Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
lveecze
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 04 kvě 2020 08:49

Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#1 Příspěvek od lveecze »

Dobrý den,

rád bych vás poprosil o radu jak zatočit s viry, které mi zvyšují výkon CPU a GPU až na 90-100%. Při připojení počítače k internetu se spustí aplikace, jedna z nich bez jména zvedá CPU, druhá ISAAS zvedá GPU. Tuším, že to bude těžit kryptoměny na pozadí. Vir zakazuje správcovi otevřít Správce Úloh a tak tyto aplikace vypnout, to se mi podařilo obejít a v Editoru Registru, kde jsem našel DisableTaskManager a po zrušení se opět dostal do Správce Úloh a tyto virové aplikace vypnul. Rád bych se toho ale zbavil napořád.

Prosím vás tedy o radu, jak proti tomu bojovat.

Mockrát děkuji,

Lev
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118265
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#2 Příspěvek od Rudy »

Zdravím!
Dejte logy FRST+Addition: https://forum.viry.cz/viewtopic.php?f=13&t=154679 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lveecze
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 04 kvě 2020 08:49

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#3 Příspěvek od lveecze »

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2020
Ran by user (administrator) on DESKTOP-5CNBDP2 (Gigabyte Technology Co., Ltd. Z390 AORUS MASTER) (12-11-2020 12:31:51)
Running from C:\Users\user\Desktop
Loaded Profiles: user
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe <2>
(NZXT, Inc. -> ) C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe
(Opera Software AS -> Opera Software) C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\user\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331040 2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: []
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: []
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-06-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2019-05-14] (Voobly) [File not signed]
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [] => [X]
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [Opera Browser Assistant] => C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3152920 2020-11-10] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Policies\system: []
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\MountPoints2: {d9a7f775-262f-11ea-bd8c-0cdd24f3be65} - "F:\setup.exe"
HKU\S-1-5-18\...\Policies\system: []
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Print\Monitors\36C-0iSeriesPCL Language Monitor: C:\Windows\system32\KOAXJJAL.dll [25504 2020-11-05] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.193\Installer\chrmstp.exe [2020-11-11] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04765230-2A97-4733-A5B7-DC17260F5544} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {2C0E2277-FCAE-4F06-A567-E00620C3DEC9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => C:\Windows\system32\winrmsrv.exe [731136 2020-06-30] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {3073B57D-F41B-4E2C-A02D-1F118EB03465} - System32\Tasks\nv4drv => C:\Windows\system32\config\systemprofile\AppData\Roaming\A73311EEB231477482B47E6F761F7679\DF90168526A04CAC9BCBCB682DF4ADCF.vbe [764400 2020-11-12] () [File not signed] <==== ATTENTION
Task: {3928F07D-CAE6-4281-B2A0-A5D717CB6E7A} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {549C5E75-6202-4652-A2E7-9EABE7554434} - System32\Tasks\Opera scheduled Autoupdate 1588926009 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software)
Task: {5ECF0468-2533-4BB1-82D1-2D5283FDA6EB} - System32\Tasks\WindowsTaskCoreUpdate => C:\Windows\system32\config\systemprofile\AppData\Roaming\2E4DC7D9D1D849E7BDFCC48FB795A7BF\BD795E653A1D47A5AEB112E48F6FB456.vbe [23406 2020-11-12] () [File not signed] <==== ATTENTION
Task: {68F3A5A8-A9F9-442A-B69D-D038486FE234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
Task: {6FD38BCD-176B-4AE1-96A2-BA66D986FC61} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [28678840 2020-06-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7661FE7D-23BC-4BF8-AA76-5EEF30DA5B1F} - System32\Tasks\Opera scheduled assistant Autoupdate 1590174025 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\user\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {7C7DFC01-90E9-4E54-8BC2-8B00C9F94968} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {87F85E3C-C4BB-46A1-A85D-10B668BCD297} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
Task: {88E8938B-33AF-441C-AF15-05F5E74003DE} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {90362DF6-A101-4F76-A72F-C061E2A356C0} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Task: {9282E40E-3EBE-4632-AF2A-BBD5DC35BA68} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {96AFE1F4-E03C-44B3-A578-360662C3BC81} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => C:\Windows\system32\winlogui.exe [750592 2020-06-30] (Microsoft Corporation) [File not signed]
Task: {979E2088-5124-48CE-9FE5-BEFD4F6E0EAD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A3F814F3-6C62-4BFD-8EE5-6324CF350C6D} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe
Task: {A7853793-6991-4BB0-A423-4AEE6729A5D2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EB3CB31D-D02A-4A69-9B7B-0D41910186F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0bf7a325-c941-4528-8368-700194cb8264}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8a9bf6ab-39a1-4974-abbd-bf2eb4e85a86}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-13]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-11-12]
CHR Extension: (Prezentace) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-22]
CHR Extension: (Dokumenty) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-22]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-22]
CHR Extension: (Avira Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-11-11]
CHR Extension: (Avira Safe Shopping) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-10-28]
CHR Extension: (Tabulky) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-23]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-29]
CHR Extension: (MetaMask) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2020-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-16]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

Opera:
=======
OPR Extension: (Rich Hints Agent) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-25]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [545800 2020-08-14] (NZXT, Inc. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
S3 Rockstar Service; D:\Games\Nová složka\Launcher\RockstarService.exe [1453184 2020-08-05] (Rockstar Games, Inc. -> Rockstar Games)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntivirProtectedService; "C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 AviraPhantomVPN; "C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe" [X]
S2 AviraSecurity; "C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe" [X]
S2 AviraUpdaterService; "C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208024 2020-06-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [140280 2020-06-01] (ADAPP SASU -> Dokan Project)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 gdrv; C:\Windows\gdrv.sys [25640 2020-01-12] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-12] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 SaiHFF32; C:\Windows\system32\DRIVERS\SaiHFF32.sys [177536 2007-09-13] (Saitek -> Saitek)
S3 SaiIFF32; C:\Windows\system32\DRIVERS\SaiIFF32.sys [20864 2007-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Saitek)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1968-04-08] () [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45960 2020-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [376544 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 cpuz149; \??\C:\Windows\temp\cpuz149\cpuz149_x64.sys [X]
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-12 12:24 - 2020-11-12 12:32 - 000022830 _____ C:\Users\user\Desktop\FRST.txt
2020-11-12 12:23 - 2020-11-12 12:23 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2020-11-12 12:21 - 2020-11-12 12:21 - 000000000 ____D C:\Users\user\Desktop\devirovani_listopad20
2020-11-12 12:04 - 2020-11-12 12:05 - 074042675 _____ C:\Users\user\Downloads\Nahled6.mp4
2020-11-05 14:08 - 2020-11-05 14:08 - 000000000 ____D C:\usr
2020-11-05 14:08 - 2020-11-05 14:05 - 000160672 _____ (KONICA MINOLTA, INC.) C:\Windows\KOBDrvAPIW64.EXE
2020-11-05 14:08 - 2020-11-05 14:05 - 000112032 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOBDrvAPIIF.DLL
2020-11-05 14:08 - 2020-11-05 14:05 - 000104352 _____ (KONICA MINOLTA, INC.) C:\Windows\SysWOW64\KOBDrvAPIIF.DLL
2020-11-05 14:05 - 2020-11-05 14:05 - 014863535 _____ C:\Users\user\Downloads\GEIT6PCL6Winx64_21130CS.zip
2020-11-05 14:05 - 2020-11-05 14:05 - 000000000 ____D C:\Install
2020-11-05 14:01 - 2020-11-05 14:01 - 072588025 _____ C:\Users\user\Downloads\GEIT6DSETWin_21130CS.zip
2020-11-05 14:01 - 2020-11-05 14:01 - 000000000 ____D C:\Users\user\Downloads\GEIT6DSETWin_21130CS
2020-10-30 16:38 - 2020-10-30 16:38 - 000000000 ____D C:\Users\user\Downloads\ur
2020-10-30 16:34 - 2020-10-30 16:37 - 1661255063 _____ C:\Users\user\Downloads\ur.zip
2020-10-19 10:45 - 2020-10-19 10:45 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses2.2020.wav
2020-10-19 10:45 - 2020-10-19 10:45 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses1.2020 (1).wav
2020-10-19 10:35 - 2020-10-19 10:35 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses1.2020.wav
2020-10-16 13:00 - 2020-11-04 14:12 - 000000000 ____D C:\Users\user\Desktop\sedacka_prodej_crafter
2020-10-16 12:05 - 2020-10-16 12:05 - 008447152 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner_8.0.8.exe
2020-10-15 17:30 - 2020-10-15 17:30 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2020-10-15 17:15 - 2020-10-15 17:15 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 17:15 - 2020-10-15 17:15 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 09:10 - 2020-10-14 09:10 - 000029173 _____ C:\Users\user\Downloads\levseidl-2020-0013.pdf
2020-10-14 09:10 - 2020-10-14 09:10 - 000029173 _____ C:\Users\user\Downloads\levseidl-2020-0013 (1).pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-12 12:31 - 2020-05-04 11:34 - 000000000 ____D C:\FRST
2020-11-12 12:30 - 2020-06-10 09:17 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-12 12:30 - 2020-06-10 09:17 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-12 12:23 - 2020-05-04 11:01 - 002298368 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-11-12 12:23 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-12 11:27 - 2020-02-27 20:59 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-11-12 10:03 - 2020-05-08 09:20 - 000004202 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1588926009
2020-11-12 10:03 - 2020-05-08 09:20 - 000001386 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2020-11-12 10:02 - 2019-12-12 14:55 - 001606106 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-12 10:02 - 2019-03-19 12:55 - 000682526 _____ C:\Windows\system32\perfh005.dat
2020-11-12 10:02 - 2019-03-19 12:55 - 000137244 _____ C:\Windows\system32\perfc005.dat
2020-11-12 10:02 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-11-12 09:58 - 2020-09-15 07:51 - 000003358 _____ C:\Windows\system32\Tasks\nv4drv
2020-11-12 09:58 - 2020-09-01 20:48 - 000003392 _____ C:\Windows\system32\Tasks\WindowsTaskCoreUpdate
2020-11-12 09:58 - 2019-12-10 14:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-11 17:02 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-11-11 15:14 - 2020-03-18 01:10 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2020-11-11 13:36 - 2019-12-10 14:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-11-11 12:11 - 2019-12-22 20:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-11 12:11 - 2019-12-22 20:12 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-11 12:10 - 2020-05-22 20:00 - 000004454 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1590174025
2020-11-11 12:10 - 2019-12-22 20:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-11-05 14:06 - 2020-02-19 11:11 - 000000445 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2020-11-05 14:05 - 2020-06-11 22:36 - 000025504 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOAXJJAL.dll
2020-11-05 11:24 - 2020-04-11 10:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-10-30 14:31 - 2020-06-10 09:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-30 14:31 - 2020-06-10 09:17 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-30 12:23 - 2019-12-10 15:06 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1742551912-4009820896-394807726-1001
2020-10-30 12:23 - 2019-12-10 15:06 - 000000000 ___RD C:\Users\user\OneDrive
2020-10-30 12:23 - 2019-12-10 15:04 - 000002358 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-22 11:36 - 2020-07-03 13:58 - 000000036 _____ C:\Windows\system32\perfdish001.dat
2020-10-15 17:31 - 2019-12-25 18:25 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2020-10-15 17:13 - 2019-12-25 18:25 - 000000000 ____D C:\Users\user\AppData\Local\BitTorrentHelper
2020-10-14 08:50 - 2019-12-26 15:43 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc

==================== Files in the root of some directories ========

2020-01-06 18:40 - 2020-01-06 18:40 - 000000028 _____ () C:\Users\user\AppData\Roaming\kulerdata.json
2019-12-22 20:57 - 2019-12-22 20:57 - 000000410 _____ () C:\Users\user\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-11-2020
Ran by user (12-11-2020 12:32:15)
Running from C:\Users\user\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2019-12-10 14:04:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1742551912-4009820896-394807726-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1742551912-4009820896-394807726-503 - Limited - Disabled)
Guest (S-1-5-21-1742551912-4009820896-394807726-501 - Limited - Disabled)
LveeFix (S-1-5-21-1742551912-4009820896-394807726-1002 - Administrator - Enabled) => C:\Users\LveeFix
user (S-1-5-21-1742551912-4009820896-394807726-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-1742551912-4009820896-394807726-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\uTorrent) (Version: 3.5.5.45790 - BitTorrent Inc.)
ACA & MEP 2021 Object Enabler (HKLM\...\{28B89EEF-4104-0000-5102-CF3F3A09B77D}) (Version: 8.3.51.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-4101-0000-3102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0_2) (Version: 17.0.2 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_3) (Version: 13.0.3 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_1_2) (Version: 24.1.2 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_1) (Version: 9.1 - Adobe Inc.)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2_1) (Version: 8.2.1 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Age of Empires II Definitive Edition (HKLM-x32\...\Age of Empires II Definitive Edition_is1) (Version: - )
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
AutoCAD 2021 – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-2102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 (HKLM\...\{28B89EEF-4101-0000-0102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-1102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Autodesk App Manager 2020-2021 (HKLM-x32\...\{DB92FEA7-F78C-469E-B138-E2303220F0C4}) (Version: 3.1.0 - Autodesk)
Autodesk AutoCAD 2021 – Čeština (Czech) (HKLM\...\AutoCAD 2021 – Čeština (Czech)) (Version: 24.0.47.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{6774FD60-7D4B-4D57-BE56-2702A07C9701}) (Version: 19.1.22.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{6EFAD582-86C1-4AB2-97C5-2070D0B90E08}) (Version: 19.1.22.0 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk)
Avira (HKLM-x32\...\{4BC31208-EC3B-453B-8819-6B81AE3EC153}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{caade1ea-26aa-4e8f-a4f0-59cf0c0e91a5}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2006.1902 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.33.5.26382 - Avira Operations GmbH & Co. KG)
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.30.9723 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{BBD09B2A-FCDB-4CDE-8614-8C608EA68E94}) (Version: 2.0.6.34011 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.5.0.10950 - Avira Operations GmbH & Co. KG)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.75.1088 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.1001 - Disc Soft Ltd)
DiRT Rally 2 0 (HKLM-x32\...\DiRT Rally 2 0_is1) (Version: - )
Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Hidden
Dokan Library 1.4.0.1000 Bundle (HKLM-x32\...\{97cfdb6c-2faa-43ba-afbc-469e01845e99}) (Version: 1.4.0.1000 - Dokany Project)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
F1 2018 (HKLM-x32\...\F1 2018_is1) (Version: - )
FileZilla Client 3.49.1 (HKLM-x32\...\FileZilla Client) (Version: 3.49.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.193 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Horizon: Zero Down CE (HKLM-x32\...\Horizon: Zero Down CE_is1) (Version: - )
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Ledger Live 2.10.0 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.10.0 - Ledger Live Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LRTimelapse 4.2 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.2 - Gunther Wegner)
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.58 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.93 - )
Microsoft OneDrive (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version: - Mobirise.com)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NVIDIA Ovladač HD audia 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 452.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.06 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
NZXT CAM 4.10.1 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.10.1 - NZXT, Inc.)
Opera Stable 72.0.3815.320 (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Opera 72.0.3815.320) (Version: 72.0.3815.320 - Opera Software)
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.00 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{0edb50a3-501b-40f9-b197-0d143fdef576}) (Version: 1.00.00 - Patriot Memory)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.3.377 - Jan Fiala)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.1030.1 - GIGABYTE)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 0.0.0.0 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.5 - Rockstar Games)
SketchUp 2019 (HKLM\...\{E16DD37C-6FBC-F51F-702E-DD6E92D6ED68}) (Version: 19.1.174.20409 - Trimble, Inc.)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
Speciální aplikace Autodesk 2020-2021 (HKLM-x32\...\{2CBD494D-0A3E-4CB3-AFB3-8CE1734613B0}) (Version: 3.1.0 - Autodesk)
Star Wars Jedi Fallen Order (HKLM-x32\...\Star Wars Jedi Fallen Order_is1) (Version: - )
Uložit do služby Autodesk Web and Mobile (HKLM\...\{A9005AC0-4AD8-4E84-B1F7-EE38BB6BCC2D}) (Version: 3.0.26 - Autodesk)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WRC 8 FIA World Rally Championship (HKLM-x32\...\WRC 8 FIA World Rally Championship_is1) (Version: - )
WRC7 (HKLM-x32\...\{BC92798D-2F38-49F9-92F0-68BA1F49D64B}_is1) (Version: - Kylotonn Racing Games)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-12-22] (Adobe Systems Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.10.5.0_x86__kgqvnymyfvs32 [2020-06-18] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.39.4.0_x86__kgqvnymyfvs32 [2020-06-28] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-08] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-10] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-06] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0 [2020-06-23] (Spotify AB) [Startup Task]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\user\Creative Cloud Files [2019-12-22 21:00]
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2021\cs-CZ\acadficn.dll (Autodesk Asia Pte. Ltd. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2020-01-22] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2020-01-22] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvshext.dll [2020-08-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1742551912-4009820896-394807726-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32original.dll [746496 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [9216 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2020-08-24 15:50 - 2014-11-02 17:45 - 000029184 _____ () [File not signed] C:\Program Files (x86)\PSPad editor\pspshellx64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-09-26 17:28 - 000001904 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site

2020-02-19 11:11 - 2020-11-05 14:06 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-5CNBDP2.mshome.net # 2025 11 2 4 13 6 7 91

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Downloads\nebula-stars-universe-galaxy-space-4k-kx-2560x1440.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "Voobly"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9BD1688D-F015-4BFF-B69B-724F9F8E254B}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{744E7215-70B1-4E3B-B104-4B103618F9C0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A9C7CC83-3045-4013-AFDD-6A96C9781B02}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{83AD6374-B204-4C43-AC64-65B7B766F2FE}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{14D241B6-2C3A-4401-9A41-BA3E6798638E}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0F142F97-D1CD-462F-94B1-60FF56B8277C}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B8CA292B-7112-4E0A-A8E5-1817BCD71D66}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{512D5D3D-72C1-4233-8A68-012479E8BA99}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{E6B548A3-85EA-4467-B9BB-9F379CFAB05F}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{2F94D793-BFA7-4291-8732-EF973D864407}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{915649FE-0A80-48CB-B7E5-10FD225F28E6}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{29A39C55-CBED-4300-B456-FF6215D3A6C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D8CDB9F-F5C8-4FED-AD0E-F3E62108392E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6E5B978-7F6D-493A-A9BF-F08951D5E717}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{649B2B89-0708-4A63-A498-6282B156BAD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39302AD9-C980-463E-9136-CB594F225BC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A0556009-B2E6-4DF7-BF21-3FFF8C706300}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{28F7B461-6AD5-4565-ABCE-B8D4240398AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{420D6374-ED4E-492C-8A08-B1D6889F1935}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EAB62F56-B95D-47A2-8BE7-240DD674A1F8}] => (Allow) LPort=57209
FirewallRules: [{0D78786E-4AD7-4E94-B04A-CE594A70B726}] => (Allow) LPort=57209
FirewallRules: [{05C17314-70C5-49D0-B5CB-26F3F80418BC}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{CCB96B1B-6E6D-420B-9390-A73340F9646A}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{E8060679-1F6A-4902-9CF8-939579C9A817}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CE3D9500-519A-4855-BA4E-D6687459B430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA872217-B7BB-402B-BC6C-07DAE7B0313B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{99F38A12-9869-4E07-817D-7C0023AC0876}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A7A38650-67CA-40D3-8BA0-B47D240E21F4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3EEB1BA-D570-4A89-B1F6-846ED96F480D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2E98697-86D0-48B7-89B3-7C29F3EF91FB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C15BCD6-DF59-431D-B5CB-A563A022D700}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6693D73A-BC85-4B18-B3C9-F5437B5EE8D8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90686CE2-468D-4D26-ADAE-56F8D024FFDD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{85B96675-7A22-4A52-928D-B476326CFA64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD00405-6209-4148-9700-2FD6A8DCBF83}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA57B887-43DA-49C3-8604-67DF4B499C5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12026078-FE39-4991-9FEE-780B3F8EAFEF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1FBB77D5-49C7-4B6F-B2F7-496E3E0CCA18}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C0E3C5A-58DC-4C92-B129-CA4FD095FC1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E3D0B39-A317-4FA1-A438-8443246ACD9E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5CA7A743-1F98-400E-940A-1171230F7BDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{55F6DD0E-B26D-46B1-A489-34BCB480C8D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F7C34A2-BEE3-49F6-A88A-42B2BF8F172D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35A6B95E-01CB-4097-8273-4BAE99E1C5A9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4177679-C37F-4F32-A759-563ED3C91239}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F649F3B1-889B-4815-95AF-EACEAB649D04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{79C13A3A-B284-41DA-AC27-605B7A30028A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A2D36B-2DB3-4974-80C2-66F0B9E4ACCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{579925F4-098C-4147-9F42-78D488875BBB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E01663A0-F656-4EA5-A0BE-2EF42A77EF3C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0A98C4A5-BC2A-4B72-8E5F-78DFA8DE47BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{08FF7ACE-1F9D-4865-BB9F-20314C6EC19A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8CFFDE96-4BE6-4F6E-974C-EE74755B1DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3C6A3D61-2AD5-42DA-B1E3-B6BE37D86AD0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37424D89-F2BD-480D-A1D0-1EBB34FBC3D5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B40FE188-250A-4CE7-BF95-D564F3B67955}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FC92B4D3-3E5C-47E7-A0BB-DECAA18A16BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FAE2B80-9FB8-40A0-9210-BA4D9808B435}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4885BF58-D6D5-4598-8231-FCDC67758587}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AD11AEA3-298C-4809-9499-A5D64E6106E4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3143BF1B-44E2-4C64-BD00-26AE3C907B9D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{878A6058-75DA-4E0E-8165-E3D242C9E457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C88E5328-F6A8-4BD6-A651-C6A5873583C7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDC9F9F5-2E02-4680-AFC1-AC21D3A85D37}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{720C8B70-76CE-4E58-8655-D30FAC87A9A3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B8635EC3-1EF2-45E5-A5E5-2BD0771D92F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6A05C3F9-D01B-47A0-B8C8-B21081E6C2BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CC681-9E8B-4172-BF39-82BF9076B5EC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D8B90BF1-B6B6-472E-9230-CE9461E08FCB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FE724A51-78D4-4713-8C4F-4F0C418E5740}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD04E17-1820-49A3-991A-4DB12345676A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{901480C4-8085-4F2E-9E1C-4354A5AE7824}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BADFF8A8-6BE3-4F5C-9010-45D8BC257E10}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{435EB0B2-078C-4242-8C45-365838C295D6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{E6BFEE88-4E50-4831-857D-1713385B0A91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{54C62852-3866-425A-8974-DD137C016709}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D25DEC4F-8B28-4E58-AF45-71A10B62A108}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2F49045A-D98F-4B13-99C5-33BED226F5A0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CCA89-2824-4E02-AC36-0B1525CA8EA0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{442DB915-2F22-464D-B411-94588626CC64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9B721A11-27FD-43BD-9407-2B387F36D38E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{41D54D88-C6FE-4007-BB42-976E772293EA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{9308E758-D670-4261-8A0D-16780D06379A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{F84A4198-EB82-466C-A168-CAE66956871F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CF097CA1-A952-49B9-A2B0-ADA6287F5054}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A7EA8353-EA93-43B2-92B1-CAD88CA79551}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{036BA130-3519-4F73-8DBC-B3AACD8DB888}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B38E7EF2-4424-4C4C-901A-AA2324793AC1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C915A67A-082E-41F5-9633-1A9B4B29239C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{E3201ACF-472A-4FB6-A9BB-B81749C1FEB6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F360A133-33B9-4193-9459-113B350C70F4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{061C4CFB-C53C-4BE6-97C2-B5C7F547C820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34431212-2BD5-4680-B03B-0957B8D5B8BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE85DDFA-2A81-4F61-B800-41476B128CD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BCAC6C39-6F93-4616-B77F-2AB8A20BA323}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BE635F4C-458A-4F83-A3C9-E8EE6B9C465D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{A4C8568D-14C2-4371-8AA7-879CD4581990}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{770AEF79-5AFE-475B-9B81-4C4DC68BEAD2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{18167C02-E63F-4B45-8912-8EBCCE3E65EA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4172828C-7B89-47A8-A348-EC2C102F2CC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD9FAD53-21AF-4736-98F2-8C983E43136E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3C724C0A-7E1A-4A9C-A466-1669E54FA3FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{A68D7AF8-9544-4EFF-A750-0A5206B41DDE}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{18986D83-2697-4897-8E09-5660B48F3B6C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8E41F5F8-7DEF-4755-A344-34474E7E9F55}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C28FF491-EF2F-42B6-9ADB-F34DBD534A68}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AA771E77-C1F1-401F-88FA-A300A3037ACF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6C96DBCB-2237-48A7-A5C0-15769D0B07E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{276C5790-37E7-4FDC-9FE1-FC21E45AA976}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{562D4FA2-8A09-4F15-B990-F815F8BBFE27}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{42A9531D-7297-486E-A2BB-3DD4843A952D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{00B4B467-33A5-49C1-8AC8-B007CCE3F877}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9372497E-611B-42B4-B8DF-D87982AA1404}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D3FCD9C5-72D4-4A7E-BF4C-B0445A72277E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE01608F-6143-4D89-A6D7-950B0DE9D8E2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0F644069-662A-41EC-BA3A-8D1ED56D4389}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9509B8B6-014E-4ED3-88F6-609DCC2DBDC6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C17DEE94-6E9F-440D-9E33-732742B4C75C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{FB433A5C-4FF2-4F46-B9E8-04E5C72095A3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{350AF2A6-EE4C-4D7D-B742-98F15BF644C5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CDE5A90E-8E78-4F3F-9081-91DDCC7266B6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B4F0D6B0-5D6A-4069-AE9D-B6E904C85167}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34181C25-5524-4AF6-8A0D-75C51ED31EC1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7231E36-308A-456B-A7F5-28B2857362AB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2AE92CAE-7119-4E0B-A01D-D58D8459AE7D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3B90BCC7-9B9D-458A-B745-3D4685EA5185}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{77896F8E-961A-4FB1-BB82-627A10EB368E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C0B2F339-A60F-41BC-AA5A-EA05EAEF824B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{89BB97F7-B40D-4119-B03B-F48B8830E146}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9E4AF474-E0F3-4262-9EF8-C9B34DE229B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96567DA6-A1BE-4E6F-95A8-C38CF15469B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A824C622-5AD5-4975-8A3B-F58311B63BB2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDCF5B8C-F7AC-4528-9263-ABA123D223FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{24367EAA-EFA4-4671-977B-DE9F1294E4D5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{36ACFCF5-532E-4ED6-AB0A-EA10F05C8767}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{D2A876B5-0199-4CFD-8D13-CB522E79CC96}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{38E2BEAF-0EFB-432D-8CAC-FC80938DD72A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{40346FEA-D925-41DA-B3E9-C4E71D120B97}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35E9A5DB-D2F8-4F57-B819-2D73175A04BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8AC27493-5861-447D-B901-2BD5D8EECB20}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F787A928-C8D5-4E9C-B588-41F19D688312}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2B75502-BF7C-41FE-A450-270E1E139F31}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{362EC624-DD87-45C2-A2DC-F1A7A938C8B0}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{4185F2F7-DBFC-48D5-8C7F-1ADBFA016BCC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{520D5D23-256A-4471-8CB0-11969EFD1135}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8EA5CCB8-8D6A-4E38-9FED-F956D59020CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4C7A07F7-BF48-4BD9-8A1B-7015ADCFBDEB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{773200FB-460F-4069-A99F-664D94B24469}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2CEA6A60-7D10-414F-B101-751C8C83E465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F40CB124-E6DD-4CD6-9DFD-1FA645E09E8D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C502558C-5F33-4BE6-A639-E2733DD68722}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{125AC86D-02F0-45E2-A97E-8409EC7674B9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6C6926D0-E30B-44E0-B8D5-3EB724EADED0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D133B3A0-981B-4678-A113-2EF20FBC0457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FFEBF088-8CEB-4A9A-AF37-2688A5E9E11A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D611E184-FC32-4304-8C91-7501BD8908BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7BE8A83F-F7A5-4C61-902F-4010B6023158}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81B22084-16EE-4F02-B10E-C2819DE45A0B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{473A4F9E-DB29-42A7-B01E-6277729B4E75}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C5CD4C48-C4DA-47A4-BEC9-071FDF75FF6B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{24B5433A-FED8-4E3C-97BA-D9C180A64768}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{734A6860-3EE6-4906-842D-143E9887CEE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F2EA9B-9E3C-4102-AC7F-FD1C1795CDFE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F37FFEC-0B13-43A2-84C4-4B646D9EF176}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E5CC67FA-19E6-4F83-948A-D009C8A18B88}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D11F81D4-9E01-49A1-A392-5E597280DAF7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{E647F3DE-40E2-456C-9133-21F65BC62296}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{4BDDD8D2-42AB-428E-BCEC-4C01B3D4B0CC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3BA1451B-AA13-4B43-B392-E92E36626125}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8C313259-58C8-49FF-947C-F4D80A751215}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{318448A1-3C83-429A-9F3B-021BA33A43EE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4739447-D306-4DBB-998A-78CB0577EF90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81A840CB-0318-4D7D-B4D8-E75E88A9ABCD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2EBD2588-FAF9-4E85-B4F0-BD9B79061846}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{A65ED66C-2928-4B2C-B093-3C9568C464BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2858D07F-BEAA-4EA7-9378-52444B5D99CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{31FA352A-F9E1-4B9E-B63D-744CF8BA7BE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6D3B0F8D-1401-4372-957E-09403998E79F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A17A8DE7-B422-47D7-B560-F7BDF081BA74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68D40B93-37EC-4159-B7DF-667B8F36EDF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FBAA1739-6B85-446F-8DFB-0940A90E6162}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F7C47502-1464-4B6E-B6DD-01505AE3DFB5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{051883C4-6D51-46C5-AE12-368BBCCD22FF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{0EB668E2-5341-4CDF-B897-46EBA2795F81}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A25E703-136D-48CB-B511-DFD4FDD16130}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BF601B49-FB4C-4810-B29E-EF866AD2F516}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5ACEE9E4-B8CE-4514-98E5-D6F399E89C3A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{815779EE-2F28-42A8-8B7D-C4209C1ADCD6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6776851-A029-47AF-B505-40F007F9AE77}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{45E760AF-9C8B-4EB1-B132-33E91028FE2B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{D00A14A1-339F-40D3-B688-B7F829A9CAAF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{64461CA7-447B-4AB9-B95D-6A343C3A0F15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{139D42A8-7461-44CB-832B-7CEFC70C93AC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E91E0CB4-A551-41D6-B1A2-6E40EC94F2CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{46B0E176-66EF-4332-810A-C420CAF64BD3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C1B119D8-3286-49EF-8260-48390C4D4558}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0FEF8F77-00CD-4F10-AE53-7D1636B4E29F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{088CB9F3-2F69-4D3D-9F1B-72F7D04D999E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2E72C4EF-7AC7-4FF4-86B4-5F03711B1D42}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{64DF7967-D7BF-4DAD-A89D-A02C41CEE46D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{266F8A68-0C89-4447-B121-55FCE74067D2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C307E89B-35A6-41CB-B894-98404B583505}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F4A39CB-88C6-451C-A7AA-3021BA476C42}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{02631513-EC74-4C46-B68B-65254F26E0A8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C32467B1-43CF-4645-AD76-354DD515C828}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1CBC1C0D-4A21-4617-B899-AA094120C31E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2777F7CC-5C73-416A-A2B6-A8751429002B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{F41711A9-7A50-4C4F-8C5A-8665E251ABF8}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E068E0A0-AC00-4F7D-B6D1-4D09723556AD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{84797E1C-2CD6-4371-A50C-5391913A886A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D807AF26-5F66-4223-8622-1F0EDD6E6940}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C553AE03-037E-442C-8A62-C1E04F29F5DB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF2D469D-BFFC-42A5-97CF-08170726E728}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{82B465AD-B19F-4CA7-ACE0-681A933A0D4D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{DC0DB863-AA4B-4697-8DF6-0B90DEA6A634}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{D8330800-6989-44C9-A109-93E242AE0BA1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA2D5F9F-972F-427B-AB97-0ECBF6358981}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3C07E4B3-0B94-4021-AC18-EE09F7C85F94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44AB58B6-67DA-471E-B9F8-E5653D307918}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93B5E2D6-4F92-42A8-B118-1B4CBCA8EDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{70A1D573-CC3C-455D-9FF2-68D36C266467}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6647E09E-57DA-40FC-964A-D9B672337E55}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{3CE65442-1CA0-4A3D-93A7-8FEDC5A9BBF4}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{57F3E5F4-7917-4FD0-8B1D-CB1B14B9148D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A9346CD-495F-4A62-A804-DA2000FA069E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{59669864-A486-47C1-95FD-8986F0977865}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{084BCA98-28AA-4204-AC7C-EB80A3CDDA6F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{89F99DBC-FB51-48B3-B1F0-FE5391871425}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{073E9DFC-59C2-49BE-80A7-B6F791CA386B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F09F6180-0DA4-43EF-A6BB-91BC5C4CBF53}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{8F938DBB-A146-4DB2-8E7C-0B6B83DDBF21}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{7421FEDC-89F3-4A75-B2F9-76361368ED11}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4A7187A-3C77-4469-B5EB-3A7C75AD236D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2D975246-C996-40AC-B556-887A8E88B340}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7E7F0FF6-588A-4F98-8D73-51357AA357F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1C742B8-E559-4966-8CE4-D44B8D3394F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{50988007-3A7E-4373-AE9A-90616BCB3BD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FD23BE44-1F09-4D26-A661-6AFAAC7D87AA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2149BDC1-0699-453D-B346-FAFC40FA4F0D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{EECAB14D-6712-46C7-92E0-DAC97BB5FEA5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E1DADEE7-C194-44D6-9939-2FA13DE4B10A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DD9FE108-BA7E-4A7C-9312-A2D1D46E758A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{975B82E6-5B0A-4FCC-BDC6-1002B163E24F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7F174BFD-2F67-47C1-8744-6D7C4E209040}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3AAC42BD-199D-43AC-9456-8E5C4DB2AB45}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{599AB384-E054-4CF8-94E9-D8E857A1C266}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{AE928459-4E3E-4D50-80AD-D5B474DA5754}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{5C3BB71B-7FD9-4BE4-BFED-97D86813C897}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EAF765AD-A50E-4D3B-83B9-A3AC1C624ED3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{90C95B4F-0E52-498D-B266-EA3041C00640}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2BC5CA36-8189-4470-8ED0-46E8B7470597}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BF56B21A-4053-4D37-8DE5-F165CB9F44D4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56DE8B56-F72D-40A8-81E4-87E4B5CDE820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CDD23847-3424-4CA7-9A03-E2854181AA72}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{CBC29BFE-7FAB-4866-A3B0-AC604B858D8E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{84304E27-EB46-4016-BCCC-F52924A38936}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BB00EF0F-8A54-4F39-B539-663403CE5065}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{389E90FE-C80C-40E2-B0A8-B98C644A8D94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7181C2A7-796F-426C-9C29-108E0B06E39D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C69BA621-4D21-47FD-B07E-A11322054696}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8B7B05F8-CEA2-4128-9CCE-0EF70FF2AFBC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{87B6C84B-6F6B-4A18-9448-D904EF55D29E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{282ECF72-D30E-433E-AAB0-E09C534007B1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{76A33309-7B20-453A-9AF1-151FF04C4462}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{009BC8BB-A465-463B-B6FE-A92565DEF0CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8B9D408C-EB3A-4DDE-8A19-B027FDD06057}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A70D8838-63A1-410B-A306-BBE08369C93E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A9EA6DB-CD92-430D-A939-1FC9472390FC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0359D6F7-C06E-47BD-94CA-08D08EF749F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3300AA24-48EB-4D78-9470-85AB133D648F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{56CB5966-E2B4-4367-9376-6EB1E5F45968}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{8C05BA53-1037-472C-A95A-E832F8F6FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{07CEAFEC-3548-4A48-B2E5-3665DE033DCA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{AB962CEC-780D-4982-9D26-CBC9BFE78D08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E204097D-B536-4F17-93D4-2C76E758A103}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{25D783BE-F365-4974-B4FF-5C43DBA864ED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1803AA-2395-45A1-8685-AEB8EB4DF959}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8A860FDD-038F-4719-B177-B54132C0D4AF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{1950D412-D51C-4A4C-B425-4F8353ED8339}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{95259B6A-8C20-4093-BF5F-F077AF9B5F42}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{7779A226-79BC-4383-B87C-7C98B26BF7AF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA8C45BE-8F96-41AD-AC5A-D4FF121E272A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3EF5AB21-1BBE-4F0D-AF39-C582A58509B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2D37C8CB-2EC8-4B94-88FD-29990CAD03C3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1109DC2B-4195-46D4-99FD-ADAD0FF180FD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6A562B13-27F1-4403-80F0-958C94E8B43C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{34CDA7F7-D965-41CB-B933-B2194BD2738D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{3F469FA6-9F22-4D35-8CBB-C1613E522E75}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4BE6A8AF-7FA9-4FA7-B5CB-0C3A514B3CD1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BEB89631-E0B6-4B4B-BCD4-815F197168A2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93880792-9F98-4834-BD4E-89EB01F0F977}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{69586EF3-278B-4F65-BFE8-B09EFD9D594C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0057568-4C53-4655-8AD2-EEFEC0BF85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C3AB9A61-A251-4F70-A389-9AB08DF17E4E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{361D4629-A693-42CE-9196-3FED53DF7874}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B76BC34E-8E15-470C-B794-D8961EE8FE80}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9997AFE9-3611-4E27-B62A-E2C5F6C29A5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E4AD3FE7-63E1-4EF4-BDAD-0A3CF5203C25}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FF88611D-8298-4D47-A246-3307C167FBCC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A3F86C-9721-4699-9196-3576216E177C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F9E1AC54-F3A2-4EF4-A369-108966CB944E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{52A3035D-0521-4FE4-B75B-744C2DE1CEE9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9C0E2022-71BE-4121-B5D8-E0FCE3989922}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB725E1A-5252-434B-B8B7-191597265C53}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{71F774CA-E850-45C0-83DE-0C9A4A63C886}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF29EC3D-766B-4745-AB6A-4B08837CF5FF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A2BD5333-1B71-4217-A62B-335964FE7628}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39B24053-8577-4EAD-94B0-22D3DC4ABAAA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C73413DD-E1B2-47C5-BCFC-DCC531B61222}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{723AAEFA-60D2-4BB2-8BFF-71DA488D9D33}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4074D0BB-B5CA-417B-9B3D-98A9AF5AAF5C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{803E7B71-B456-4A87-957D-49B190DC8A51}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C5053B5C-347F-45E6-B58C-AAE9CF5F344D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F25A49C4-200C-4C25-9051-DBE2C359DC27}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39C15A3A-5A60-4C33-BD3A-22D77A422128}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6148DCC4-600C-47A0-94F8-5943F9AEAF66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E959DB2-48A4-49A3-9B30-C1BFAEC962AA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{141A7DFC-0C1F-4BD4-B4F6-F7988685685A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19DCA1F7-6D29-4D75-80E5-F44024D08BA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19FC3ADA-4B75-4D07-AB13-F08362925836}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5C4791C4-E518-4230-A01F-C2414C63AE08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81023AFA-E62E-43D5-97E9-B57E7A092462}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E92F19E-9A0A-4A83-AF2C-3E2487B7A29A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37972A94-112D-44B2-9EEC-FD1A562F1D4E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{0A1E345E-3E71-4EE9-8331-EA2FCD89456E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{257C14F4-5B52-40A4-9C4E-1DF40490CAA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{88B083F6-1D98-453B-960F-266A2F92465C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DF60D76F-0AA8-41F9-BD85-7B51023AC935}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E1FD8CE4-0C7F-4156-9F89-9B43A462C5BA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D53D265F-0CDB-4A8A-8254-224439981465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6ED31868-E0D3-4316-A41F-F8FCF799A3CB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D7F33A0B-0226-4F95-8552-22951EA2C491}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C95CBF46-E75D-4BD8-9CD5-449C4BDFA357}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E3298CFD-0C0A-406D-BF18-31C193E4FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FBBA51CA-DDB5-4CD8-8F22-7B7D3738EFE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16EC3942-EBBA-4799-B01C-207AAD6CD1DC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D0FAD837-335E-4FF7-9BDE-9EC7ECB5DCC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9AAD431D-CE35-4B42-85D1-A7E1077E5BA3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FBDB4A3-165D-4C59-9370-A2D7D74394D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56C77ADC-201E-405A-BF3F-C9D1E8082946}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D253F002-9D3D-4750-A1C9-E0A2F0B22174}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4C698845-B2D4-447C-919B-6282047E7522}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C23FC826-1D12-4CE0-AB5A-5185CB63866A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D1A5571A-784B-465B-A136-7185F09A3DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1B5ECF0F-2BBE-48AB-BDEB-1BD9504DF6CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5233C978-0242-4969-963B-E3E7DC25F872}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27C49FC2-C98F-47D6-BF63-E9E69931BDC5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF312D9C-2CEC-4773-B1E3-64CD666312DA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E55EBD1-1164-4C94-98C7-F62B18CAA578}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC9FE827-EB93-415D-A337-D2ECA6DF61C4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2422A04B-3960-4BB8-B974-4569331DC550}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5955A54B-EEE8-4AC0-931A-3B0C22977189}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B98EBAC-4AAE-4069-BBD1-35AB28ADE153}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{32E9A472-96F3-4FCA-A86D-F47F37068BBD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{746F4716-A8BD-48C4-A78C-B6352B1E9D56}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3DF93235-0D89-423D-BF16-F1140FB00C99}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{77F06FBA-C837-4F8B-B651-B97590F3A69D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{609945A4-8335-4C84-8415-65C6C5D3B70F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB4954D7-528C-440A-85E5-AA5ED5223C15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D40FE577-B2F7-416C-A3F6-33BF0F179E8C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96456D34-1067-426D-891C-66817592CAE9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64CBC813-AB0D-48FE-9574-F29DE39F7CF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{ADEACD11-F389-42C6-A9A7-60F7610A33F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F872F10-4FE7-45DC-AE21-26162E036F0A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AAD3F11D-83C0-48A8-ABB4-DC470985BB6A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5C8BF79B-1B66-4E14-8BF9-672DCE0C932E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E812D21A-8D97-4E06-B3E9-66A3FB1A0159}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EC44547E-B9D5-4EF9-B231-D04E6F7CCDC2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{651B963A-38F4-44F7-86DF-D6C2CDFED7CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1E15E1E-7628-4536-BEC3-40D27C85048C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F4645668-F876-4CDE-833C-D10134A8FF9F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4A7ADEEA-458F-4F04-9023-81FDE320E758}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A462D1E1-1C3B-4B24-87FF-73889FDA2C91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{EE30CF95-536C-4962-B750-B0A4BBFAADB9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{91849CAE-18E4-493A-92D6-4536E0F45726}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4874916E-34BE-4FA0-A136-A9E6700E342A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{16D32B91-D9FB-4362-955C-9D024F4BF32F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B2718225-2525-4356-A1DE-E7665A7B1C8B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A694A77B-1F24-400F-BF56-C3B399BE93E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3666A9E-3DDB-4966-B014-D37BDD0262C7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6CD6DA3A-E6DF-4556-8D4A-FE84B675126D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B910521-AD7C-4B12-8904-3F009400C81F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5CBA1262-C4D3-4DC5-BCCB-6B4F2D9BF731}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F09AAEA6-564A-4F01-BC56-9256476D6144}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3F506A86-1BCD-427C-988B-5069F8A00110}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1F97C1-2833-46B5-A0FF-FD4BDC34AF48}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6AE9B749-DE0E-4EC8-B425-9591A70458B1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4096B082-1F76-40FB-8D6A-31D411B43E66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E27FF460-D153-485D-8BF2-02BB20289EF9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C8CDD6E7-261C-470B-867C-2E0A305C081C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{56EDFFAD-7643-4300-AD15-8D0DF89B509D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BDE4B3F0-AFCE-42B3-80E3-8A5D1E3DC545}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3523ACA9-6A88-4243-80FE-0BAEF7EC3AED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F6F9B417-4F87-4A0D-990A-A417237974AD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{60C7F46C-86B7-435F-A7B4-3CC75CF312F7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B3AE992-4209-40FC-9A97-59965AED1420}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4D7FD718-4C5C-4DE5-9A9A-3337FD7A87B6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FD682FC4-77F5-4D7F-B096-36B86B48B661}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{073E09BB-E824-42CA-8C86-31FBA6BF6870}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D4B1AADB-78A9-4CA3-8724-0C10207A7FA2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{03000EEB-9C0B-4616-B1C9-C4B95E27ACA9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{14B8C861-3323-4CCD-B033-807F07ABC68A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{52E04AB4-13EC-4829-8507-28EBCF36E97C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9D8F66D5-0F93-45D7-82DB-AC62140FC173}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B7896EB-8B29-460B-9E03-D2FFDD7D85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A5245F2F-00D3-49A1-9FE0-0706FA69A520}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82B6597E-25ED-4816-BF52-E01F28D24C0D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{99D7983F-8E02-4D0C-9DCB-B53673EBDA87}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BE2A5392-25B7-48BB-92CC-3BF605CDFEAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF6438AC-9B0E-43A2-BB05-A65580E5EFAD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8DDB52EA-3303-43A1-9EDC-817297CB3593}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{675FE2CF-1F47-4BE9-B392-8F0B31FAD5E6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{3CBF9CCA-5F80-4E75-A9A0-295526FB0024}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{24788B50-A810-4FF7-99AB-A2844A149455}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2FC56437-09A6-43F4-84D2-0D67860B0EBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1D391574-36D1-48FA-A8A2-6FA5FA3D5D0D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68AB5D62-BB5D-4A7A-A2E4-2185B6F70715}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C92BEAD4-3475-42AD-B89C-8C8F8BCF48F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BEF849B6-9E6E-4FE0-A255-5DDD4DC31BCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DECC2FC6-4BDF-4A10-A0DD-2B01BA9D1F9E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{ABF23583-84C4-4195-9717-C3A754A4080C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{DC5BBDA3-A588-49E0-9A49-E19FB030F7D0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82DC9BA7-67A8-4CF3-8E66-AD4F645B9BD7}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4713757-C8F4-4BB7-AA27-BE340650CBBF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{239D823A-F643-4ECC-B394-B09068D9A8C6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C3CD3FD0-64C7-4511-8FBD-76FF0FD66D32}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F2ADED2F-45B6-422D-862F-F68D7BD97980}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BA717979-DC63-46A6-A1AD-1B9B64BBE8F0}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4DCE49F3-0073-45B7-8461-D76677618657}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C2413AE8-D003-4572-9067-D6EE13877D27}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6B321238-2F61-47A4-AEBE-FB48275835A1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A5438A7C-51A7-499F-844B-96A81D5FA6AF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81667A2E-E3F0-4243-9648-CEA95B853A3D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D8FE785-F51B-46E4-96E6-26D6ED316E1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7ACB403-97E2-4D0F-91DE-AC15D02AD251}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6E25349A-4B56-4293-9C0A-D04702DDE989}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{03F9E784-9C27-4BF3-AEFB-C7BB36E7EDC5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F0E28111-9CB1-4AF6-9DD0-AD89E5523515}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C4CBFF02-0D55-477E-BB97-F5E2ECD5F8C1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6007E736-3FB7-4AC5-8DDA-55C5B56FD03E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56CFF1CA-7157-453A-B843-04B36534BEB1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{54AE2208-02EC-4DE3-8D86-B363AADACDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D294E64-C01B-476D-B7DF-ACA34AC060BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4D845892-A583-419D-878A-3E195991DFC1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{566D0F56-ABFE-4A36-B0D1-35A401B8103A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{59E4BD35-84B3-4B09-864D-BCEDACE5E6E5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{577EB62D-EB01-4216-BB8D-D8838AA865BE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1121756E-15C6-4BF2-805E-8E4CE9B64569}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FEDDF0C7-87D3-45E2-87F6-EBD00B7BF63F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE754F0C-A0CE-4DEB-BF69-BFBF3111E802}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{86C4C530-B837-4F9D-92A6-32759F502E04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6896D75A-0444-4EE8-8C1B-DCCAE7E7F098}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2A3580EB-2695-46FE-9732-9905265834FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B85806F1-B486-4F61-8895-E9C8187CF088}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DDFBACCA-6900-4407-BDCE-FC31C27F1556}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16F4D5FD-01EC-4421-A669-63D2F5C77498}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{87D8DB73-BAA7-46EC-8A4A-3BEF9ECC1777}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1BD9A2D6-358E-407E-ACAF-2F5BF9936FDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8E629903-E2B9-479E-BD3D-D732F2438C64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8D62C98A-150B-4F74-945B-B1A637B99B91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0B238E8-A51F-4C56-8274-84E171289191}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5516882F-5FEB-4791-B8D7-10F9D546627D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8CCAC162-DE65-4BC6-A17F-30BE34E0D74E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5E36DD0C-D880-4ACC-9226-BC9C8BA375B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E5DCD26-9E3E-49A1-879F-977BFB030778}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F0525C-5AA4-4DF2-B96C-A45AC509304C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DDD5698E-5A63-4775-A08D-81C9CE62190A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{024DFB98-03C7-40AD-9BA2-E9E9194E9E3C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{616E2CE4-941F-470F-9722-646ECEA80935}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{388380E2-E380-499E-BC16-C1BCE07CDF43}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{612D849E-C56B-4298-97B5-F2EDBD5FAD79}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F0B6C457-1AEF-4956-AA40-401FAFDFE3BC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E864A38-979D-4EB2-B1E7-B850BB1EEB40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{409757AE-F7F3-4815-BC60-94F0157E6F0E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{155FE014-683D-4EA7-A93C-7B094D861EE1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D1B89A-194E-4489-B133-EB057E711E22}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{8ABD21F9-2415-47BE-A4D4-9C6E9CB540D4}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{11F49C31-A45D-45AA-BD31-95FB186E8C52}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9A3F164D-6002-4D17-99A0-30441DE3A6E3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{10080AEF-019B-43A6-BDA0-2BF3BCE369F8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9870AC12-796A-487F-9FDD-7DB0BD11BB33}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2634E034-DF42-4647-8CA0-255D70B55C4A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2ABA316F-95F9-44DA-861C-B8BED415E6B7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D404EDC1-B880-403F-8FC9-E0CFF1723A46}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{9A2E80A0-1541-45CC-9761-61366B3F7187}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1630523-66F0-45E7-A943-DC3724760AFF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{20C329B5-FE3C-4BB0-942D-E74E25CB2A1C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A63E5332-2470-41A9-8268-5F06C4F036CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A6385D6F-2C95-48AD-8D4C-6A7A4BD90B7E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9CEBB5B8-90FE-4159-AE07-5DE5A06949E9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC497F0A-867E-4D60-A664-A50E14FED4D6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E452FF31-71CF-477B-A819-F275602F48F2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{06D8F132-B4EE-4C72-ADB0-3BD4788444DB}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9B9E1F82-36CD-446A-A052-EE8603D628DF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD466303-A69F-400B-AAE8-1B1DD1708BE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{80B3DC9B-8875-4633-9AE3-D3E723D0CB1C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9745B821-914C-4B9C-BDC2-E74570A4A5FA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{126538A9-EF8B-4B5F-A105-BCC838A2D77F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{44F5EA72-2B61-4131-8244-F5C312E0DE7C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{407D8712-F7CA-4217-85A5-6A976FECC06D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E6DF2C0D-3E76-4C32-992B-16E1F5203C34}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{300286F5-174B-4948-BFB4-EF0C34C81F4F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{10675BEB-3A8E-4025-9E3B-271B33F21DAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BBE95EED-08B7-4DDD-B7C5-0D768253F9D7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EE72182E-4826-47FE-9508-C42B4440A868}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D62490-8010-414C-8C18-1F03C30115B2}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{396E43E5-DE02-451F-B256-DD574635CA38}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AB347484-2AA2-48E1-8B82-7C848FDA4915}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82AD3F7B-B164-43CE-A629-275A13ABE9C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{388AED80-2F56-4098-8F6A-669A49930C74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E490060-76CB-4931-93AB-FBA7C00782B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A86E42A-BE42-423D-A3E5-D3252DC55524}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6F3A854B-73A1-4B59-88D1-BB044587FA40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44020F35-B74E-43BC-9029-3A5BD73B61B7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{39A19D55-3C21-4B75-9D22-786640A00F1B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{009C2814-9608-435E-B73D-60C18BF54BBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4D16A462-5E7F-4644-A9DE-F6CBFB1E0428}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C64395DC-4F70-4487-B6A8-825F9CE35F06}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE2FDC7A-B454-4F29-AAEB-A8BECC10477A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90D9CB1B-EB5F-4CDC-A5F8-B9B22752A584}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37F31451-4220-4086-89DC-B58FAF55E859}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A46049F8-9C79-42D0-84D1-A7410FBF0E12}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C7DA7110-1E98-42CF-93D9-895280050B28}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D4F69536-5C00-4B57-AF6C-B3A67E87ADFD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6AA9E4A2-D09F-4288-AC0B-B034F32086FD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FA765916-6593-4AA7-9449-B59EC422759D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{729F3F4B-F3C9-4CE4-A3D0-5C18A4A0BE5C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9C3E0F65-24E4-4D8F-9B0D-DC45C363E4FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{614260BA-E91A-4586-B0FB-A43CDB9DDF81}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{946BE8CD-F780-4C12-B7E1-50EFFB323DE9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6DD6537F-AB9D-4382-A9FE-1BBC6DCD705D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B4B21132-DFD6-4B45-85B1-88D2CC22125A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F1AFD4EA-91DD-4733-A660-4484C50549AE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C93ECEE6-C1B1-4195-B036-2C84BDF4D476}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{982CD324-7841-4014-9061-4C61CAA84B41}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{97450C8F-202A-443C-8BB2-3E8C00316180}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12FCE835-4E59-415D-8FD8-DF4DF53855BB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF2EDF1B-DB2E-4D2B-93FF-2E9BCE782AC3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C970DBC3-8B00-4644-BCA2-DAB874CBB923}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E8BFFCEA-1C08-4EB1-9D26-4D58A7F1117F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E465ECBB-775D-429E-9B96-55529E550508}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A402C1CC-4291-4C6C-B8B4-98E60ADEC9F6}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.186\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5B1C41ED-3183-4AD3-A078-42DFD241A17D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{73E87491-7F58-4B31-BC68-9D895F516430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EAFD9316-0F72-4952-AF7D-C2C5E1C88DE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6C042D8-BCD9-4683-B244-CE4E8645A2F6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27B4157E-65CE-4EBE-B910-888B69DB3F5E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2099E6D5-3318-4A46-BE2A-0BFC8064A552}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{7B860FE3-785B-4751-B8FD-9DF143593F02}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5664C3C5-D48A-4084-B2C5-1AA8E583AE3C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6387C489-EC66-4DB9-9E04-8CCB5B0F66E9}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0C3E4428-7724-4C6C-9816-7EC95B29D9BC}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{42638945-DDF2-43AD-B502-45B851E94E06}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2ABB9A40-F36C-494A-949E-4C75B5C6F353}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{347AF792-9D11-4DA3-94FC-5E4E8AE56443}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5EF0AC3-3AF8-4BC9-B1F9-14CB1D34F9D9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{53BB179A-1FB6-4665-A969-2440FC1DC175}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D955CA21-A1E2-4418-BCCF-9255AD57453C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4E3F5EBC-680B-4EF2-9EC3-4E7110F26F9F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{94396FBB-22CE-4842-9E73-695103F85521}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C919BE96-F587-4588-AED4-935E8FA6A0C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{AA718F2C-57FC-48C8-986B-58738F89A53C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4F1D7D86-BAFC-460B-9C43-3576599F104A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EF7E039D-A68E-4E45-A349-36689BEE6774}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1155DBED-0BA4-4D0E-A7FE-E1B3B68EEB0C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{719385F7-C431-4E17-AB19-2075DA235EE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BB77705C-910B-4DB8-A446-1D866958AFF8}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1AB89C7-0298-4B9B-8DBD-BC28601EF3A5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AF0D50D0-C945-43DD-9F98-86EFEEAF1A32}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{58A9291F-CDF8-461E-B092-9E2004F6B80C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{75552F21-D1C2-440C-977E-07480CD45451}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C9A9BA6A-D91E-4D27-8A58-D188D0675C90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CBC1070F-1093-4FAD-92C7-711709080DEA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C78B4763-40FF-4E46-9D55-EE7A5C56331C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5F524D7-D387-40BC-A6D3-434C8B6AF3BA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6AAF572A-A5AD-4EE3-8481-B542B7BE46D5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{12104274-F03C-42D1-8998-D3CBA2562563}] => (Allow) C:\Windows\system32\winrmsrv.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{451F4261-A951-442F-9326-0E0F75229971}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{399D0680-750E-4F88-BD29-68F44937FC17}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{986C6A7E-117E-41B0-AB79-1EC3F50797A0}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.320\opera.exe (Opera Software AS -> Opera Software)

==================== Restore Points =========================

22-10-2020 12:31:15 Naplánovaný kontrolní bod
02-11-2020 10:39:16 Naplánovaný kontrolní bod
11-11-2020 13:22:52 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/11/2020 03:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: javaw.exe, verze: 8.0.2310.11, časové razítko: 0x5d987068
Název chybujícího modulu: J7GB1548872857273787995.tmp, verze: 0.0.0.0, časové razítko: 0x5278cf66
Kód výjimky: 0xc000041d
Posun chyby: 0x00000000000089d2
ID chybujícího procesu: 0x368c
Čas spuštění chybující aplikace: 0x01d6b834e334ce99
Cesta k chybující aplikaci: C:\Program Files\Java\jre1.8.0_231\bin\javaw.exe
Cesta k chybujícímu modulu: C:\Users\user\AppData\Local\Temp\J7GB1548872857273787995.tmp
ID zprávy: 10ca0119-c922-4a20-a9a8-b34d7d7c4c0b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/11/2020 03:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: javaw.exe, verze: 8.0.2310.11, časové razítko: 0x5d987068
Název chybujícího modulu: J7GB1548872857273787995.tmp, verze: 0.0.0.0, časové razítko: 0x5278cf66
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000089d2
ID chybujícího procesu: 0x368c
Čas spuštění chybující aplikace: 0x01d6b834e334ce99
Cesta k chybující aplikaci: C:\Program Files\Java\jre1.8.0_231\bin\javaw.exe
Cesta k chybujícímu modulu: C:\Users\user\AppData\Local\Temp\J7GB1548872857273787995.tmp
ID zprávy: b03a36d2-6317-4a69-a4d6-f0e14ddaf44e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/26/2020 12:18:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/26/2020 12:18:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (11/12/2020 12:31:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.

