VIRY.CZ

Ahoj,
včera mi někdo hackl heslo od mailu/ steamu
Podařilo se mi je změnit.
Posílám log ke kontrole. Na základě internetových scanerů jsem odstranila položku F2 - REG. Bylo to jediné?

Dík moc

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:09:58, on 08.03.2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)

FIREFOX: 56.0 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
C:\ProgramData\Wargaming.net\GameCenter\WargamingErrorMonitor.exe
C:\Users\Asus\Desktop\HijackThis.exe
C:\Users\Asus\AppData\Local\Temp\nsnB941.tmp\setuporig-HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Asus\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [Wargaming.net Game Center] "C:\ProgramData\Wargaming.net\GameCenter\wgc.exe" --background ''
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: ArcGIS License Manager - Flexera Software LLC - C:\Program Files (x86)\ArcGIS\License10.2\bin\lmgrd.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
O23 - Service: Asus GiftBox Desktop (ASUSGiftBoxDekstop) - ASUS - C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ESET Firewall Helper (ekrnEpfw) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: @oem69.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Origin Client Service - Electronic Arts - D:\Games\Origin\OriginClientService.exe
O23 - Service: Origin Web Helper Service - Electronic Arts - D:\Games\Origin\OriginWebHelperService.exe
O23 - Service: PG Manager (pgt_svc) - Gold Click Ltd - C:\Program Files (x86)\ProxyGate\MainService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Intel(R) Common Connectivity Framework (STCServ) - Intel Corporation - C:\Program Files\Intel\STCServ\STCServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files (x86)\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)

--
End of file - 13133 bytes

Dobry den.

Stiahnite si na plochu nastroj AdwCleaner, link. na stiahnutie tu: https://toolslib.net/downloads/finish/1/
Pred spustenim nastroja povypinajte vsetke beziace okna programov, to su vsetke beziace programy pod desktopom.
Kliknite pravym tlacidlom mysi na program -> spustit ako Administrator.
Pokracujte kliknutim na tlacidlo Prehladaj teraz (Scan now) a pockajte, kym sa system doskenuje.
Po skene nechajte oznacene vsetky chlieviky, pripadne najdene hrozieby a pokracujte v dolnom pravom rohu tlacidlom Vycistit Teraz (Clean and Repair).
Po restartovani PC sa spusti nastroj AdwCleaner, kliknite na Zobrazit soubor protokolu.
Spusti sa log, jeho obsah skopirujte sem.

# -------------------------------
# Malwarebytes AdwCleaner 7.2.7.0
# -------------------------------
# Build: 01-30-2019
# Database: 2019-03-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-09-2019
# Duration: 00:00:13
# OS: Windows 10 Home
# Cleaned: 33
# Failed: 0


***** [ Services ] *****

Deleted pgt_svc

***** [ Folders ] *****

Deleted C:\Program Files (x86)\ProxyGate
Deleted C:\Program Files (x86)\Seznam.cz
Deleted C:\Users\Asus\AppData\Roaming\Seznam.cz

***** [ Files ] *****

Deleted C:\Windows\System32\drivers\sdfhgdf.sys
Deleted C:\END
Deleted C:\Windows\rsrcs.dll
Deleted C:\Windows\System32\drivers\EsgScanner.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Conduit
Deleted HKLM\Software\Wow6432Node\Conduit
Deleted HKLM\Software\Wow6432Node\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Classes\TypeLib\{81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Deleted HKLM\Software\Wow6432Node\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Deleted HKLM\Software\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Deleted HKLM\Software\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Deleted HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Deleted HKCU\Software\Seznam.cz

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4209 octets] - [09/03/2019 09:07:08]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Preskenujte pocitac s FRST - navod tu: https://forum.viry.cz/viewtopic.php?f=24&t=132509, skopirujte FRST.log + Addition log sem.

posílám v příloze

Do poznamkoveho bloku skopirujte obsah dole:
Poznamkovy blok ulozte pod nazvom fixlist.txt do umiestnenia kde je FRST.
Spustite FRST a odkliknite tlacidlo: Fix
Vykona sa funkcionalita po ktorej sa pocitac rebootuje. Po reboote sem vlozte obsah logu: fixlog.txt ulozeneho v umiestneni FRST.

Fix result of Farbar Recovery Scan Tool (x64) Version: 03.03.2019
Ran by Asus (09-03-2019 10:20:28) Run:1
Running from C:\Users\Asus\Desktop
Loaded Profiles: Asus (Available Profiles: Asus)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

VirusTotal: C:\Users\Asus\AppData\Roaming\sp_data.sys

SearchScopes: HKU\S-1-5-21-1711663184-14711302-3313765518-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1711663184-14711302-3313765518-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: (No Name) - C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\hyuijdso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2019-01-23]
S3 EsgScanner; system32\DRIVERS\EsgScanner.sys [X]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
Task: {233AB008-4AF0-438E-92A5-9A9782F7E51A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2548A5C3-DDA3-4F5D-8595-4FA121B6529F} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {2842FC28-4F8C-47E2-A17E-6DF1A7A22A56} - System32\Tasks\{12DA8503-FBF2-446F-894D-472B41387E50} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -d C:\Windows\ImmersiveControlPanel -c /M{B406605B-45FE-4D8F-8250-1E77479583AE}
Task: {6CCD1E85-FA33-4DC3-832D-317412DA7D77} - System32\Tasks\{CD9AA429-6BE4-499A-A931-B1D65B89A464} => C:\WINDOWS\system32\pcalua.exe -a "C:\GOG Games\The Settlers 6\extra1\bin\Settlers6.exe" -d "C:\GOG Games\The Settlers 6\extra1\bin"
Task: {9F72CF51-7AFB-4901-B7CF-2B1E2C877ABA} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B6C6017B-8EE7-46DA-94BA-09BDD4B71418} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
FirewallRules: [UDP Query User{6D6C03F9-F910-46E2-B508-D48867151CB8}D:\games\wot test\worldoftanks.exe] => (Allow) D:\games\wot test\worldoftanks.exe No File
FirewallRules: [TCP Query User{8DFE073C-545D-4FE2-990D-6D885BE800B3}D:\games\wot test\worldoftanks.exe] => (Allow) D:\games\wot test\worldoftanks.exe No File
FirewallRules: [UDP Query User{89787CAE-65BF-4924-A577-9EA0EC5B2F04}D:\games\wot test\wotlauncher.exe] => (Allow) D:\games\wot test\wotlauncher.exe No File
FirewallRules: [TCP Query User{D94F8C6D-737A-42C9-AA2D-7E16A253705D}D:\games\wot test\wotlauncher.exe] => (Allow) D:\games\wot test\wotlauncher.exe No File
FirewallRules: [UDP Query User{CD247B4F-BD3B-46B4-B524-FE7440C63D34}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe No File
FirewallRules: [TCP Query User{7EE237A4-6221-4B47-B9EE-65C5DF33ADE3}D:\games\grand theft auto v\gta5.exe] => (Allow) D:\games\grand theft auto v\gta5.exe No File
FirewallRules: [{F93822A3-3AC3-4E35-B88C-BCDB91433931}] => (Allow) C:\Users\Asus\Desktop\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{D8071037-E7DC-4103-BB22-9A8271B51F75}] => (Allow) C:\Users\Asus\Desktop\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{88F33D83-49E3-4063-8152-40234BBDE697}] => (Allow) C:\Users\Asus\Desktop\Steam.exe No File
FirewallRules: [{31933291-655A-49A8-9CFC-5504AACC5B22}] => (Allow) C:\Users\Asus\Desktop\Steam.exe No File
FirewallRules: [UDP Query User{51741A9B-06D0-4255-BD9B-5CE093E11DD8}D:\games\sid meiers civilization vi\base\binaries\win64steam\civilizationvi.exe] => (Allow) D:\games\sid meiers civilization vi\base\binaries\win64steam\civilizationvi.exe No File
FirewallRules: [TCP Query User{EB1E8D6D-2C37-43DF-80F7-DF604BD08A22}D:\games\sid meiers civilization vi\base\binaries\win64steam\civilizationvi.exe] => (Allow) D:\games\sid meiers civilization vi\base\binaries\win64steam\civilizationvi.exe No File
FirewallRules: [{D2354239-2435-4406-98BE-EAFC49BA9943}] => (Allow) D:\Games\SimCity\SimCity\SimCity.exe No File
FirewallRules: [{02A8C915-D949-4241-A8EA-9DB435F3F1DE}] => (Allow) D:\Games\SimCity\SimCity\SimCity.exe No File
FirewallRules: [UDP Query User{93C3A060-E227-4059-9478-572319CE5670}D:\games\settlers 5\bin\settlershok.exe] => (Allow) D:\games\settlers 5\bin\settlershok.exe No File
FirewallRules: [TCP Query User{8254E024-7B88-40DC-BEA6-68AEFAF4A3E6}D:\games\settlers 5\bin\settlershok.exe] => (Allow) D:\games\settlers 5\bin\settlershok.exe No File
FirewallRules: [UDP Query User{59A0A0A4-0815-4523-88AA-9EFD74AD4E5A}C:\gog games\the settlers 6\base\bin\settlers6.exe] => (Allow) C:\gog games\the settlers 6\base\bin\settlers6.exe No File
FirewallRules: [TCP Query User{D2658920-1A2A-4F0E-86C7-AE0D55E97351}C:\gog games\the settlers 6\base\bin\settlers6.exe] => (Allow) C:\gog games\the settlers 6\base\bin\settlers6.exe No File
FirewallRules: [UDP Query User{8002B633-50F4-47A4-A28F-6399519D64F7}C:\gog games\the settlers 6\extra1\bin\settlers6.exe] => (Allow) C:\gog games\the settlers 6\extra1\bin\settlers6.exe No File
FirewallRules: [TCP Query User{7D9EA231-E7E0-4852-BE72-F98A0049EC04}C:\gog games\the settlers 6\extra1\bin\settlers6.exe] => (Allow) C:\gog games\the settlers 6\extra1\bin\settlers6.exe No File
FirewallRules: [UDP Query User{5ED48CB2-D3CC-4499-BD39-6AC69B58C500}D:\games\far cry primal\far cry primal\bin\fcprimal.exe] => (Allow) D:\games\far cry primal\far cry primal\bin\fcprimal.exe No File
FirewallRules: [TCP Query User{6183032C-EB36-4E75-A3AF-50C556F375CA}D:\games\far cry primal\far cry primal\bin\fcprimal.exe] => (Allow) D:\games\far cry primal\far cry primal\bin\fcprimal.exe No File
FirewallRules: [{6D0A0219-29BD-41CC-B925-51E6B289CFE9}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{8A56446E-C71E-4215-8102-540CD18E0B1F}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{3FABC2D5-2E38-4D17-B8D1-D1E30D0A70F1}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{4C5BF5B7-19B3-41EF-A211-6DC58EA902A8}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [File not signed]
FirewallRules: [{227E2B8B-67E4-4270-B7A1-42A3836CF95C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{6C7DD95F-81A9-40F9-ACBC-340394F4FA02}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{C6E00E58-C038-4EEB-98FD-6A36B1C2BC02}] => (Allow) D:\Games\Zoo Tycoon 2\zt.exe No File
FirewallRules: [{06C70F61-6BEA-451F-B691-48148EB9A37D}] => (Allow) D:\Games\Zoo Tycoon 2\zt.exe No File
FirewallRules: [{212136E0-A7FA-4330-85DC-92AE821020EA}] => (Allow) D:\Games\zt.exe No File
FirewallRules: [{7C40834E-5146-462F-8526-75485CCDBEA0}] => (Allow) D:\Games\zt.exe No File
FirewallRules: [{CF562600-3C3F-4158-BE63-C4A2ED81507D}] => (Allow) C:\Program Files (x86)\ASUS\Share Link\ShareLink.exe No File
FirewallRules: [UDP Query User{B38BD7AA-2772-4F76-9C9B-7598F42CD4B5}D:\games\far cry 4\bin\farcry4.exe] => (Allow) D:\games\far cry 4\bin\farcry4.exe No File
FirewallRules: [TCP Query User{9886C7E8-CF50-4625-84CA-9593002994E9}D:\games\far cry 4\bin\farcry4.exe] => (Allow) D:\games\far cry 4\bin\farcry4.exe No File
FirewallRules: [UDP Query User{2B953DE5-F45A-407C-BA0F-B1C4B2E3ABEC}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
FirewallRules: [TCP Query User{4A6A607B-D46B-4D5E-BBFD-398936E15A47}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe No File
FirewallRules: [UDP Query User{AB098A4A-18F1-40B0-A79D-33E46D6C55C9}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe No File
FirewallRules: [TCP Query User{C4702945-8D24-4541-BA15-E1346907F44E}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe No File
FirewallRules: [{F1F19BD4-C9A7-4BBB-B461-B0AAADBDEAB1}] => (Allow) %ProgramFiles% (x86)\Far Cry Primal\bin\FCPrimal.exe No File
FirewallRules: [UDP Query User{75E30B37-53BA-473C-86B4-E89A47AC35F4}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe] => (Allow) C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe No File
FirewallRules: [TCP Query User{3D922F40-0EC4-474F-AA6C-29AB0AA5A292}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe] => (Allow) C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe No File
FirewallRules: [UDP Query User{8653960C-3EDB-4794-8378-3531524F202B}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe] => (Block) C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe No File
FirewallRules: [TCP Query User{368CBE1A-E031-4B9C-9035-D2251E0F9D09}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe] => (Block) C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe No File
FirewallRules: [{675550E2-70BB-4E35-9E6E-2E9223D3DD17}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe No File
FirewallRules: [{029F0732-B25F-4031-8FDC-AB6AC9905330}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe No File
FirewallRules: [{0105C814-3A49-4FEF-B2E4-E277A4AF76DD}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe No File
FirewallRules: [{BE6C6833-8E0D-406B-A4E7-BE0B27F20B33}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe No File
FirewallRules: [UDP Query User{0F55F76B-5A79-4E63-ABB0-F736EE84F094}C:\users\asus\desktop\connectify\connectify\connectify.exe] => (Allow) C:\users\asus\desktop\connectify\connectify\connectify.exe No File
FirewallRules: [TCP Query User{818144BB-A02A-42A8-8B2C-1CB20A5F6C9D}C:\users\asus\desktop\connectify\connectify\connectify.exe] => (Allow) C:\users\asus\desktop\connectify\connectify\connectify.exe No File
FirewallRules: [{F38668CC-54A6-4D49-B690-CA023E5B04DB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [{FA124352-4594-4388-AD48-EA0919452A95}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe No File
FirewallRules: [TCP Query User{78334962-A116-46A5-B448-F0069B6DFEDF}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe No File
FirewallRules: [UDP Query User{2D47D9BE-6082-49E6-96FC-22B37DC91F7B}C:\games\world_of_tanks_ct\wotlauncher.exe] => (Allow) C:\games\world_of_tanks_ct\wotlauncher.exe No File
FirewallRules: [TCP Query User{29081D29-A0E1-44B7-910E-D4A8F836FB3A}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe No File
FirewallRules: [UDP Query User{9DA2949A-D560-4D4F-AFB1-C892FC24D56D}C:\games\world_of_tanks_ct\worldoftanks.exe] => (Allow) C:\games\world_of_tanks_ct\worldoftanks.exe No File
FirewallRules: [TCP Query User{8BC19872-F2BF-45E2-BC9E-8B22461F4AC3}D:\games\kingdom come - deliverance\bin\win64\kingdomcome.exe] => (Allow) D:\games\kingdom come - deliverance\bin\win64\kingdomcome.exe No File
FirewallRules: [UDP Query User{75B3ADEB-5A5F-4423-8A1C-CC2A21FA3919}D:\games\kingdom come - deliverance\bin\win64\kingdomcome.exe] => (Allow) D:\games\kingdom come - deliverance\bin\win64\kingdomcome.exe No File
FirewallRules: [TCP Query User{EC148B76-E53C-41F3-A98A-06C23D7413A8}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe] => (Allow) D:\games\farming simulator 19\x64\farmingsimulator2019game.exe No File
FirewallRules: [UDP Query User{18A51619-09A0-4C03-A893-DE95E284DB8C}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe] => (Allow) D:\games\farming simulator 19\x64\farmingsimulator2019game.exe No File

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
VirusTotal: C:\Users\Asus\AppData\Roaming\sp_data.sys => https://www.virustotal.com/file/698cf2e ... 552123274/
"HKU\S-1-5-21-1711663184-14711302-3313765518-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1711663184-14711302-3313765518-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => not found
C:\Users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\hyuijdso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => moved successfully
HKLM\System\CurrentControlSet\Services\EsgScanner => removed successfully
EsgScanner => service removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\CLSID\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{233AB008-4AF0-438E-92A5-9A9782F7E51A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{233AB008-4AF0-438E-92A5-9A9782F7E51A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2548A5C3-DDA3-4F5D-8595-4FA121B6529F}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2548A5C3-DDA3-4F5D-8595-4FA121B6529F}" => removed successfully
C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RtHDVBg_ListenToDevice" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2842FC28-4F8C-47E2-A17E-6DF1A7A22A56}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2842FC28-4F8C-47E2-A17E-6DF1A7A22A56}" => removed successfully
C:\WINDOWS\System32\Tasks\{12DA8503-FBF2-446F-894D-472B41387E50} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{12DA8503-FBF2-446F-894D-472B41387E50}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6CCD1E85-FA33-4DC3-832D-317412DA7D77}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6CCD1E85-FA33-4DC3-832D-317412DA7D77}" => removed successfully
C:\WINDOWS\System32\Tasks\{CD9AA429-6BE4-499A-A931-B1D65B89A464} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CD9AA429-6BE4-499A-A931-B1D65B89A464}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F72CF51-7AFB-4901-B7CF-2B1E2C877ABA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F72CF51-7AFB-4901-B7CF-2B1E2C877ABA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6C6017B-8EE7-46DA-94BA-09BDD4B71418}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6C6017B-8EE7-46DA-94BA-09BDD4B71418}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{6D6C03F9-F910-46E2-B508-D48867151CB8}D:\games\wot test\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8DFE073C-545D-4FE2-990D-6D885BE800B3}D:\games\wot test\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{89787CAE-65BF-4924-A577-9EA0EC5B2F04}D:\games\wot test\wotlauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D94F8C6D-737A-42C9-AA2D-7E16A253705D}D:\games\wot test\wotlauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CD247B4F-BD3B-46B4-B524-FE7440C63D34}D:\games\grand theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7EE237A4-6221-4B47-B9EE-65C5DF33ADE3}D:\games\grand theft auto v\gta5.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F93822A3-3AC3-4E35-B88C-BCDB91433931}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D8071037-E7DC-4103-BB22-9A8271B51F75}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{88F33D83-49E3-4063-8152-40234BBDE697}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{31933291-655A-49A8-9CFC-5504AACC5B22}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{51741A9B-06D0-4255-BD9B-5CE093E11DD8}D:\games\sid meiers civilization vi\base\binaries\win64steam\civilizationvi.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EB1E8D6D-2C37-43DF-80F7-DF604BD08A22}D:\games\sid meiers civilization vi\base\binaries\win64steam\civilizationvi.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D2354239-2435-4406-98BE-EAFC49BA9943}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02A8C915-D949-4241-A8EA-9DB435F3F1DE}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{93C3A060-E227-4059-9478-572319CE5670}D:\games\settlers 5\bin\settlershok.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8254E024-7B88-40DC-BEA6-68AEFAF4A3E6}D:\games\settlers 5\bin\settlershok.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{59A0A0A4-0815-4523-88AA-9EFD74AD4E5A}C:\gog games\the settlers 6\base\bin\settlers6.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D2658920-1A2A-4F0E-86C7-AE0D55E97351}C:\gog games\the settlers 6\base\bin\settlers6.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8002B633-50F4-47A4-A28F-6399519D64F7}C:\gog games\the settlers 6\extra1\bin\settlers6.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7D9EA231-E7E0-4852-BE72-F98A0049EC04}C:\gog games\the settlers 6\extra1\bin\settlers6.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5ED48CB2-D3CC-4499-BD39-6AC69B58C500}D:\games\far cry primal\far cry primal\bin\fcprimal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6183032C-EB36-4E75-A3AF-50C556F375CA}D:\games\far cry primal\far cry primal\bin\fcprimal.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6D0A0219-29BD-41CC-B925-51E6B289CFE9}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8A56446E-C71E-4215-8102-540CD18E0B1F}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3FABC2D5-2E38-4D17-B8D1-D1E30D0A70F1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4C5BF5B7-19B3-41EF-A211-6DC58EA902A8}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{227E2B8B-67E4-4270-B7A1-42A3836CF95C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C7DD95F-81A9-40F9-ACBC-340394F4FA02}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C6E00E58-C038-4EEB-98FD-6A36B1C2BC02}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{06C70F61-6BEA-451F-B691-48148EB9A37D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{212136E0-A7FA-4330-85DC-92AE821020EA}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C40834E-5146-462F-8526-75485CCDBEA0}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CF562600-3C3F-4158-BE63-C4A2ED81507D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B38BD7AA-2772-4F76-9C9B-7598F42CD4B5}D:\games\far cry 4\bin\farcry4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9886C7E8-CF50-4625-84CA-9593002994E9}D:\games\far cry 4\bin\farcry4.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2B953DE5-F45A-407C-BA0F-B1C4B2E3ABEC}C:\windows\kmsemulator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4A6A607B-D46B-4D5E-BBFD-398936E15A47}C:\windows\kmsemulator.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AB098A4A-18F1-40B0-A79D-33E46D6C55C9}C:\program files (x86)\connectify\connectify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C4702945-8D24-4541-BA15-E1346907F44E}C:\program files (x86)\connectify\connectify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1F19BD4-C9A7-4BBB-B461-B0AAADBDEAB1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{75E30B37-53BA-473C-86B4-E89A47AC35F4}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3D922F40-0EC4-474F-AA6C-29AB0AA5A292}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8653960C-3EDB-4794-8378-3531524F202B}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{368CBE1A-E031-4B9C-9035-D2251E0F9D09}C:\users\asus\appdata\roaming\microsoft\windows\start menu\programs\startup\esat.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{675550E2-70BB-4E35-9E6E-2E9223D3DD17}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{029F0732-B25F-4031-8FDC-AB6AC9905330}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0105C814-3A49-4FEF-B2E4-E277A4AF76DD}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BE6C6833-8E0D-406B-A4E7-BE0B27F20B33}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0F55F76B-5A79-4E63-ABB0-F736EE84F094}C:\users\asus\desktop\connectify\connectify\connectify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{818144BB-A02A-42A8-8B2C-1CB20A5F6C9D}C:\users\asus\desktop\connectify\connectify\connectify.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F38668CC-54A6-4D49-B690-CA023E5B04DB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA124352-4594-4388-AD48-EA0919452A95}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{78334962-A116-46A5-B448-F0069B6DFEDF}C:\games\world_of_tanks_ct\wotlauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2D47D9BE-6082-49E6-96FC-22B37DC91F7B}C:\games\world_of_tanks_ct\wotlauncher.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{29081D29-A0E1-44B7-910E-D4A8F836FB3A}C:\games\world_of_tanks_ct\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9DA2949A-D560-4D4F-AFB1-C892FC24D56D}C:\games\world_of_tanks_ct\worldoftanks.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8BC19872-F2BF-45E2-BC9E-8B22461F4AC3}D:\games\kingdom come - deliverance\bin\win64\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{75B3ADEB-5A5F-4423-8A1C-CC2A21FA3919}D:\games\kingdom come - deliverance\bin\win64\kingdomcome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EC148B76-E53C-41F3-A98A-06C23D7413A8}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{18A51619-09A0-4C03-A893-DE95E284DB8C}D:\games\farming simulator 19\x64\farmingsimulator2019game.exe" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8675328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78130499 B
Java, Flash, Steam htmlcache => 377578467 B
Windows/system/drivers => 561443 B
Edge => 260698954 B
Chrome => 0 B
Firefox => 383673613 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 35410 B
LocalService => 0 B
NetworkService => 81076 B
NetworkService => 0 B
Asus => 334526752 B

RecycleBin => 14763019876 B
EmptyTemp: => 15.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:22:12 ====

Ako je na tom pocitac,?

vypadá to že ok, tak mockrát děkuji
jaký byl problém?

Pozostatok driveru a vetiev v registry.

aha, tak ještě jednou moc děkuju

Nemate tac