# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # DoesNotBelong v8.4.9 # Furtivex Computer Solutions - https://furtivex.net # OS: Microsoft Windows 10 Pro x64 22H2 Español (Spanish) - 0C0A - 1252 - 850 # Nombre de usuario: ArturoParra (S-1-5-21-1475189372-905897940-3643049737-1001) # Fecha: 2025_07_06__20_55_53 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # # Procesos: # Controladores: # Servicios: # Archivos: C:\Windows\System32\GroupPolicy\GPT.ini C:\Windows\System32\perfc009.dat C:\Windows\System32\perfc00A.dat C:\Windows\System32\perfh009.dat C:\Windows\System32\perfh00A.dat # Carpetas: # Tareas: CreateExplorerShellUnelevatedTask Microsoft\Office\Office Automatic Updates 2.0 Microsoft\Office\Office ClickToRun Service Monitor Microsoft\Windows\Application Experience\PcaPatchDbTask Microsoft\Windows\Application Experience\PcaWallpaperAppDetect Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback Microsoft\Windows\WindowsUpdate\Scheduled Start ZoomUpdateTaskUser-S-1-5-21-1475189372-905897940-3643049737-1001 # Registro: HKLM\Software\Microsoft\Tracing\BootstrapperUI_V2_RASAPI32 HKLM\Software\Microsoft\Tracing\BootstrapperUI_V2_RASMANCS HKLM\Software\Microsoft\Tracing\DSAService_RASAPI32 HKLM\Software\Microsoft\Tracing\DSAService_RASMANCS HKLM\Software\Microsoft\BingSvc HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\CCleaner Smart Cleaning HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\KeePassXC HKLM\Software\Microsoft\Shared Tools\MSConfig\services\CCleanerPerformanceOptimizerService HKLM\Software\Microsoft\Shared Tools\MSConfig\services\GoogleChromeElevationService HKLM\Software\Microsoft\Shared Tools\MSConfig\services\GUBootService HKLM\Software\Microsoft\Shared Tools\MSConfig\services\GUMemfilesService HKLM\Software\Microsoft\Shared Tools\MSConfig\services\gupdate HKLM\Software\Microsoft\Shared Tools\MSConfig\services\gupdatem HKLM\Software\Microsoft\Shared Tools\MSConfig\services\GUPMService HKLM\Software\Microsoft\Shared Tools\MSConfig\services\KSDE4.0 HKLM\Software\Microsoft\Shared Tools\MSConfig\services\KSDE5.13 HKLM\Software\Microsoft\Shared Tools\MSConfig\services\MozillaMaintenance HKLM\Software\Microsoft\Shared Tools\MSConfig\services\PortmasterCore HKLM\Software\Microsoft\Shared Tools\MSConfig\services\Start10 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\AvastUI.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Nitro System Tray HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\RtkAudUService HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\SecurityHealth HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\WindowsDefender HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Cloudflare WARP.lnk HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\Portmaster Notifier.lnk HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\SetupRST_ModeSwitch.lnk HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit value contained extras -> restored HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2423E4C2-462B-4525-BBB8-F54F7B741B73} # Cachés: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex (26) C:\Users\USUARIO\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data (5) C:\Users\USUARIO\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Code Cache\js (1) C:\Users\USUARIO\AppData\Local\D3DSCache (5) C:\Users\USUARIO\AppData\Local\Microsoft\TokenBroker\Cache (3) C:\Users\USUARIO\AppData\Local\Microsoft\Windows\ActionCenterCache (0) C:\Users\USUARIO\AppData\Local\Microsoft\Windows\INetCache\IE (4) C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts (1) C:\Windows\System32\config\systemprofile\AppData\Local (114) C:\Windows\System32\config\systemprofile\AppData\Local\D3DSCache (3) # Misceláneo: [?] AntiVirus Software: ESET [?] AntiVirus Software: Kaspersky [?] AntiVirus Software: Malwarebytes [?] AntiVirus Software: Windows Defender [?] Se borraron los registros del Visor de eventos [?] Punto de restauración: Does Not Belong PRESCAN - Creado HKLM\Software\Microsoft\Windows Defender\Exclusions DisableAutoExclusions REG_DWORD 0x1 HKLM\Software\Microsoft\Windows Defender\Exclusions\Extensions HKLM\Software\Microsoft\Windows Defender\Exclusions\IpAddresses HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths F:\OInstall.exe REG_DWORD 0x0 C:\Users\USUARIO\AppData\Local\Temp\files REG_DWORD 0x0 C:\Program Files (x86)\UsbFix REG_DWORD 0x0 HKLM\Software\Microsoft\Windows Defender\Exclusions\Processes HKLM\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths C:\FRST\Quarantine\C\FirewallBackup.reg.xBAD C:\FRST\Quarantine\C\Windows\System32\Drivers\etc\hosts.xBAD C:\FRST\Quarantine\C\Windows\System32\Tasks\Remove AdwCleaner Application.xBAD C:\FRST\Quarantine\C\Windows\System32\Tasks\Uninstall AdwCleaner Application.xBAD C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\DAX3API.exe.4296.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\DAX3API.exe.9836.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\IntelAudioService.exe.4312.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\IntelAudioService.exe.4336.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\IntelAudioService.exe.4376.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\IntelAudioService.exe.4456.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\IntelAudioService.exe.4960.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\LenovoVantageService.exe.7172.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.13732.protected.dmp C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\wuauclt.exe.2428.dmp # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #