# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Furtivex Malware Removal Script v7.1.2 # https://furtivex.net # OS: Microsoft Windows 10 Education x64 22H2 Español (Spanish) - 580a - 1252 - 850 # Nombre de usuario: 57300 (S-1-5-21-979982421-863876996-3069389525-1001) # Fecha: 2025_04_20__13_44_51 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Procesos: # Controladores: # Servicios: # Archivos: C:\Users\57300\AppData\Local\Resmon.ResmonCfg C:\ProgramData\droidcam.log C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex (2) C:\Users\57300\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js (1136) C:\Users\57300\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data (1454) C:\Users\57300\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js (2626) C:\Users\57300\AppData\Local\Microsoft\TokenBroker\Cache (13) C:\Users\57300\AppData\Local\Mozilla\Firefox\Profiles\\cache2\entries (4377) C:\Users\57300\AppData\Local\Opera Software\Opera Stable\Default\Cache\Cache_Data (1423) C:\Users\57300\AppData\Roaming\AdobeWLCMCache.dat C:\Users\57300\AppData\Roaming\Mozilla\Firefox\Profiles\\shader-cache (42) C:\Users\57300\AppData\Roaming\Opera Software\Opera Stable\Default\Code Cache\js (1744) C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM211DE.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM21B25.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM21B32.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM21D35.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM221A0.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM229C1.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM241A8.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM251CB.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2558A.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2576F.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM25984.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM25C6E.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM26578.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM26716.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM26BAF.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM27105.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM27571.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM27A46.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM27E5B.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM27EFE.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM28446.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM288BB.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM28DC7.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM290B6.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM29C67.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2A004.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2A4A4.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2A6CA.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2B580.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2B86A.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2D36.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2D62.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2E466.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2E8FE.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2F1AC.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2F7B9.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\tpm-106c-2230-be17c.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\tpm-2d74-2e84-bb01f.tmp C:\WINDOWS\System32\config\systemprofile\AppData\Local\tw-3020-13dc-b63aaa.tmp C:\WINDOWS\System32\perfc009.dat C:\WINDOWS\System32\perfc00A.dat C:\WINDOWS\System32\perfh009.dat C:\WINDOWS\System32\perfh00A.dat C:\WINDOWS\SysWOW64\24ctudisplay3.bin C:\WINDOWS\SysWOW64\BTTFTimeCircuits.bin C:\WINDOWS\SysWOW64\Hal9000Screensaver.bin Navegador: Google Chrome - Notificaciones push encontradas y eliminadas (Default) Navegador: Microsoft Edge - Notificaciones push encontradas y eliminadas (Default) Navegador: Opera - Notificaciones push encontradas y eliminadas (Default) # Carpetas: C:\Users\57300\AppData\Local\BitTorrentHelper C:\Users\57300\AppData\Roaming\ffplay C:\Users\57300\AppData\Roaming\pythonw C:\Users\57300\cui C:\winsystem C:\Users\57300\AppData\Local\D3DSCache (1) C:\Users\57300\AppData\Local\Microsoft\Windows\INetCache\IE (4) C:\WINDOWS\System32\config\systemprofile\AppData\Local (24322) C:\WINDOWS\System32\config\systemprofile\AppData\Local\D3DSCache (2) # Tareas: # Registro: HKLM\Software\Microsoft\Tracing\AddInProcess32_RASAPI32 HKLM\Software\Microsoft\Tracing\AddInProcess32_RASMANCS HKLM\Software\Microsoft\Tracing\node_RASAPI32 HKLM\Software\Microsoft\Tracing\node_RASMANCS HKLM\Software\Microsoft\Tracing\PowerDVDMovie_RASAPI32 HKLM\Software\Microsoft\Tracing\PowerDVDMovie_RASMANCS HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-280813Enabled HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338388Enabled HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338389Enabled HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SystemPaneSuggestionsEnabled [1] => [0] HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Edge Update HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_D43EE07753EB9EA0999B32F1A2C615FC HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Opera Browser Assistant HKLM\System\CurrentControlSet\Control\CrashControl\\AutoReboot [1] => [0] HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3AF38264-3F4C-4420-B1F0-8F7366B98BD8} HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69C6351A-B9DD-44FE-8ADB-88E0E01D234C} HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88B3799D-4D23-42E1-A25B-7A0D12508DBF} # Misceláneo: AntiVirus Software: Windows Defender Punto de restauración: Furtivex Malware Removal Script - Creado HKLM\Software\Microsoft\Windows Defender\Exclusions\Extensions HKLM\Software\Microsoft\Windows Defender\Exclusions\IpAddresses HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths C:\Users\57300\Downloads\Hal9000ConsoleBasicInstall.exe REG_DWORD 0x0 HKLM\Software\Microsoft\Windows Defender\Exclusions\Processes torrent REG_DWORD 0x0 HKLM\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths C:\FRST\Quarantine\C\Program Files\FxSound LLC\FxSound\WTSAPI32.dll.xBAD <19456> <2021-07-31 06:47:36> C:\FRST\Quarantine\C\ProgramData\Reprise\jhqduwvxlctbqqijsf`usjbm`pgyjhipihki <422> <2023-11-02 19:47:25> C:\FRST\Quarantine\C\ProgramData\Reprise\jhqduwvxlctbqqijsf`usjbm`pgyjhipihkifh <386> <2023-11-02 05:51:29> C:\FRST\Quarantine\C\ProgramData\Reprise\jhqduwvxlctbqqijsf`usjbm`pgyjhjjiihq <362> <2023-11-02 23:07:32> C:\FRST\Quarantine\C\ProgramData\Reprise\jhqduwvxlctbqqijsf`usjbm`vovtfe.qpsu.obnfjhjjiihq <401> <2023-11-02 23:04:12> C:\FRST\Quarantine\C\ProgramData\Reprise\jhqduwvxlctbqqijsf`usjbm`vovtfe.qpsu.obnfjhjkiihj <467> <2025-03-22 05:59:06> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\IISEXPRESSHELPER.dll <75808> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\IISUTIL2.dll <325664> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\Launcher.exe <190528> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\mscorlib.dll <8717> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\nativrd2.dll <505904> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\rtinfo.dll <3934208> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\vcredist_244.dll <22715392> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\Users\57300\AppData\Roaming\Launcher\vcruntime210.dll <2548> <2025-04-10 23:27:59> C:\FRST\Quarantine\C\WINDOWS\System32\Drivers\etc\hosts.xBAD <824> <2019-12-07 09:14:57> C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem134.0.6985.0{2F68364C-C375-41FF-8A90-D3B6B184960E}.xBAD <4270> <2025-02-03 01:45:18> C:\Users\57300\AppData\Local\CrashDumps\AddInProcess32.exe.18852.dmp <82012> <2025-04-10 23:28:22> C:\Users\57300\AppData\Local\CrashDumps\explorer.exe.6624.dmp <11696999> <2025-04-16 14:22:14> C:\Users\57300\AppData\Local\CrashDumps\explorer.exe.6756.dmp <13661860> <2025-02-08 06:27:06> C:\Users\57300\AppData\Local\CrashDumps\firefox.exe.1208.dmp <17993460> <2025-03-18 05:40:44> C:\Users\57300\AppData\Local\CrashDumps\opera_crashreporter.exe.16104.dmp <1082529> <2025-04-16 21:36:40> C:\Users\57300\AppData\Local\CrashDumps\SearchApp.exe.8128.dmp <10703404> <2025-02-10 04:39:30> C:\Users\57300\AppData\Local\CrashDumps\vegas170.exe.1352.dmp <165745127> <2025-02-12 23:41:23> C:\Users\57300\AppData\Local\CrashDumps\vegas170.exe.16216.dmp <207609463> <2025-03-18 04:35:31> C:\Users\57300\AppData\Local\CrashDumps\vegas170.exe.17188.dmp <11472016> <2025-03-19 19:09:05> C:\Users\57300\AppData\Local\CrashDumps\vegas170.exe.21556.dmp <6503509> <2025-01-29 04:12:23> C:\WINDOWS\Minidump\041025-41109-01.dmp <986108> <2025-04-10 05:53:08> C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\lpksetup.exe.7888.dmp <638427> <2025-01-19 14:25:09> C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\MsMpEng.exe.3084.dmp <2636818> <2024-06-27 15:09:03> C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\MsMpEng.exe.4068.dmp <2949906> <2024-09-08 04:56:19> C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\winlogon.exe.876.dmp <727685> <2024-09-06 03:01:29> # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #