La inteligencia de seguridad antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.

Date: 2021-11-23 18:59:50
Description: 
La característica Protección en tiempo real de Antivirus de Microsoft Defender encontró un error:
Característica: Supervisión de comportamiento
Código de error: 0x80004005
Descripción del error: Error no especificado 
Motivo: La protección en tiempo real dejó de funcionar por motivos desconocidos. Reinicie el servicio para recuperarla.

CodeIntegrity:
===============
Date: 2021-11-29 00:01:17
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDLicense.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-11-27 15:10:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume2\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.


==================== Información de la memoria =========================== 

BIOS: Hewlett-Packard M70 Ver. 01.26 03/03/2020
Placa base: Hewlett-Packard 2253
Procesador: Intel(R) Core(TM) i7-4910MQ CPU @ 2.90GHz
Porcentaje de memoria en uso: 32%
RAM física total: 32425.11 MB
RAM física disponible: 21873.35 MB
Virtual total: 34473.11 MB
Virtual disponible: 22592.38 MB

==================== Unidades ================================

Drive c: () (Fixed) (Total:235.3 GB) (Free:50.79 GB) NTFS
Drive d: (HP_TOOLS) (Fixed) (Total:2 GB) (Free:1.98 GB) FAT32

\\?\Volume{a060c02c-0000-0000-0000-100000000000}\ (Reservado para el sistema) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{a060c02c-0000-0000-0000-d0753b000000}\ () (Fixed) (Total:0.63 GB) (Free:0.08 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: A060C02C)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=235.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=2 GB) - (Type=0C)
Partition 4: (Not Active) - (Size=647 MB) - (Type=27)

==================== Final de
1 me gusta

:+1: os comentó que dicho tipo malware tiene cierta persistencia en el sistema y no se dejará eliminar así como así. Herramientas automatizadas o semi-automatizadas no le harán ni cosquillas. No lo podrán eliminar del sistema, aunque lo detecten, no podrán con este bicho. Así que dejémonos de rodeos, vamos a por faena… eso es vamos directamente con la artillería pesada.

Antes de seguir, con el permiso del compañero @Gwain40 yo seguiré con este caso (de momento, hasta que el malware sea erradicado por completo). El hecho que de momento siga Yo con el caso, es debido a que deberemos de utilizar FRST y ciertas metodologías de eliminación de malware muy concretas para este caso específico.

Como ya se ha avanzado faena. Analizaré los Logs y en un rato traeré el Script.

Correcto, es como ser sastre. Es un traje a medida y único para cada máquina. No hay dos iguales.

Correcto, se inicia siempre al arrancar de nuevo del sistema al cabo de un rato. Típico comportamiento de este malware.

Sí, no siempre tiene que ser el mismo en todos los casos, pero sí. Lo hace de varias formas en el sistema, dependiendo de la variante que te haya tocado. Puede tener varios focos de persistencia en el sistema y se tienen que erradicar todos, si no, siempre volverá.

Salu2.

Hola buenas nuevamente @Leku.

He estado mirando muy rápidamente los logs y falta una buena parte del primer Log del FRST, es decir, el FRST.txt está incompleto, tanto por arriba, como por abajo.

Traes todo este informe de nuevo.

Salu2.

DIsculpa, @Marr0n, creo que es porque no me dejaba m´´as de 65K caracteres y me hice un l´´io cortando/pegando. Pruebo de nuevo. Gracias. Lo dejo en 2 partes.

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 26-11-2021
Ejecutado por User (administrador) sobre DESKTOP-J7JLHF8 (Hewlett-Packard HP ZBook 15 G2) (29-11-2021 20:11:41)
Ejecutado desde C:\Users\User\Desktop
Perfiles cargados: User
Plataforma: Microsoft Windows 10 Pro Versión 20H2 19042.1348 (X64) Idioma: Español (España, internacional)
Navegador predeterminado: Chrome
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\26.0.1.198\DiscoverySrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(DONATIONCODER.COM LLC -> DonationCoder.com) [Archivo no firmado] C:\Program Files (x86)\Clipboard Help+Spell\ClipboardHelpAndSpell.exe
(Google LLC -> ) C:\Program Files\Google\Drive File Stream\53.0.8.0\crashpad_handler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <56>
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HPHotkeyNotification.exe
(HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Huawei Technologies Co., Ltd. -> ) C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Trust Services -> Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe <3>
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <3>
(Microsoft) [Archivo no firmado] C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDockTray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe <2>
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\81.0.4196.60\opera_crashreporter.exe
(Opera Software AS -> Opera Software) C:\Users\User\AppData\Local\Programs\Opera\opera.exe <88>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Stardock Corporation -> Stardock) C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe
(Stardock) [Archivo no firmado] C:\Program Files (x86)\Stardock\ObjectDock Plus\Dock64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.) C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [11236136 2021-07-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-11-26] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2311840 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-09-27] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6787856 2019-03-19] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [Clipboard Help+Spell] => C:\Program Files (x86)\Clipboard Help+Spell\ClipboardHelpAndSpell.exe [10000664 2012-10-26] (DONATIONCODER.COM LLC -> DonationCoder.com) [Archivo no firmado]
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1824800 2020-04-03] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [electron.app.Polymail] => C:\Program Files\Polymail\Polymail.exe [110772656 2020-07-10] (Polymail, Inc. -> Polymail, Inc.)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [ACDSeeCommanderPro9] => C:\Program Files\ACD Systems\ACDSee Pro\9.0\ACDSeeCommanderPro9.exe [3212296 2019-09-01] (ACD Systems International -> ) [Archivo no firmado]
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [electron.app.Loom] => C:\Users\User\AppData\Local\Programs\Loom\Loom.exe [136238200 2021-11-24] (Loom, Inc. -> Loom, Inc.)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [Opera Browser Assistant] => C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4756688 2021-11-09] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [11224432 2021-08-19] (Support.com Inc -> SUPERAntiSpyware)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {003c046e-76a3-11ea-a7f1-b05adaeb7818} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {7cd2526a-f3ba-11eb-a850-a4c4943f258b} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {81e54a79-45a8-11ec-a86a-a4c4943f258b} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {c54fb6b5-de2e-11eb-a849-a4c4943f258b} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {f033edc5-dd89-11eb-a848-a4c4943f258b} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\User\AppData\Local\Programs\PUSH Entertainment\Video Wallpaper\PUSH Video Screen Saver.scr [100104 2020-01-26] (Alexey Veresov -> )
HKU\S-1-5-21-1739314480-4207500633-2825667379-1003\...\Run: [MicrosoftEdgeAutoLaunch_75EC10CCEFF60932A6737C218A6C98D5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-1739314480-4207500633-2825667379-1003\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Invitado2\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1003\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Invitado2\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1003\...\RunOnce: [Uninstall 19.043.0304.0013\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Invitado2\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\amd64"
HKU\S-1-5-21-1739314480-4207500633-2825667379-1003\...\RunOnce: [Uninstall 19.043.0304.0013] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Invitado2\AppData\Local\Microsoft\OneDrive\19.043.0304.0013"
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\53.0.8.0\GoogleDriveFS.exe [54402392 2021-11-19] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\Canon MG3500 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBV.DLL [30208 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3500 series: C:\Windows\system32\CNMLMBV.DLL [391168 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG3500 series XPS: C:\Windows\system32\CNMXLMBV.DLL [394240 2013-04-04] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2013-01-24] (CANON INC.) [Archivo no firmado]
HKLM\...\Print\Monitors\Nitro PDF Port 13 Monitor: C:\Windows\system32\NxPrinterMonitor13.dll [241416 2019-09-26] (Nitro Software, Inc. -> Nitro Software, Inc.)
HKLM\...\Print\Monitors\Wondershare PDFelement Monitor: C:\Windows\system32\WSPDFelementMonitor.dll [286264 2020-10-23] (Wondershare Technology Co.,Ltd -> Wondershare Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-17] (Google LLC -> Google LLC)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk [2021-11-26]
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe (Stardock Corporation -> Stardock)
BootExecute: autocheck autochk * bddel.exesdnclean64.exe

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {01A25BF6-443A-47AC-841A-26F1BFB8289B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0270D15E-7740-4F40-8068-89ED826E9ABF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [5723640 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {0B93EC17-E1C2-44E5-9CFC-FA7005D088BE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134488 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {132DB582-87F1-4D34-90C8-C102B2E55AC9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-20] (Google Inc -> Google Inc.)
Task: {16C9478E-EA06-45FD-965E-2908D964D38D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {188963A7-0490-4336-87EC-18A62A8B4944} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1C7302BB-57D2-404C-ABE4-EA3BD8D49A02} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1E2F04B6-AFDB-4916-A834-399AB770995C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {25E41E60-9524-4441-B019-C7FAC120193B} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [314128 2018-05-02] (IObit Information Technology -> IObit)
Task: {302B1B82-A0AD-4A22-B733-9623F59B68EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1123504 2021-10-06] (HP Inc. -> HP Inc.)
Task: {399A3CB8-D438-4B64-9126-1900ECDAB05A} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [7350808 2021-10-19] (IObit CO., LTD -> IObit)
Task: {3BC32F7F-61E5-4F0E-B570-B5F707932097} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [6189624 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {3EF2C801-B7CE-42BC-BAEB-105676256FFD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {3F433DAE-D702-4491-9709-FB859972700F} - System32\Tasks\Opera scheduled Autoupdate 1550932656 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-23] (Opera Software AS -> Opera Software)
Task: {440EF42A-97BB-4AE0-92AD-0E6E4B0AC970} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5729184 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4D35D4B5-873C-4E2C-A641-CB3DF44AEBAC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1652536 2018-11-05] (Intel(R) Software -> Intel Corporation)
Task: {5ABE40E9-BA67-4B38-962C-8660BB486E01} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1551232 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {68472672-2F7B-4CE9-BB9E-B83C735F7CB3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5729184 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {69E0BF1F-3696-4247-A1D8-302363056D80} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8B5FDBB7-6903-48CF-A605-15A8BFD714C3} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {8C4A1504-44CF-46CD-B671-62105C873347} - System32\Tasks\HPDIAGS-acbdd9a0-3377-4fdf-a555-390288ae5b65 => C:\Program Files (x86)\HP\HpHwDiag\HpHwDiagA.exe [61881520 2019-01-29] (HP Inc. -> )
Task: {8D0FE6D8-52E2-49C9-BD6A-F5C57F16F0CE} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EA9B679-6951-450A-B3D3-E28BBE018022} - System32\Tasks\Opera scheduled assistant Autoupdate 1629226339 => C:\Users\User\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\User\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {94C4C5D2-5FBE-4B3F-AF2B-37C33E2E5776} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {97BB110B-5859-4669-AA25-8F9494977082} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9BAA742A-04BD-43E2-8401-BCA289DF0C3E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-10] (Adobe Inc. -> Adobe)
Task: {9C36A088-185B-4153-AC57-D1CAD2191997} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2cb5dfb4-9bb7-4bd4-aa46-b895f778bc19 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:2cb5dfb4-9bb7-4bd4-aa46-b895f778bc19
Task: {9C8B6CAE-628A-4384-9AB6-C1A765C275CC} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2106240 2019-10-12] (NVIDIA Corporation -> )
Task: {9D07F772-320B-454C-BA10-4BFB245A384B} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\26.0.1.198\WatchDog.exe [937064 2021-08-10] (Bitdefender SRL -> Bitdefender)
Task: {A0185A94-313F-4990-9F58-A396B346CAF4} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe [967200 2018-01-22] (HP Inc. -> HP)
Task: {A92F1717-AE6E-4D75-A8CC-73DAECC1F502} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {B0A5CB92-7F05-449B-96CB-66A905CD3CE6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21976976 2021-09-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B791A3E4-AD06-4BB0-9295-05ECD4C30099} - System32\Tasks\Microsoft\Windows\Bluetooth\MXEAgWIZ => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /unregister C:\ProgramData\LiteSuse\ActioadUpgrzde\sljlo_JesPCLRD.dll
Task: {BCE6FBA2-B72A-4355-9FDB-F307D398F0E2} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {C230FA28-3E97-4D83-8B77-536AF832B85E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [7177168 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {C69B24F9-3596-4AB6-9CC6-36A090D335B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [136368 2021-09-02] (HP Inc. -> HP Inc.)
Task: {C6A8AE97-3CEB-408A-9F03-B99A2B20BB4A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [134488 2021-10-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {CEB86A4F-8278-4674-9DA3-A95DE789E47E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {D0BADC98-C85F-45B9-8543-7CFF086E9C22} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_User => C:\Users\User\Desktop\Hard Disk Sentinel Portable\App\Hard Disk Sentinel\HDSentinel.exe [5715968 2019-07-11] (H.D.S. Hungary) [Archivo no firmado]
Task: {D59172B3-C61A-49FD-8F19-38DB22B748BD} - System32\Tasks\SUPERAntiSpyware Scheduled Task f6223f45-d5ad-4354-b955-3f1b2378e0b3 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [49944 2021-01-09] (SUPERAntiSpyware.com -> SUPERAdBlocker.com) -> "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:f6223f45-d5ad-4354-b955-3f1b2378e0b3
Task: {DE257B52-B10B-4F8C-9442-0180BCC4677D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2019-02-20] (Google Inc -> Google Inc.)
Task: {E207CB75-2BF6-4A16-B007-5FE37D735C9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {E347D741-1F4C-4514-AC9B-F16C916CF4E1} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F1C32368-395E-421A-8D8C-3FE63EC79BC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1123504 2021-10-06] (HP Inc. -> HP Inc.)
Task: {FAF2DE81-7DC8-4663-BA06-1207CA44BE24} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [899672 2021-11-18] (Bitdefender SRL -> Bitdefender)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)

Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2cb5dfb4-9bb7-4bd4-aa46-b895f778bc19.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task f6223f45-d5ad-4354-b955-3f1b2378e0b3.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Hosts: 127.0.0.1         license.piriform.com
Tcpip\Parameters: [DhcpNameServer] 212.142.173.36 8.8.8.8
Tcpip\..\Interfaces\{b358ebe1-49e1-44fd-a7b2-f160cdf45696}: [DhcpNameServer] 212.142.173.36 8.8.8.8

Edge: 
=======
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
Edge DefaultProfile: Default
Edge Profile: C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-28]
Edge Extension: (Read it later!) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aaocbkeamabaniccpnbapflopmcnpjbg [2020-07-31]
Edge Extension: (Qlearly - Tab and Bookmark Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aicaflgmmblfaneodjfhkilgplnpjmig [2021-03-08]
Edge Extension: (Session Manager) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2020-07-31]
Edge Extension: (Lighthouse) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\blipmdconlkpinefehnmjammfjpmpbjk [2020-07-31]
Edge Extension: (Switchmark) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnocffbiglfjjcgmifcampfmcbkfbhgc [2020-07-31]
Edge Extension: (Resaltador Weava - PDF & Web) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cbnaodkpfinfiipjblikofhlhlcickei [2021-04-16]
Edge Extension: (Pushbullet) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-24]
Edge Extension: (OneTab) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-07-24]
Edge Extension: (MozBar) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2021-09-09]
Edge Extension: (uBlock) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2020-07-31]
Edge Extension: (Aliexpress Dropship) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\faieahckjkcpljkaedbjidlhhcigddal [2021-11-23]
Edge Extension: (Facebook Pixel Helper) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-25]
Edge Extension: (Bookmarks Menu) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2020-07-31]
Edge Extension: (Musixmatch Lyrics for YouTube) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2020-07-31]
Edge Extension: (Skrapp Enrich) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gklkbifnmojjpmbkojffeamiblineife [2021-05-05]
Edge Extension: (Stream Video Downloader) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\imkngaibigegepnlckfcbecjoilcjbhf [2020-07-31]
Edge Extension: (Bitwarden) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbkfoedolllekgbhcbcoahefnbanhhlh [2021-11-16]
Edge Extension: (MEGA) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jemjknhgpjaacbghpdhgchbgccbpkkgf [2021-11-19]
Edge Extension: (Ver Imagen) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jpcmhcelnjdmblfmjabdeclccemkghjk [2021-08-05]
Edge Extension: (Tag Assistant Legacy (by Google)) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2021-09-27]
Edge Extension: (Raindrop.io) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ldgfbffkinooeloadekpmfoklnobpien [2021-11-16]
Edge Extension: (Loom for Chrome) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-10-25]
Edge Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\llhcnbijpnechllogkacbcjmkcgjbjfi [2021-11-24]
Edge Extension: (Barra lateral de marcadores) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lmjefbghkfeppnpofmbfmhgodpclipbl [2021-11-16]
Edge Extension: (SessionBox - Multi login to any website) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2021-10-25]
Edge Extension: (ePacket identification) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mjbenjfenckimeljabijmkcchnbdgako [2020-07-31]
Edge Extension: (Dictionarist - Diccionario) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\npggnghnhkgioladlpfehafajnghlklc [2020-07-31]
Edge Extension: (Authenticator: 2FA Client) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ocglkepbibnalbgmbachknglpdipeoio [2021-10-25]
Edge Extension: (Invite post likers for Facebook™ - 2021) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oobofacgjpheigmglnjjlhfolhcamaia [2021-08-05]
Edge Extension: (Unmask Password - mostrar la contraseña) - C:\Users\User\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pmmeddaccflimcipblojlnfandenhicb [2020-07-31]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [pdhdldaneekjpoaldekpgomomeabpnek]

FireFox:
========
FF DefaultProfile: vrvzyjqi.default
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yow6mguw.sabado6\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1 [2021-11-28]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-05]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-05]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-06]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\sssqghlp.Viernes1\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-06]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vrvzyjqi.default [2021-11-28]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\vasfllwc.default-release [2021-11-28]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v0hfz8pc.sabado4\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-19]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-19]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-19]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6yy7tx4z.Jueves1\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-19]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\302e0yjb.sabado1\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\o673apxy.sabado2\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-20]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-20]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-20]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z08ufcn5.Viernes3\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-20]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-20]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-20]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-20]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\k76k14sj.Viernes2\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-20]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\user.js [2021-10-13]
FF Notifications: Mozilla\Firefox\Profiles\qlytl6mp.viernes4 -> hxxps://www.elviajerofisgon.com
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qlytl6mp.viernes4\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-19]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-19]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-19]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\s4b4t42y.jueves2\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-19]
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5 [2021-11-28]
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\user.js [2021-10-13]
FF Extension: (webgl-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{2cf5dbed-78fe-4bd5-9524-38fdf837be98}.xpi [2021-08-21]
FF Extension: (canvas-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{94249bf3-29a3-4bb5-aa30-013883e8f2f4}.xpi [2021-08-21]
FF Extension: (font-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{96ef5869-e3ba-4d21-b86e-21b163096400}.xpi [2021-08-21]
FF Extension: (audiocontext-defender) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\4guee8ew.sabado5\Extensions\{ab0ae774-f22f-479b-9b1b-6aff11bf6f5c}.xpi [2021-08-21]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi [2021-06-29] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/wallet/updates.json ]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF Extension: (Bitdefender Anti-tracker) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi [2020-09-17] [UpdateUrl:hxxps://download.bitdefender.com/windows/desktop/connect/antitracker/updates.json ]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2021-11-18] [Heredado] [no firmado]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff.xpi
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbef.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\dtplugin\npDeployJava1.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.311.2 -> C:\Program Files (x86)\Java\jre1.8.0_311\bin\plugin2\npjp2.dll [2021-11-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-25] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-11-25] <==== ATENCIÓN (Apunta a archivo *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-11-25] <==== ATENCIÓN

Chrome: 
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default [2021-11-29]
CHR Notifications: Default -> hxxps://app.polymail.io; hxxps://app.slack.com; hxxps://calendar.google.com; hxxps://forobeta.com; hxxps://meet.google.com; hxxps://socialpubli.com; hxxps://www.cronoshare.com; hxxps://www.facebook.com; hxxps://www.loom.com; hxxps://www.milanuncios.com
CHR NewTab: Default ->  Active:"chrome-extension://pgoflfgdgcmjcbhgcfjffcaeibhipmkd/board-detail2.html", Active:"chrome-extension://aicaflgmmblfaneodjfhkilgplnpjmig/board-detail2.html"
CHR Extension: (Traductor de Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-08-19]
CHR Extension: (Qlearly - Tab and Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicaflgmmblfaneodjfhkilgplnpjmig [2021-03-11]
CHR Extension: (Workona Tab Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ailcmbgekjpnablpdkmaaccecekgdhlh [2021-08-09]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-31]
CHR Extension: (Session Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2019-02-20]
CHR Extension: (Authenticator) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2021-11-11]
CHR Extension: (Lighthouse) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blipmdconlkpinefehnmjammfjpmpbjk [2020-04-12]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-02-20]
CHR Extension: (Switchmark) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnocffbiglfjjcgmifcampfmcbkfbhgc [2019-02-20]
CHR Extension: (Pushbullet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2021-03-28]
CHR Extension: (OneTab) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-07-24]
CHR Extension: (MozBar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2021-09-03]
CHR Extension: (Aliexpress Dropship) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\faieahckjkcpljkaedbjidlhhcigddal [2021-11-25]
CHR Extension: (Emoji Keyboard - Emojis For Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbcgkphadgmbalmlklhbdagcicajenei [2021-08-09]
CHR Extension: (Facebook Pixel Helper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2020-10-12]
CHR Extension: (Bookmarks Menu) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2021-11-26]
CHR Extension: (Bitdefender Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2021-11-25]
CHR Extension: (Skrapp.io - Email Finder) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\geplbbbmdpmdodfmohpikfacgkfpkhec [2021-11-25]
CHR Extension: (Musixmatch Lyrics for YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig [2019-02-20]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-10-16]
CHR Extension: (Guardio Protection for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfpmkejnolcfklaaddjnckanhhgegla [2021-11-26]
CHR Extension: (Skrapp Enrich) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gklkbifnmojjpmbkojffeamiblineife [2021-05-13]
CHR Extension: (Screen Recorder - Grabador de pantalla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hniebljpgcogalllopnjokppmgbhaden [2021-05-25]
CHR Extension: (Tab Session Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaiomicjabeggjcfkbimgmglanimpnae [2021-10-16]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-25]
CHR Extension: (Barra lateral de marcadores) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbnofccmhefkmjbkkdkfiicjkgofkdh [2021-11-17]
CHR Extension: (Google Translate) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfhgpjbcoignfibliobpclhpfnadhofn [2021-11-25]
CHR Extension: (Tag Assistant Legacy (by Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2021-09-29]
CHR Extension: (Bitdefender Anti-tracker) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\khndhdhbebhaddchcgnalcjlaekbbeof [2021-11-25]
CHR Extension: (Bookmarks Bar Switcher) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcaelgondnfehcambmdhhfokjknhfahc [2021-05-29]
CHR Extension: (Raindrop.io) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldgfbffkinooeloadekpmfoklnobpien [2021-11-11]
CHR Extension: (Loom for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2021-11-25]
CHR Extension: (Menú de aplicaciones de Drive (de Google)) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2021-01-23]
CHR Extension: (SessionBox - Multi login to any website) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\megbklhjamjbcafknkgmokldgolkdfig [2021-11-28]
CHR Extension: (Name2Email: Find email by name for free) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnbdclgaeiapdnhfpbfalfjfcjddfaii [2021-08-30]
CHR Extension: (Hoxx VPN Proxy) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbcojefnccbanplpoffopkoepjmhgdgh [2021-11-15]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-30]
CHR Extension: (Bitwarden) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2021-10-30]
CHR Extension: (Dictionarist - Diccionario) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\npggnghnhkgioladlpfehafajnghlklc [2019-02-20]
CHR Extension: (Launch Readlang Web Reader) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpdkefpnfejbfnmdilmfhephfffmfoh [2021-11-13]
CHR Extension: (Invite post likers for Facebook™ - 2021) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\oobofacgjpheigmglnjjlhfolhcamaia [2021-08-09]
CHR Extension: (Enlace al fragmento de texto) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcodcjpfjdpcineamnnmbkkmkdpajjg [2021-09-29]
CHR Extension: (Qlearly Basic - Bookmark Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgoflfgdgcmjcbhgcfjffcaeibhipmkd [2021-02-05]
CHR Extension: (Evernote Web Clipper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2021-11-11]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR Extension: (Unmask Password - mostrar la contraseña) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmmeddaccflimcipblojlnfandenhicb [2019-02-20]
CHR Extension: (Scraper) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\poegfpiagjgnenagjphgdklmgcpjaofi [2019-02-20]
CHR Extension: (Udemy Downloader) - C:\Users\User\Downloads [2021-11-29]
CHR Extension: (AVG Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Ext\iaddtteidixfxyvefybtdwlgybuabxnorviwe [2021-11-25]
CHR Extension: (ySpellWeb) - C:\ProgramData\Rerccj\Xlbbz [2021-11-29]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\System Profile [2021-11-28]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci]
CHR HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [dhancbnhabhandieicagelcddkdfgoif] - C:\Program Files (x86)\Allavsoft\Video Downloader Converter\extensions\3.24.0.7961\BVDChromeExt.crx [2021-11-17]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

Segunda parte:


Opera: 
=======
OPR Profile: C:\Users\User\AppData\Roaming\Opera Software\Opera Stable [2021-11-29]
OPR Notifications: Opera Stable -> hxxps://www.dia.es; hxxps://www.truepush.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-29]
OPR Extension: (Login Helper) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\jlmmcmlofgjbafflkfccgainkpccfngl [2020-04-11]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\User\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-08-17]
OPR Extension: (ySpellWeb) - C:\ProgramData\Rerccj\Xlbbz [2021-11-29]

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2021-01-09] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-10] (Adobe Inc. -> Adobe)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [811584 2021-10-21] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [811584 2021-10-21] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2161256 2018-03-22] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [1899112 2018-03-22] (Bitdefender SRL -> Bitdefender)
S3 cfbackd; C:\Program Files\CleverFiles\Disk Drill\cfbackd.w32.exe [278528 2020-12-10] (CleverFiles) [Archivo no firmado]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9250696 2021-10-01] (Microsoft Corporation -> Microsoft Corporation)
S2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [25224 2021-08-30] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R3 EPMVssEaseusProvider; C:\WINDOWS\system32\dllhost.exe /Processid:{B0D4D8A8-D506-4944-B3CA-C655EC71F800} [21312 2021-03-28] (Microsoft Windows -> Microsoft Corporation)
S2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [22424 2020-09-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\HotKeyServiceUWP.exe [819856 2019-05-14] (HP Inc. -> HP Inc.)
R2 HP Hotkey Service; C:\Program Files (x86)\HP\HP Hotkey Support\HotkeyService.exe [966176 2018-01-22] (HP Inc. -> HP)
S3 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [734760 2021-07-03] (HP Inc. -> HP Inc.)
S3 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [733224 2021-07-03] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [733216 2021-07-03] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [733760 2021-07-03] (HP Inc. -> HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2021-10-11] (Huawei Technologies Co., Ltd. -> )
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [158232 2021-08-04] (IObit CO., LTD -> IObit)
R2 LanWlanSwitchingService; C:\Program Files (x86)\HP\HP Hotkey Support\LanWlanSwitchingService.exe [611872 2018-01-22] (HP Inc. -> HP)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_8598cf7f18c538c5\LanWlanWwanSwitchingServiceUWP.exe [731072 2019-05-14] (HP Inc. -> HP Inc.)
S3 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [236576 2020-04-03] (TEFINCOM S.A. -> )
R2 NVWMI; C:\WINDOWS\system32\nvwmi64.exe [4738952 2019-10-12] (NVIDIA Corporation -> NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [785512 2021-08-10] (Bitdefender SRL -> Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2747312 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4583240 2020-04-26] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [940976 2019-09-04] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-10] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13341480 2021-11-06] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [284760 2021-11-18] (Bitdefender SRL -> Bitdefender)
S3 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [91032 2020-09-16] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [811584 2021-10-21] (Bitdefender SRL -> Bitdefender)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [366720 2020-05-29] (Western Digital Technologies, Inc. -> Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-28] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATENCIÓN (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-28] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATENCIÓN (no ServiceDLL)
R2 ZAMSvc; C:\Program Files (x86)\MalwareFox AntiMalware\ZAM.exe [15767792 2021-11-26] (WOLF OF WEBSTREET (OPC) PRIVATE LIMITED -> Copyright 2017.)

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 ampa; C:\WINDOWS\system32\ampa.sys [38320 2017-02-28] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [3538632 2021-07-19] (Bitdefender SRL -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [802976 2020-12-04] (Bitdefender SRL -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [22976 2020-12-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Bitdefender)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [46056 2020-01-17] (Bitdefender SRL -> © Bitdefender SRL)
S3 bduefiscan; C:\WINDOWS\system32\DRIVERS\bduefiscan.sys [55864 2021-07-08] (Bitdefender SRL -> Bitdefender)
S3 ddmdrv; C:\WINDOWS\system32\ddmdrv.sys [35760 2016-12-27] (CHENGDU AOMEI Tech Co., Ltd. -> )
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [140280 2020-06-01] (ADAPP SASU -> Dokan Project)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation -> EldoS Corporation)
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [36280 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2020-12-07] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [33712 2020-02-23] (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2021-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 FSProFilter2; C:\WINDOWS\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (Alfa System Programming -> FSPro Labs)
R0 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [1193584 2021-04-21] (Bitdefender SRL -> BitDefender S.R.L. Bucharest, ROMANIA)
R1 googledrivefs3525; C:\WINDOWS\System32\DRIVERS\googledrivefs3525.sys [389640 2021-08-09] (Google LLC -> Google, Inc.)
S3 GridinSoftInetSecurityDriver; C:\WINDOWS\system32\DRIVERS\gsInetSecurity.sys [107784 2021-10-28] (GridinSoft, LLC -> GridinSoft LLC)
S3 GSDriver; C:\WINDOWS\System32\drivers\GSDriver64.sys [48464 2021-11-04] (Microsoft Windows Hardware Compatibility Publisher -> )
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2021-10-11] (Huawei Technologies Co., Ltd.) [Archivo no firmado]
R2 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [185312 2020-10-07] (Bitdefender SRL -> Bitdefender)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [43896 2020-07-31] (IObit Information Technology -> IObit)
R3 IUProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys [37112 2020-07-31] (IObit Information Technology -> IObit)
R3 IURegistryFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys [51128 2020-07-31] (IObit Information Technology -> IObit)
S3 MDA_NTDRV; C:\WINDOWS\system32\MDA_NTDRV.sys [21208 2021-01-21] (北京铠信神州科技有限责任公司 -> )
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
R1 RawDisk3; C:\WINDOWS\system32\drivers\detrd64.dll [39728 2016-10-11] (Janos Mathe -> EldoS Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2021-01-09] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [30744 2017-03-09] (IObit Information Technology -> IObit)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S0 Spybot3ELAM; C:\WINDOWS\System32\drivers\Spybot3ELAM.sys [19904 2019-06-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Windows (R) Win 7 DDK provider)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 TrojanKillerDriver; C:\WINDOWS\System32\DRIVERS\gtkdrv.sys [38216 2021-04-09] (GridinSoft, LLC -> GridinSoft LLC)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [615328 2021-07-21] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [481696 2021-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2021-11-26] (Zemana Ltd. -> Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2021-11-26] (Zemana Ltd. -> Zemana Ltd.)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Hola buenas @Leku

Hay una parte del primer Log que sigue estando incompleta. De todas formas creo que tengo lo suficiente para hacer lo que debo de ahcer.

