Limpieza Profunda

Hola @LookazR

Bienvenido nuevamente al Foro!!!

Todos hemos tenido que registrarnos nuevamente.

ForoSpyware reabre sus puertas nuevamente!


Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga, instala y/o actualiza a las siguientes herramientas:

3.- Ejecutas respetando el orden los pasos con todos los programas cerrados incluido los navegadores

CCleaner

Usando su opción Limpiador de acuerdo su Manual:

  • Para borrar Cookies, temporales de Internet y todos los archivos que este te muestre como obsoletos.
  • Cuando lo instales destilda las casillas para no permitir la instalación de Ccleaner Browser/Avast Browser o similar.
  • NO necesitamos este reporte

AdwCleaner

Lo ejecutas.

  • Pulsa en el botón Escanear y espera a que se realice el proceso. Luego pulsa sobre el botón Limpiar.
  • Espera a que se complete. Si te pidiera reiniciar el sistema Aceptas.
  • Guarda el reporte que le aparecerá para copiarlo y pegarlo en tu próxima respuesta.
  • El informe también puede encontrarse en “C:\AdwCleaner\AdwCleaner.txt”

ZHPCleaner

  • Siguiendo su manual, lo instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

Malwarebytes Versión 4

  • Presiona clic en “Use Malewarebytes Free” (Usar Malewarebyte gratis).

  • Pulsa en el botón “Open Malewarebytes Free”.

imagen

  • Presiona el botón “Scan” (Escaneo).

imagen

Una vez finalizado el escaneo aparecerá la siguiente pantalla:

imagen

  • Pulsa en “View report” (Ver informe).

  • Luego presionar el botón “Export” (Exportar). Elijes “Text file” (fichero de texto). Elijes un nombre y guardas ese archivo en el escritorio…

4.- Nota Importante:

En tu próxima respuesta debes pegar los reportes de AdwCleaner , ZHPCleaner y Malwarebytes.

Guía: ¿Como Pegar reportes en el Foro?

Nos comentas.

Salu2

# -------------------------------
# Malwarebytes AdwCleaner 7.4.2.0
# -------------------------------
# Build:    10-21-2019
# Database: 2019-10-21.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    11-06-2019
# Duration: 00:00:02
# OS:       Windows 7 Ultimate
# Cleaned:  20
# Failed:   0


***** [ Services ] *****

Deleted       omaha
Deleted       omaham

***** [ Folders ] *****

Deleted       C:\ProgramData\Tencent
Deleted       C:\Users\Lucas\AppData\Local\Tencent
Deleted       C:\Users\Lucas\AppData\Roaming\IObit\Advanced SystemCare
Deleted       C:\Users\Lucas\AppData\Roaming\Tencent
Deleted       C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\ASC11_PERFORMANCEMONITOR
Deleted       C:\Windows\System32\Tasks\SVCHOST

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81D57229-D2EC-4EF2-AD97-5FB0D271274D}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81D57229-D2EC-4EF2-AD97-5FB0D271274D}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3BFEC26-82A6-4141-AC90-C3D33843D749}
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC11_PerformanceMonitor
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\svchost
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{055B384E-783E-4BAB-863C-79DBF0EC0A1A}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{6707282A-2F0A-47A3-A32C-4B84355FA890}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B030FBA4-FC9B-4014-A43A-1AC38B2702DE}
Deleted       HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F57BBEFC-C908-4A6C-AE04-D6BA32BC2644}
Deleted       HKLM\Software\Classes\METNSD
Deleted       HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\MandarinBrowser

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [37935 octets] - [06/11/2019 20:13:25]
AdwCleaner[S00].txt - [3396 octets] - [06/11/2019 20:13:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Este es el primero que me mostró

~ ZHPCleaner v2019.11.3.156 by Nicolas Coolman (2019/11/03)
~ Run by Lucas (Administrator)  (06/11/2019 20:19:17)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scanner
~ Report : C:\Users\Lucas\Desktop\ZHPCleaner (S).txt
~ Quarantine : C:\Users\Lucas\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : 
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (3)
ENCONTRADOS: 35.156.90.191 authserver.mojang.com  =>Hijacker.Hosts
ENCONTRADOS: 35.156.90.191 sessionserver.mojang.com  =>Hijacker.Hosts
Número de redirecciones encontrados 2/24


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (6)
ENCONTRADOS carpeta: C:\Users\Lucas\Desktop\µTorrent.lnk  [Bad : C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Lucas\Desktop\µTorrent.lnk    =>BitTorrent (P2P)
ENCONTRADOS carpeta: C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk    =>BitTorrent (P2P)
ENCONTRADOS archivo: C:\Program Files (x86)\Remote Mouse  =>Adware.Suspect


---\\  Registro ( Claves, Valores, Datos) (1)
ENCONTRADOS clave: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)


---\\  Resumen de elementos en su estación de trabajo (3)
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Hijacker.Hosts
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/02/adware-suspect/  =>Adware.Suspect


---\\ Resultado de la reparación.
~ ninguna reparación hecha
~ Google Chrome OK
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 103909
~ Items encontrado : 11
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0


~ End of search in 00h10mn59s

---\\  Reporte (0)
ZHPCleaner-[S]-06112019-20_30_16.txt

Y este es el segundo

~ ZHPCleaner v2019.11.3.156 by Nicolas Coolman (2019/11/03)
~ Run by Lucas (Administrator)  (06/11/2019 20:42:34)
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparar
~ Report : C:\Users\Lucas\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Lucas\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados. (ADS)

---\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados. (Servicio)

---\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados. (Navegador)

---\  Hosts carpeta (3)
REEMPLAZO: 35.156.90.191 authserver.mojang.com
REEMPLAZO: 35.156.90.191 sessionserver.mojang.com
Número de redirecciones encontrados 2/24

---\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados. (Tarea)

---\  Explorador ( Archivos, Carpetas ) (3)
MOVIDO carpeta: C:\Users\Lucas\Desktop\µTorrent.lnk  [Bad : C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO carpeta: C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVIDO archivo: C:\Program Files (x86)\Remote Mouse  =>Adware.Suspect

---\  Registro ( Claves, Valores, Datos) (1)
BORRADOS clave*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)

---\  Resumen de elementos en su estación de trabajo (2)
nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
nicolascoolman.eu/2017/03/02/adware-suspect/  =>Adware.Suspect

---\ Limpieza adicional. (2)
~ Clave de registro Tracing borrados (2)
~ Quitar los antiguos informes de ZHPCleaner. (0)

---\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Google Chrome OK
~ Internet Explorer OK

---\ STATISTIQUES
~ Items escaneado : 15083
~ Items encontrado : 0
~ artículos cancelados : 0
~ Items opciones : 6/13
~ Ahorro de espacio (bytes) : 0
~ End of clean in 00h00mn08s

---\  Reporte (2)
ZHPCleaner-[S]-06112019-20_30_16.txt
ZHPCleaner-[R]-06112019-20_42_42.txt
Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 6/11/19
Hora del análisis: 20:49
Archivo de registro: 061f59cc-00f0-11ea-a3b8-d050990e74ae.json

-Información del software-
Versión: 4.0.4.49
Versión de los componentes: 1.0.717
Versión del paquete de actualización: 1.0.14606
Licencia: Gratis

-Información del sistema-
SO: Windows 7 Service Pack 1
CPU: x64
Sistema de archivos: NTFS
Usuario: Lucas-PC\Lucas

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 328445
Amenazas detectadas: 13
Amenazas en cuarentena: 13
Tiempo transcurrido: 10 min, 32 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 13
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.0\STANDALONEPHASE1.DAT, En cuarentena, 7923, 393793, 1.0.14606, , ame, 
Generic.Malware/Suspicious, C:\USERS\LUCAS\DOWNLOADS\SLAYER LEECHER V0.6.ZIP, En cuarentena, 0, 392686, 1.0.14606, , shuriken, 
Generic.Malware/Suspicious, C:\USERS\LUCAS\DOWNLOADS\SLAYER LEECHER V0.4.ZIP, En cuarentena, 0, 392686, 1.0.14606, , shuriken, 
CrackTool.Keygen, C:\USERS\LUCAS\DOWNLOADS\XF-2020.RAR, En cuarentena, 8134, 664855, 1.0.14606, 7A5754294DE603D599D4F7A8, dds, 00446206
Trojan.Clicker, C:\USERS\LUCAS\DOWNLOADS\KIT ALTER PRINCIPIANTE.RAR, En cuarentena, 3218, 443055, 1.0.14606, 4BF1BAFB19DBA9948D6C1C02, dds, 00446206
CrackTool.Keygen, C:\USERS\LUCAS\DESKTOP\3DS MAX\XF-2020\XF-ADSK2020.EXE, En cuarentena, 8134, 664855, 1.0.14606, 7A5754294DE603D599D4F7A8, dds, 00446206
Trojan.Injector, C:\USERS\LUCAS\DOWNLOADS\COMBO_EDITOR_BY_XRISKY_V1.0.RAR, En cuarentena, 648, 663747, 1.0.14606, 00EA16B17241F89F494638C2, dds, 00446206
HackTool.BruteForce, C:\USERS\LUCAS\DOWNLOADS\MINECRAFT  CHECKER ACCOUNT  BY X-KILLER.RAR, En cuarentena, 8485, 677262, 1.0.14606, 771ACB087A31518BAB8A7064, dds, 00446206
HackTool.BruteForce, C:\USERS\LUCAS\DESKTOP\KIT ALTER PRINCIPIANTE\MINECRAFT  CHECKER ACCOUNT  BY X-KILLER\MINECRAFT  CHECKER ACCOUNT  BY X-KILLER.EXE, En cuarentena, 8485, 677262, 1.0.14606, 771ACB087A31518BAB8A7064, dds, 00446206
Generic.Malware/Suspicious, C:\USERS\LUCAS\DESKTOP\JUEGOS\LAUNCHERFENIX_MINECRAFT.EXE, En cuarentena, 0, 392686, 1.0.14606, , shuriken, 
Generic.Malware/Suspicious, C:\USERS\LUCAS\DESKTOP\KIT ALTER PRINCIPIANTE\SLAYER LEECHER V0.6\SLAYER LEECHER V0.6.EXE, En cuarentena, 0, 392686, 1.0.14606, , shuriken, 
HackTool.PassView, C:\USERS\LUCAS\DESKTOP\KIT ALTER PRINCIPIANTE\PROTECTOR DE DATOS.EXE, En cuarentena, 12818, 707266, 1.0.14606, E5E99DB8FAD46B16026F48E7, dds, 00446206
Trojan.Injector, C:\USERS\LUCAS\DESKTOP\KIT ALTER PRINCIPIANTE\COMBO EDITOR BY XRISKY V1.0\COMBO EDITOR BY XRISKY.EXE, En cuarentena, 648, 663747, 1.0.14606, 00EA16B17241F89F494638C2, dds, 00446206

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hola @LookazR

Habia bastantes porquerías por allí!!

Realiza lo siguiente:

Análisis del PC con Eset Online Scaner : Manual de Uso lee las instrucciones para salvar el reporte.

Análisis del PC con Kasperky Virus Removal Tool: Manual de Uso

  • Este no da reporte cuando te encuentres, si es que lo hace con alguna infección, tomas una imagen y la subes.

Como subir imágenes al Foro ?

Salu2

> 22:44:21 # product=EOS
> # version=8
> # ESETOnlineScanner_ESL.exe=3.1.10.0
> # country="Argentina"
> # lang=13322
> 22:45:31 Updating
> 22:45:31 Update Init
> 22:45:34 Update Download
> 22:48:03 esets_scanner_reload returned 0
> 22:48:03 g_uiModuleBuild: 43361
> 22:48:03 Update Finalize
> 22:48:03 Call m_esets_charon_send
> 22:48:03 Call m_esets_charon_destroy
> 22:48:03 Updated modules version: 43361
> 22:48:20 Scanner engine: 43361
> 07:01:54 Call m_esets_charon_send
> 07:01:54 Call m_esets_charon_destroy
> 11:55:01 # product=EOS
> # version=8
> # ESETOnlineScanner_ESL.exe=3.1.10.0
> # country="Argentina"
> # lang=13322
>

Hola @LookazR

Eset no te detecto nada?

Y que paso con Kaspersky?

Salu2

Eset me detecto pero el tonto de mi hermano lo cerro cuando se levanto, y según el manual entre a ese log, y el kaspersky no me detecto nada, esta noche lo vuelvo a tirar si quieres a los 2, pasa que tardan bastante

Hola @LookazR

No te preocupes.


Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >> Como saber si mi Windows es de 32 o 64 bits.?

  • Ejecuta FRST.exe.
  • En el mensaje de la ventana del Disclaimer, pulsamos Yes
  • En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
  • Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

No me deja porque pasa los 70k de letras, ahi dejo el archivo

Addition.txt (67,4 KB)

Y este tiene 67k de letras

FRST.txt (64,5 KB)

Hola @LookazR

Mientras analizo los reportes dime si esta entrada (una ruta estática configurada en tu registro) la has configurado tu?

HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]

Nos comentas.

Salu2

Perdon la tardanza, no estuve todo el dia en el pc, emmm no, pero es la ip del router si no me equivoco no? Yo del registro lo unico que hice hace un tiempo fue borrar un registro para podes desinstalar el eset, ya que me habia olvidado la pass, luego Nada mas.

1 me gusta

Hola @LookazR

Aun se ve activo Eset en tu equipo.

Descarga su Herramienta de desinstalación especifica, la ejecutas , reinicias.


Ejecutaste FRST desde un lugar incorrecto:

  • Running from C:\Users\Lucas\ Downloads

Corta el ejecutable y pegalo en tu escritorio <<< Esto es Muy Importante.


Luego sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

  • Descarga DelFix en el escritorio de Windows.
  • Clic Derecho, “Ejecutar como Administrador”.
  • En la ventana principal, marca solamente la casilla “Create Registry Backup”.
  • Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad/Bloc de Notas y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
Task: {81C94904-8AA8-416C-8554-6DF3C68618B9} - System32\Tasks\MandarinBrowserUpdateTaskMachineCore => C:\Program Files (x86)\MandarinBrowser\Update\MandarinUpdate.exe
Task: {A1FBEB30-1117-4CBB-930C-E47BF101EF88} - System32\Tasks\MandarinBrowserUpdateTaskMachineUA => C:\Program Files (x86)\MandarinBrowser\Update\MandarinUpdate.exe
C:\Program Files (x86)\MandarinBrowser
Task: {26BC8035-9AAD-454D-A228-D6288A8E61A0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Lucas\Downloads\ESETOnlineScanner_ESL.exe [8166712 2019-11-06] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {478A3714-B690-4162-B135-747B4B424FC2} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Lucas\Downloads\ESETOnlineScanner_ESL.exe [8166712 2019-11-06] (ESET, spol. s r.o. -> ESET spol. s r.o.)
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.d.mandarin-browser.com/MandarinBrowser Update;version=3 -> C:\Program Files (x86)\MandarinBrowser\Update\1.3.109.0\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.d.mandarin-browser.com/MandarinBrowser Update;version=9 -> C:\Program Files (x86)\MandarinBrowser\Update\1.3.109.0\npGoogleUpdate3.dll [No File]
S4 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-11-07 11:59 - 2019-11-07 12:02 - 173250488 _____ (AO Kaspersky Lab) C:\Users\Lucas\Downloads\KVRT (1).exe
2019-11-07 11:58 - 2019-11-07 11:58 - 000000000 ____D C:\KVRT_Data
2019-11-07 07:01 - 2019-11-07 07:01 - 000003716 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2019-11-07 07:01 - 2019-11-07 07:01 - 000003276 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2019-11-06 22:30 - 2019-11-06 22:30 - 008166712 _____ (ESET spol. s r.o.) C:\Users\Lucas\Downloads\ESETOnlineScanner_ESL.exe
2019-11-04 16:45 - 2019-11-06 21:03 - 000000000 ____D C:\Users\Lucas\Desktop\Kit Alter Principiante
2019-10-10 01:39 - 2019-10-12 22:38 - 000545568 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2019-10-10 01:39 - 2019-10-10 01:39 - 000432840 _____ (TENCENT) C:\Windows\system32\Drivers\tesrsdt.sys
2019-10-10 01:14 - 2019-10-10 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [432840 2019-10-10] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [545568 2019-10-12] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
R2 aow_drv; C:\Program Files\TxGameAssistant\UI\aow_drv_x64.sys [862880 2019-09-27] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S4 QMEmulatorService; C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [148840 2019-09-30] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
2019-10-10 01:14 - 2019-10-10 01:19 - 000000000 ____D C:\Program Files\txgameassistant
2019-10-10 01:14 - 2019-10-10 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2019-11-07 11:54 - 2019-09-20 14:06 - 000000744 _____ C:\Users\Lucas\Desktop\ESET Online Scanner.lnk
2019-11-06 20:14 - 2019-07-03 00:25 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\IObit
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\2052
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1055
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1049
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1046
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1045
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1042
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1041
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1040
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1036
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1031
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1029
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1028
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\system32\3082
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\system32\1033
CustomCLSID: HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
AlternateDataStreams: C:\Windows\System32:tdsrset.gfc [5846]
FirewallRules: [{47B674AF-EF91-4AB0-BE29-1C0E521C288E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{0DF43F6B-ADF9-4F66-8D01-64D0448F2CB6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{4C864805-3D5A-4A85-8669-1B2722A5A25B}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [UDP Query User{41360E6A-DC7F-4D17-BC97-C8FD97494AFC}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [TCP Query User{92F78679-A21A-4707-A68C-245634A76663}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [UDP Query User{E1EA10D9-8678-4CCF-A02C-0C081B460958}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [TCP Query User{9C5A975C-82C1-4A24-AFDA-570571CB013D}C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe No File
FirewallRules: [UDP Query User{C92B90A0-EC3D-4272-84F4-5BBDB315711A}C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe No File
FirewallRules: [TCP Query User{D05AFC44-6E6D-4EA0-AC59-99F7254A3BF9}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe No File
FirewallRules: [UDP Query User{FC363BD6-1B91-4A5C-A6DB-BF7B338A3647}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe No File
FirewallRules: [{9DE9DAD3-83AE-499F-B0F3-B2DC8A2BBA7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{FDCC1559-0916-4705-BE45-57D7FC62FB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{0FC542BB-62FD-4B2E-B4E9-08C1E36BA76F}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{041553D0-8BA8-4A4B-9771-57FFDA9F4350}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{A2511A5E-F6F8-4F00-BFDE-24D4B9C50FE8}] => (Allow) c:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{19D4A994-8650-49C3-87A1-BD3818CD8759}] => (Allow) c:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{B6ACFBE9-BF59-494A-977D-55BD5A0143E5}] => (Allow) c:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司)
FirewallRules: [{7D605A57-2BF6-40DB-A6B9-81709DBC5E9F}] => (Allow) c:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{4A0E2ED7-62A8-4947-9F63-2C3C4703446E}] => (Allow) c:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{AE5DE6AA-A2DB-4696-A0A9-420BEBA82765}] => (Allow) c:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{8D579E22-03BD-4304-82B4-D13440FC3FEA}] => (Allow) c:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{EB74A56A-CB61-405C-A863-FBF804958552}] => (Allow) c:\program files\txgameassistant\ui\adb.exe () [File not signed]
FirewallRules: [{62B2083F-D432-482F-AD15-EEA74973AC3E}] => (Allow) c:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{BAF929DC-F300-466B-BE9B-8DEBB5ECF1EF}] => (Allow) c:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{4824033C-1D06-4CD0-A7A8-7A59E8288ABB}] => (Allow) c:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{5CE41CD1-64CE-4CDE-82C0-B00B0109CA12}] => (Allow) c:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{3ECD0BAE-E901-4D4D-8220-9E8514A1AC4C}] => (Allow) c:\program files\txgameassistant\ui\adb.exe () [File not signed]
FirewallRules: [{24C9458B-BCC2-4B48-9874-18EDCEC4285F}] => (Allow) c:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{098F0589-C1E5-4264-859F-59F329510098}] => (Allow) c:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{444E64FB-6FCD-4885-9F86-ABC359E518F1}] => (Allow) c:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
c:\program files\txgameassistant
FirewallRules: [{B4E4FD72-5108-4F5D-9BF1-6664F0F43B12}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe No File
FirewallRules: [{2343AE35-44A2-4989-A915-54825D4C9568}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe No File
FirewallRules: [{921DD579-53E7-4275-8F4A-B190D3ECDD4E}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe No File
FirewallRules: [{FE16953D-1041-4CDE-871F-6AE7AC77617C}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe No File
FirewallRules: [TCP Query User{68C846E4-CC70-4298-B2F4-65256185084D}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [UDP Query User{8562977B-C52A-4A38-B309-06E6B1641915}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [TCP Query User{6214792E-C697-4C36-9174-023BFAC2FBBC}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{F7ABAE95-73C4-4693-9E7E-54F547CC5865}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
  • Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

  • Ejecutas Frst.exe.
  • Presionas el botón Fix y aguardas a que termine.
  • La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
  • Lo pegas en tu próxima respuesta.

Actualizas Java a su ultima versión., ya que tenias instaladas versiones obsoletas.

Nos comentas .

Salu2.

Ahh eso porque lo volví a instalar pero sin password, en eso que me pasaste me lo borra o algo? mira que capas se me re buguea todo con el eset

Hola @LookazR

No lo desinstales entonces. Sigue a partir de:

Ejecutaste FRST desde un lugar incorrecto

Ahora si lo tienes pirata desde ya te aconsejo que lo dejes de usar ya que no te defiende, tienes una importante infección.

Salu2

ufff ya hice lo de antes, emmm en realidad estoy usando el Trial, probandolo, capas lo compraba, yo antes no usaba antivirus, lo empece a usar hace poco, por precaución

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-11-2019
Ran by Lucas (09-11-2019 01:09:06) Run:1
Running from C:\Users\Lucas\Desktop
Loaded Profiles: Lucas (Available Profiles: Lucas)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start
CloseProcesses:
CreateRestorePoint:
Task: {81C94904-8AA8-416C-8554-6DF3C68618B9} - System32\Tasks\MandarinBrowserUpdateTaskMachineCore => C:\Program Files (x86)\MandarinBrowser\Update\MandarinUpdate.exe
Task: {A1FBEB30-1117-4CBB-930C-E47BF101EF88} - System32\Tasks\MandarinBrowserUpdateTaskMachineUA => C:\Program Files (x86)\MandarinBrowser\Update\MandarinUpdate.exe
C:\Program Files (x86)\MandarinBrowser
Task: {26BC8035-9AAD-454D-A228-D6288A8E61A0} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\Lucas\Downloads\ESETOnlineScanner_ESL.exe [8166712 2019-11-06] (ESET, spol. s r.o. -> ESET spol. s r.o.)
Task: {478A3714-B690-4162-B135-747B4B424FC2} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\Lucas\Downloads\ESETOnlineScanner_ESL.exe [8166712 2019-11-06] (ESET, spol. s r.o. -> ESET spol. s r.o.)
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tools.d.mandarin-browser.com/MandarinBrowser Update;version=3 -> C:\Program Files (x86)\MandarinBrowser\Update\1.3.109.0\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.d.mandarin-browser.com/MandarinBrowser Update;version=9 -> C:\Program Files (x86)\MandarinBrowser\Update\1.3.109.0\npGoogleUpdate3.dll [No File]
S4 RemoteMouseService; C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-11-07 11:59 - 2019-11-07 12:02 - 173250488 _____ (AO Kaspersky Lab) C:\Users\Lucas\Downloads\KVRT (1).exe
2019-11-07 11:58 - 2019-11-07 11:58 - 000000000 ____D C:\KVRT_Data
2019-11-07 07:01 - 2019-11-07 07:01 - 000003716 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2019-11-07 07:01 - 2019-11-07 07:01 - 000003276 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2019-11-06 22:30 - 2019-11-06 22:30 - 008166712 _____ (ESET spol. s r.o.) C:\Users\Lucas\Downloads\ESETOnlineScanner_ESL.exe
2019-11-04 16:45 - 2019-11-06 21:03 - 000000000 ____D C:\Users\Lucas\Desktop\Kit Alter Principiante
2019-10-10 01:39 - 2019-10-12 22:38 - 000545568 _____ (TENCENT) C:\Windows\system32\TesSafe.sys
2019-10-10 01:39 - 2019-10-10 01:39 - 000432840 _____ (TENCENT) C:\Windows\system32\Drivers\tesrsdt.sys
2019-10-10 01:14 - 2019-10-10 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
S3 tesrsdt; C:\Windows\system32\drivers\tesrsdt.sys [432840 2019-10-10] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
S3 TesSafe; C:\Windows\system32\TesSafe.sys [545568 2019-10-12] (Tencent Technology(Shenzhen) Company Limited -> TENCENT)
R2 aow_drv; C:\Program Files\TxGameAssistant\UI\aow_drv_x64.sys [862880 2019-09-27] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
S4 QMEmulatorService; C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe [148840 2019-09-30] (Tencent Technology(Shenzhen) Company Limited -> Tencent)
2019-10-10 01:14 - 2019-10-10 01:19 - 000000000 ____D C:\Program Files\txgameassistant
2019-10-10 01:14 - 2019-10-10 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software
2019-11-07 11:54 - 2019-09-20 14:06 - 000000744 _____ C:\Users\Lucas\Desktop\ESET Online Scanner.lnk
2019-11-06 20:14 - 2019-07-03 00:25 - 000000000 ____D C:\Users\Lucas\AppData\Roaming\IObit
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\2052
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1055
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1049
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1046
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1045
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1042
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1041
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1040
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1036
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1031
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1029
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\SysWOW64\1028
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\2052
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1055
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1049
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1046
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1045
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1042
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1041
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1040
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1036
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1031
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1029
2019-10-23 21:21 - 2019-07-04 15:21 - 000000000 ____D C:\Windows\system32\1028
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\SysWOW64\3082
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\SysWOW64\1033
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\system32\3082
2019-10-23 21:21 - 2019-07-04 15:17 - 000000000 ____D C:\Windows\system32\1033
CustomCLSID: HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File
CustomCLSID: HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD}\InprocServer32 -> C:\Program Files\Autodesk\3ds Max 2020\Inventor Server\Bin\TestServer.dll => No File
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\system32\rtvcvfw64.dll [246272 2012-09-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.RTV1] => C:\Windows\SysWOW64\rtvcvfw32.dll [247296 2012-09-28] () [File not signed]
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
AlternateDataStreams: C:\Windows\System32:tdsrset.gfc [5846]
FirewallRules: [{47B674AF-EF91-4AB0-BE29-1C0E521C288E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{0DF43F6B-ADF9-4F66-8D01-64D0448F2CB6}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [TCP Query User{4C864805-3D5A-4A85-8669-1B2722A5A25B}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [UDP Query User{41360E6A-DC7F-4D17-BC97-C8FD97494AFC}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [TCP Query User{92F78679-A21A-4707-A68C-245634A76663}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [UDP Query User{E1EA10D9-8678-4CCF-A02C-0C081B460958}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [TCP Query User{9C5A975C-82C1-4A24-AFDA-570571CB013D}C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe No File
FirewallRules: [UDP Query User{C92B90A0-EC3D-4272-84F4-5BBDB315711A}C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe No File
FirewallRules: [TCP Query User{D05AFC44-6E6D-4EA0-AC59-99F7254A3BF9}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe No File
FirewallRules: [UDP Query User{FC363BD6-1B91-4A5C-A6DB-BF7B338A3647}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe No File
FirewallRules: [{9DE9DAD3-83AE-499F-B0F3-B2DC8A2BBA7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{FDCC1559-0916-4705-BE45-57D7FC62FB65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe No File
FirewallRules: [{0FC542BB-62FD-4B2E-B4E9-08C1E36BA76F}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{041553D0-8BA8-4A4B-9771-57FFDA9F4350}] => (Allow) C:\Users\Lucas\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{A2511A5E-F6F8-4F00-BFDE-24D4B9C50FE8}] => (Allow) c:\program files\txgameassistant\appmarket\AppMarket.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{19D4A994-8650-49C3-87A1-BD3818CD8759}] => (Allow) c:\program files\txgameassistant\appmarket\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{B6ACFBE9-BF59-494A-977D-55BD5A0143E5}] => (Allow) c:\program files\txgameassistant\appmarket\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> 腾讯公司)
FirewallRules: [{7D605A57-2BF6-40DB-A6B9-81709DBC5E9F}] => (Allow) c:\program files\txgameassistant\appmarket\QQExternal.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{4A0E2ED7-62A8-4947-9F63-2C3C4703446E}] => (Allow) c:\program files\txgameassistant\appmarket\GameDownload.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{AE5DE6AA-A2DB-4696-A0A9-420BEBA82765}] => (Allow) c:\program files\txgameassistant\appmarket\GF186\TUpdate.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{8D579E22-03BD-4304-82B4-D13440FC3FEA}] => (Allow) c:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{EB74A56A-CB61-405C-A863-FBF804958552}] => (Allow) c:\program files\txgameassistant\ui\adb.exe () [File not signed]
FirewallRules: [{62B2083F-D432-482F-AD15-EEA74973AC3E}] => (Allow) c:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{BAF929DC-F300-466B-BE9B-8DEBB5ECF1EF}] => (Allow) c:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{4824033C-1D06-4CD0-A7A8-7A59E8288ABB}] => (Allow) c:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{5CE41CD1-64CE-4CDE-82C0-B00B0109CA12}] => (Allow) c:\program files\txgameassistant\ui\AndroidEmulator.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{3ECD0BAE-E901-4D4D-8220-9E8514A1AC4C}] => (Allow) c:\program files\txgameassistant\ui\adb.exe () [File not signed]
FirewallRules: [{24C9458B-BCC2-4B48-9874-18EDCEC4285F}] => (Allow) c:\program files\txgameassistant\ui\TInst.exe (Tencent Technology(Shenzhen) Company Limited -> )
FirewallRules: [{098F0589-C1E5-4264-859F-59F329510098}] => (Allow) c:\program files\txgameassistant\ui\bugreport.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
FirewallRules: [{444E64FB-6FCD-4885-9F86-ABC359E518F1}] => (Allow) c:\program files\txgameassistant\ui\TxGaDcc.exe (Tencent Technology(Shenzhen) Company Limited -> Tencent)
c:\program files\txgameassistant
FirewallRules: [{B4E4FD72-5108-4F5D-9BF1-6664F0F43B12}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe No File
FirewallRules: [{2343AE35-44A2-4989-A915-54825D4C9568}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe No File
FirewallRules: [{921DD579-53E7-4275-8F4A-B190D3ECDD4E}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe No File
FirewallRules: [{FE16953D-1041-4CDE-871F-6AE7AC77617C}] => (Allow) C:\Program Files (x86)\Remote Mouse\RemoteMouseCore.exe No File
FirewallRules: [TCP Query User{68C846E4-CC70-4298-B2F4-65256185084D}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [UDP Query User{8562977B-C52A-4A38-B309-06E6B1641915}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe
FirewallRules: [TCP Query User{6214792E-C697-4C36-9174-023BFAC2FBBC}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{F7ABAE95-73C4-4693-9E7E-54F547CC5865}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Restore point was successfully created.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{81C94904-8AA8-416C-8554-6DF3C68618B9}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81C94904-8AA8-416C-8554-6DF3C68618B9}" => removed successfully
C:\Windows\System32\Tasks\MandarinBrowserUpdateTaskMachineCore => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MandarinBrowserUpdateTaskMachineCore" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1FBEB30-1117-4CBB-930C-E47BF101EF88}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1FBEB30-1117-4CBB-930C-E47BF101EF88}" => removed successfully
C:\Windows\System32\Tasks\MandarinBrowserUpdateTaskMachineUA => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MandarinBrowserUpdateTaskMachineUA" => removed successfully
"C:\Program Files (x86)\MandarinBrowser" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26BC8035-9AAD-454D-A228-D6288A8E61A0}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26BC8035-9AAD-454D-A228-D6288A8E61A0}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onTime => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onTime" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{478A3714-B690-4162-B135-747B4B424FC2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{478A3714-B690-4162-B135-747B4B424FC2}" => removed successfully
C:\Windows\System32\Tasks\EOSv3 Scheduler onLogOn => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EOSv3 Scheduler onLogOn" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes\\0.0.0.0,0.0.0.0,192.168.1.1,-1" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => removed successfully
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-07-16] (Oracle America, Inc." => not found
C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-07-16] (Oracle America, Inc." => not found
C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.d.mandarin-browser.com/MandarinBrowser Update;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.d.mandarin-browser.com/MandarinBrowser Update;version=9 => removed successfully
HKLM\System\CurrentControlSet\Services\RemoteMouseService => removed successfully
RemoteMouseService => service removed successfully
HKLM\System\CurrentControlSet\Services\NVHDA => removed successfully
NVHDA => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\Lucas\Downloads\KVRT (1).exe => moved successfully
C:\KVRT_Data => moved successfully
"C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn" => not found
"C:\Windows\system32\Tasks\EOSv3 Scheduler onTime" => not found
C:\Users\Lucas\Downloads\ESETOnlineScanner_ESL.exe => moved successfully
C:\Users\Lucas\Desktop\Kit Alter Principiante => moved successfully
C:\Windows\system32\TesSafe.sys => moved successfully
C:\Windows\system32\Drivers\tesrsdt.sys => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software => moved successfully
HKLM\System\CurrentControlSet\Services\tesrsdt => removed successfully
tesrsdt => service removed successfully
HKLM\System\CurrentControlSet\Services\TesSafe => removed successfully
TesSafe => service removed successfully
aow_drv => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\aow_drv => removed successfully
aow_drv => service removed successfully
HKLM\System\CurrentControlSet\Services\QMEmulatorService => removed successfully
QMEmulatorService => service removed successfully
C:\Program Files\txgameassistant => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tencent Software" => not found
C:\Users\Lucas\Desktop\ESET Online Scanner.lnk => moved successfully
C:\Users\Lucas\AppData\Roaming\IObit => moved successfully
C:\Windows\SysWOW64\2052 => moved successfully
C:\Windows\SysWOW64\1055 => moved successfully
C:\Windows\SysWOW64\1049 => moved successfully
C:\Windows\SysWOW64\1046 => moved successfully
C:\Windows\SysWOW64\1045 => moved successfully
C:\Windows\SysWOW64\1042 => moved successfully
C:\Windows\SysWOW64\1041 => moved successfully
C:\Windows\SysWOW64\1040 => moved successfully
C:\Windows\SysWOW64\1036 => moved successfully
C:\Windows\SysWOW64\1031 => moved successfully
C:\Windows\SysWOW64\1029 => moved successfully
C:\Windows\SysWOW64\1028 => moved successfully
C:\Windows\system32\2052 => moved successfully
C:\Windows\system32\1055 => moved successfully
C:\Windows\system32\1049 => moved successfully
C:\Windows\system32\1046 => moved successfully
C:\Windows\system32\1045 => moved successfully
C:\Windows\system32\1042 => moved successfully
C:\Windows\system32\1041 => moved successfully
C:\Windows\system32\1040 => moved successfully
C:\Windows\system32\1036 => moved successfully
C:\Windows\system32\1031 => moved successfully
C:\Windows\system32\1029 => moved successfully
C:\Windows\system32\1028 => moved successfully
C:\Windows\SysWOW64\3082 => moved successfully
C:\Windows\SysWOW64\1033 => moved successfully
C:\Windows\system32\3082 => moved successfully
C:\Windows\system32\1033 => moved successfully
HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{073CB204-6B29-46FC-AB98-451F1D068741} => removed successfully
HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{8C23B656-4E6E-4B45-9920-9617168D39A3} => removed successfully
HKU\S-1-5-21-462057610-624535720-574908975-1000_Classes\CLSID\{E5B0515D-48D2-4F04-906D-0192ED65A2DD} => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.RTV1" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.RTV1" => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
C:\Windows\System32 => ":tdsrset.gfc" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{47B674AF-EF91-4AB0-BE29-1C0E521C288E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DF43F6B-ADF9-4F66-8D01-64D0448F2CB6}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4C864805-3D5A-4A85-8669-1B2722A5A25B}C:\program files\java\jre1.8.0_211\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{41360E6A-DC7F-4D17-BC97-C8FD97494AFC}C:\program files\java\jre1.8.0_211\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{92F78679-A21A-4707-A68C-245634A76663}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E1EA10D9-8678-4CCF-A02C-0C081B460958}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9C5A975C-82C1-4A24-AFDA-570571CB013D}C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C92B90A0-EC3D-4272-84F4-5BBDB315711A}C:\program files (x86)\steam\steamapps\common\kurtzpel\thechase\binaries\win64\thechase-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D05AFC44-6E6D-4EA0-AC59-99F7254A3BF9}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FC363BD6-1B91-4A5C-A6DB-BF7B338A3647}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9DE9DAD3-83AE-499F-B0F3-B2DC8A2BBA7E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FDCC1559-0916-4705-BE45-57D7FC62FB65}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0FC542BB-62FD-4B2E-B4E9-08C1E36BA76F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{041553D0-8BA8-4A4B-9771-57FFDA9F4350}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2511A5E-F6F8-4F00-BFDE-24D4B9C50FE8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{19D4A994-8650-49C3-87A1-BD3818CD8759}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6ACFBE9-BF59-494A-977D-55BD5A0143E5}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D605A57-2BF6-40DB-A6B9-81709DBC5E9F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A0E2ED7-62A8-4947-9F63-2C3C4703446E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AE5DE6AA-A2DB-4696-A0A9-420BEBA82765}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8D579E22-03BD-4304-82B4-D13440FC3FEA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EB74A56A-CB61-405C-A863-FBF804958552}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{62B2083F-D432-482F-AD15-EEA74973AC3E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAF929DC-F300-466B-BE9B-8DEBB5ECF1EF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4824033C-1D06-4CD0-A7A8-7A59E8288ABB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5CE41CD1-64CE-4CDE-82C0-B00B0109CA12}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3ECD0BAE-E901-4D4D-8220-9E8514A1AC4C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24C9458B-BCC2-4B48-9874-18EDCEC4285F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{098F0589-C1E5-4264-859F-59F329510098}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{444E64FB-6FCD-4885-9F86-ABC359E518F1}" => removed successfully
"c:\program files\txgameassistant" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B4E4FD72-5108-4F5D-9BF1-6664F0F43B12}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2343AE35-44A2-4989-A915-54825D4C9568}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{921DD579-53E7-4275-8F4A-B190D3ECDD4E}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FE16953D-1041-4CDE-871F-6AE7AC77617C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{68C846E4-CC70-4298-B2F4-65256185084D}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8562977B-C52A-4A38-B309-06E6B1641915}C:\program files\java\jre1.8.0_221\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6214792E-C697-4C36-9174-023BFAC2FBBC}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F7ABAE95-73C4-4693-9E7E-54F547CC5865}C:\program files (x86)\minecraft launcher\runtime\jre-x64\bin\javaw.exe" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

Error en la operaci¢n. No hay ning£n adaptador permitido para 
esta operaci¢n.

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {624C82C7-652F-44DC-A843-92BBD63A4C03}.
Unable to cancel {D78F8DB2-5140-462E-904C-9C8F46D03C92}.
Unable to cancel {A7D67FC1-6046-4150-91CC-363ACF0F4EAE}.
Unable to cancel {8044D7B0-763D-4B71-B661-1121DAA3A3EB}.
Unable to cancel {7D104061-204C-4C62-BD53-4C203AB1E0CC}.
Unable to cancel {387A6FA4-D2F9-4709-B91F-B5F01A71C4CB}.
Unable to cancel {0B9588A2-A9BA-47F3-963F-93A9A8B5BF20}.
Unable to cancel {0FB4680B-A34C-4D01-9C93-9B3D7064C3AF}.
Unable to cancel {0E80B049-576C-4217-AE7D-DF686D7872E5}.
Unable to cancel {DE404FF8-4625-4D87-96E2-05531D426E51}.
Unable to cancel {4764F09A-7311-4D79-89C9-B3F186D9D621}.
Unable to cancel {399CDE9E-835E-48A4-9EB1-58D7AC49A319}.
Unable to cancel {ED2B9377-9572-4F2D-85FC-7E995ACDAAF8}.
Unable to cancel {AEBC7B86-5881-45C3-9D95-C05FC1DF5A1E}.
Unable to cancel {10D04861-BAB6-4777-A53C-5545C4507BAD}.
Unable to cancel {CEA43D07-93A4-41A2-B030-281894F461CB}.
Unable to cancel {1989F68A-F1FC-4445-AAA6-AA7F38517DC9}.
Unable to cancel {9918844C-9D8D-458C-AFEC-9A148A621ADA}.
Unable to cancel {E2B170BC-8AC3-404A-8EB4-23B909FEBB58}.
0 out of 19 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Direcci¢n de unidifusi¢n se restableci¢ correctamente.
Ruta se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

No hay valores configurados por el usuario para restablecer.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-462057610-624535720-574908975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-462057610-624535720-574908975-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6299767 B
Java, Flash, Steam htmlcache => 412139094 B
Windows/system/drivers => 2406328 B
Edge => 0 B
Chrome => 455813222 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 66228 B
ProgramData => 66228 B
systemprofile => 149953 B
systemprofile32 => 216317 B
LocalService => 282545 B
NetworkService => 350021 B
Lucas => 73722286 B

RecycleBin => 173091835 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:10:35 ====

Hola @LookazR

Entonces lo desinstalaste por el momento no lo vuelvas a instalar hasta que te lo diga.

Prueba el equipo 24 hs, reinicia dos o tres veces vuelves y nos comentas como lo sientes.

Salu2