De todas formas como en el futuro te pediré nuevos Logs, pues te aseguras de traerlos completos. Si no ya te indicaré otra manera de ponerlos.

Salu2.

Hola, buenas @Leku.

:zero: PREGUNTAS

¿Tú has instalado en tu ordenador los siguientes programas o te suenan? Son estos:

Allavsoft 3.24.0.7961 (HKLM-x32\...\{6EBED4D8-13D9-4370-8D44-B57DDB7A787C}_is1) (Version:  - Allavsoft Corporation)
AOMEI Partition Assistant 9.4 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI International Network Limited.)
Botsol Crawler (HKLM-x32\...\{8BACC5B7-60EC-4FE0-81C8-F75B29CAC3A2}) (Version: 8.0 - Botsol)v0hfz8pc
GridinSoft Anti-Malware (HKLM\...\GridinSoft Anti-Malware) (Version: 4.2.14 - Gridinsoft LLC)
MalwareFox AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Wolf of Webstreet OPC Private Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.8.68.0 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 10.0.1238 - SUPERAntiSpyware.com)

¿Los descargaste del sitio oficial? ¿Son piratas :pirate_flag: :pirate_flag:? ¿O son legales? Dime el estado de cada uno… si es legal… pirata y si lo descargaste del sitio oficial o no.

He detectado en tu equipo los siguientes antivirus instalados:

AV: Spybot - Search and Destroy (Enabled - Up to date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}
AV: Bitdefender Antivirus (Disabled - Up to date) {BAD274F4-FA00-8560-1CDE-6C830442BEFA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {A3C8941D-8036-3856-D9BB-709D4A2A7EAC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Cortafuego (Enabled) {82E9F5D1-B06F-8438-3781-C5B6FA91F981}

Todo y que por el log me lo imagino… ¿Pero qué antivirus utilizas actualmente en tu equipo como protección residente? ¿Y qué Firewall?

:one: DESINSTALACIÓN PROGRAMAS

Para los programas en que te diga: puedes quitarlos. Hazlo así:

Desinstalalos con Revo Uninstaller en su Modo Avanzado. Para ello sigues su manual la parte de desinstalación de programas.

Pues en tu caso tienes instalados los siguientes:

IObit Uninstaller 11 (HKLM-x32\...\IObitUninstall) (Version: 11.1.0.18 - IObit)
Smart Defrag 6 (HKLM-x32\...\Smart Defrag_is1) (Version: 6.4.5 - IObit)
Wondershare PDFelement(Build 7.6.8) (HKLM-x32\...\{77078E40-A92E-47FD-A0F6-168A4BF6CF3A}_is1) (Version: 7.6.8.5031 - Wondershare Software Co.,Ltd.)

Estos deben de quedar completamente desinstalados.

:two: DESINSTALACIÓN EXTENSIONES

Para las extensiones en que te diga: puedes quitarlas. Hazlo así:

Accedes a Chrome y quitas la extensión llamada ySpellWeb

En este caso quitas la extensión tal y como se indica en el siguiente enlace:

Aplicas lo mismo pero para Opera. Eso es:

Accedes a Opera y quitas la extensión llamada ySpellWeb, deberiá de funcionar el mismo procedimiento para CHROME. Me informas de ello como ha ido.

También dime si Firefox tiene dicha extensión o sino la tiene.

Sube este ficheros a VirusTotal para ello te recomiendo que sigas Manual VirusTotal:

C:\ProgramData\LiteSuse\ActioadUpgrzde\sljlo_JesPCLRD.dll

Y me traes el correspondiente análisis. Para ello adjuntas la dirección web/URL en tu próxima respuesta.

:three: Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

  • Reinicias el ordenador en Modo Normal.

  • Descargas DelFix en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.

  • Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
START
SystemRestore: On
CREATERESTOREPOINT:
CLOSEPROCESSES:
Folder: C:\ProgramData\Rerccj
Folder: C:\ProgramData\LiteSuse
File: C:\ProgramData\LiteSuse\ActioadUpgrzde\sljlo_JesPCLRD.dll
VirusTotal: C:\ProgramData\LiteSuse\ActioadUpgrzde\sljlo_JesPCLRD.dll
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {003c046e-76a3-11ea-a7f1-b05adaeb7818} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {7cd2526a-f3ba-11eb-a850-a4c4943f258b} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {81e54a79-45a8-11ec-a86a-a4c4943f258b} - "F:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {c54fb6b5-de2e-11eb-a849-a4c4943f258b} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1739314480-4207500633-2825667379-1001\...\MountPoints2: {f033edc5-dd89-11eb-a848-a4c4943f258b} - "E:\HiSuiteDownLoader.exe" 
BootExecute: autocheck autochk * bddel.exesdnclean64.exe
Task: {8B5FDBB7-6903-48CF-A605-15A8BFD714C3} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {B791A3E4-AD06-4BB0-9295-05ECD4C30099} - System32\Tasks\Microsoft\Windows\Bluetooth\MXEAgWIZ => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe /unregister C:\ProgramData\LiteSuse\ActioadUpgrzde\sljlo_JesPCLRD.dll
C:\ProgramData\LiteSuse\ActioadUpgrzde\sljlo_JesPCLRD.dll
Edge Extension: (Sin Nombre) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [no encontrado]
Edge Extension: (Sin Nombre) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [no encontrado]
Edge Extension: (Sin Nombre) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [no encontrado]
Edge Extension: (Sin Nombre) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [no encontrado]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\bd_js_config.js [2021-11-25] <==== ATENCIÓN (Apunta a archivo *.cfg)
FF ExtraCheck: C:\Program Files\mozilla firefox\bd_config.cfg [2021-11-25] <==== ATENCIÓN
CHR Extension: (ySpellWeb) - C:\ProgramData\Rerccj\Xlbbz [2021-11-29]
OPR Extension: (ySpellWeb) - C:\ProgramData\Rerccj\Xlbbz [2021-11-29]
S3 wuauserv; C:\WINDOWS\system32\svchost.exe [57360 2021-03-28] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATENCIÓN (no ServiceDLL)
S3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [47016 2021-03-28] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATENCIÓN (no ServiceDLL)
S3 cpuz145; \??\C:\WINDOWS\temp\cpuz145\cpuz145_x64.sys [X]
CustomCLSID: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001_Classes\CLSID\{75f92b33-bbaa-b4b4-04ac-a7c07959e5a66}\InprocServer32 -> 0x4B0F11C2EF89D501622095AAC78AD501020000002C00000000000000 => Ningún archivo
CustomCLSID: HKU\S-1-5-21-1739314480-4207500633-2825667379-1001_Classes\CLSID\{9486aaf1-0930-362a-962d-8e6908739c817}\InprocServer32 -> 0xDA0A49606488D5011A7C0CC2EF89D501030000001A00000000000000 => Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Ningún archivo
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Ningún archivo
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> Ningún archivo
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> Ningún archivo
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> Ningún archivo
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> Ningún archivo
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} =>  -> Ningún archivo
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Ningún archivo
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Ningún archivo
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> Ningún archivo
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> Ningún archivo
ShortcutWithArgument: C:\Users\User\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"
ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --load-extension="C:\ProgramData\Rerccj\Xlbbz\16887754"
C:\ProgramData\Rerccj\Xlbbz\16887754
AlternateDataStreams: C:\ProgramData\TEMP:960C67A0 [129]
AlternateDataStreams: C:\ProgramData\TEMP:B755D674 [94]
AlternateDataStreams: C:\ProgramData\TEMP:FC595E85 [354]

File: C:\WINDOWS\system32\MDA_NTDRV.sys
VirusTotal: C:\WINDOWS\system32\MDA_NTDRV.sys

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

:warning: El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente (OJO, en MODO NORMAL):

  1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).

  2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.

  3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.

  4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

:warning: Muy Importante :warning: Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

Salu2.

Hola Marr0n, muchas gracias por la ayuda. Como veía que no me podías responder me puse a mirar opciones y volví a pasar algunos softwares. Lo solucioné de una forma tan sencilla como añadiendo una opción que por defecto viene quitada en Malwarebytes. Me pareció increíble, pero sí, parece ser que por defecto el programa no busca rootkits, así que activé la función antes de iniciar el análisis y… tachan! Funcionó. Ni me aparecen ya los dobles acentos ni el navegador abre una pestaña con búsqueda en Bing. Todo como antes. Si quieres puedes comentarle esta opción a los demás usuarios antes de otras más complejas, a mí es la que me ha funcionado después de probar bastantes cosas (y mira que es una tontería, pero increiblemente el programa lo tiene desactivado por defecto).

Muchas gracias por todo!!!

De nada.

Pero hazme caso @Leku… haz todo lo que te he dicho. El bicho estoy casi seguro de que volverá sí o sí. Quizás tarde pero volverá…

Ya te digo Yo que dicha opción no lo erradicará totalmente. Sé de la forma que está construido este malware y te volverá a aparecer. Tiene varios “secretos” que más tarde o temprano lo harán resucitar.

Si te he dado esta solución no es porque sí. Tiene su motivo.

Ya se que opción es y vovlerá.

Espero noticias tuyas.

Salu2.

1 me gusta

Hola, buenas @Leku

He visto que muy recientemente te has conectado al foro.

¿Pudiste realizar algún avance? ¿Has hecho lo que te pedí?

Salu2.

Hola @Marr0n, los archivos que me dices (el del plugin y el otro) han desaparecido, imagino que con las varias herramientas que me descargué para análisis.

Actualmente uso Bitdefender. De momento todo me sigue bien habiendo reiniciado varias veces. Ten en cuenta que le pasé todo lo habido y por haber, incluso el apartado ese de rootkit que es lo que en mi caso solucionó el tema de los acentos.

He ido a hacerme la copia de seguridad del registro, pero el enlace no me lleva a ningún lado, me dice que ID erróneo. Quedo a la espera de que esté funcionable.

Gracias crack!

Hola, buenas @Leku

Primero de todo disculpa que haya tardado en responder. Pues últimamente voy con muy poco tiempo para el foro y es normal.

OK bien, perfecto.

Ok, sí, sí, … pero normalmente una infección que aunque le pases muchas “herramientas automáticas” (no lo van a eliminar), en la gran mayoría de los casos.

OK bien. Disculpa, no te puse el enlace correcto. Prueba con este: Thank you for downloading DelFix - ToolsLib

Lanzas el FIXLIST.TXT y me traes el FIXLOG.TXT.

Salu2.

Hola, buenas @Leku

¿Pudiste realizar algún avance?

Salu2.