Error: (11/12/2020 12:31:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/12/2020 12:29:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.

Error: (11/12/2020 12:29:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/12/2020 12:27:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.

Error: (11/12/2020 12:27:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/12/2020 12:25:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.

Error: (11/12/2020 12:25:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
===================================
Date: 2020-03-10 19:58:13.183
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {078A4708-937B-4A38-944F-8995F3777010}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-09 11:37:13.201
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {9F8AD6FA-51DA-443F-AEA6-1F99184B015A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-08 22:13:33.442
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B0C2DA71-3C9F-4818-9E58-16F19F2F1A86}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-06 09:55:54.648
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2C6C338E-C950-4942-88E6-19D1D93985AE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-04 21:52:17.253
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {630B2D30-1C43-4513-8AA1-D3F615F19A38}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-02-21 11:03:45.553
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072f8f
Popis chyby: Došlo k chybě zabezpečení.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:56:52.865
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

CodeIntegrity:
===================================

Date: 2020-05-26 20:54:44.290
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-13 00:24:44.488
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:21:37.810
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:20:30.940
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:12:05.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:11:45.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:05:48.478
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:01:39.489
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 06/05/2019
Motherboard: Gigabyte Technology Co., Ltd. Z390 AORUS MASTER-CF
Processor: Intel(R) Core(TM) i9-9900KS CPU @ 4.00GHz
Percentage of memory in use: 10%
Total physical RAM: 32699.06 MB
Available physical RAM: 29253.5 MB
Total Virtual: 41915.06 MB
Available Virtual: 36429.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.31 GB) (Free:303.24 GB) NTFS
Drive d: (SSD_media) (Fixed) (Total:1907.71 GB) (Free:1223.8 GB) NTFS
Drive e: (HDD_media) (Fixed) (Total:7452.02 GB) (Free:1031.79 GB) NTFS

\\?\Volume{bc482910-1514-4415-a922-9631669f2a92}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{c847343e-84fa-4e77-aad1-a43962b7b6fc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 1907.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15215
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#4 Příspěvek od JaRon »

tak kvalitne a silno zavireny stroj som davno nevidel :shock:
vypada to na nejaku staru kravinu alebo jej inovaciu
no pockaj na kolegu :)
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
lveecze
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 04 kvě 2020 08:49

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#5 Příspěvek od lveecze »

Ajajaj, tak to nerad slyším. :D Ne že bych netušil že to bude zavirovaný, přece jenom tam mám dost nastahovaného softwaru.

Bude třeba asi přeinstalovat komplet.

Díky za zprávu :p a ještě vyčkám na kolegu...

- Lev
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118265
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#6 Příspěvek od Rudy »

Pan kolega má pravdu. Nejprve spusťte tuto utilitu: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Stáhnběte, spusťte, nechte pracovat a po skončení akce smažte vše, co AVP našel. Pak budeme ještě dočišťovat, pokud se podaří ty šmejdy z toho vyházet.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lveecze
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 04 kvě 2020 08:49

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#7 Příspěvek od lveecze »

Zdravim, tak jsem prohnal počítač přes AVP, našel několik trojanů a také bitcoinminer, exe se jmenuje schvost a isaas, presne ty aplikace co zvyšují výkon. Při léčení a mazání byli tyto aplikace smazány, nucený reboot restartuje počítač, ale při spuštění se tyto aplikace v adresáři opět objeví a vpozadí se rozběhnou, správce úloh je opět zakázán a nelze spustit, přes editor registru toho ale stále lze docílit a aplikace vypnout, zbavit se jich tedy stále bohužel nejde...

Přikládám nové logy.

Děkuji za kontrolu,

Lev

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-16-2020
Ran by user (administrator) on DESKTOP-5CNBDP2 (Gigabyte Technology Co., Ltd. Z390 AORUS MASTER) (17-11-2020 16:35:28)
Running from C:\Users\user\Desktop
Loaded Profiles: user
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <12>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BdeUISrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe <2>
(NZXT, Inc. -> ) C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\user\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331040 2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: []
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: []
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-06-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [Voobly] => "C:\Program Files (x86)\Voobly\voobly.exe" --startup
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [] => [X]
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Policies\system: []
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\MountPoints2: {d9a7f775-262f-11ea-bd8c-0cdd24f3be65} - "F:\setup.exe"
HKU\S-1-5-18\...\Policies\system: []
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Print\Monitors\36C-0iSeriesPCL Language Monitor: C:\Windows\system32\KOAXJJAL.dll [25504 2020-11-05] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04765230-2A97-4733-A5B7-DC17260F5544} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {3073B57D-F41B-4E2C-A02D-1F118EB03465} - System32\Tasks\nv4drv => C:\Windows\system32\config\systemprofile\AppData\Roaming\9383523D61F54A2199EC652B76F90580\8B65E95AAC7245B5A2BA25017303BA2A.vbe [763954 2020-11-17] () [File not signed] <==== ATTENTION
Task: {3928F07D-CAE6-4281-B2A0-A5D717CB6E7A} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {549C5E75-6202-4652-A2E7-9EABE7554434} - System32\Tasks\Opera scheduled Autoupdate 1588926009 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe
Task: {68F3A5A8-A9F9-442A-B69D-D038486FE234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
Task: {6FD38BCD-176B-4AE1-96A2-BA66D986FC61} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [28678840 2020-06-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7661FE7D-23BC-4BF8-AA76-5EEF30DA5B1F} - System32\Tasks\Opera scheduled assistant Autoupdate 1590174025 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\user\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {7C7DFC01-90E9-4E54-8BC2-8B00C9F94968} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {87F85E3C-C4BB-46A1-A85D-10B668BCD297} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
Task: {90362DF6-A101-4F76-A72F-C061E2A356C0} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Task: {979E2088-5124-48CE-9FE5-BEFD4F6E0EAD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A3F814F3-6C62-4BFD-8EE5-6324CF350C6D} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe
Task: {A7853793-6991-4BB0-A423-4AEE6729A5D2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EB3CB31D-D02A-4A69-9B7B-0D41910186F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0bf7a325-c941-4528-8368-700194cb8264}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8a9bf6ab-39a1-4974-abbd-bf2eb4e85a86}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-13]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-11-17]
CHR Extension: (Prezentace) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-22]
CHR Extension: (Dokumenty) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-22]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-22]
CHR Extension: (Avira Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-11-17]
CHR Extension: (Avira Safe Shopping) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-10-28]
CHR Extension: (Tabulky) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-29]
CHR Extension: (MetaMask) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2020-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-16]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [545800 2020-08-14] (NZXT, Inc. -> )
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntivirProtectedService; "C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208024 2020-06-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [140280 2020-06-01] (ADAPP SASU -> Dokan Project)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 gdrv; C:\Windows\gdrv.sys [25640 2020-01-12] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-12] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 SaiHFF32; C:\Windows\system32\DRIVERS\SaiHFF32.sys [177536 2007-09-13] (Saitek -> Saitek)
S3 SaiIFF32; C:\Windows\system32\DRIVERS\SaiIFF32.sys [20864 2007-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Saitek)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1968-04-08] () [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45960 2020-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [376544 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 cpuz149; \??\C:\Windows\temp\cpuz149\cpuz149_x64.sys [X]
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-17 16:23 - 2020-11-17 16:35 - 000020725 _____ C:\Users\user\Desktop\FRST.txt
2020-11-16 14:43 - 2020-11-17 13:23 - 000000000 ____D C:\KVRT_Data
2020-11-16 14:42 - 2020-11-16 14:43 - 185992048 _____ (AO Kaspersky Lab) C:\Users\user\Downloads\KVRT.exe
2020-11-16 14:04 - 2020-11-16 14:04 - 074148317 _____ C:\Users\user\Downloads\Nahled9.mp4
2020-11-12 12:23 - 2020-11-17 16:23 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2020-11-12 12:21 - 2020-11-16 15:31 - 000000000 ____D C:\Users\user\Desktop\devirovani_listopad20
2020-11-12 12:04 - 2020-11-12 12:05 - 074042675 _____ C:\Users\user\Downloads\Nahled6.mp4
2020-11-05 14:08 - 2020-11-05 14:08 - 000000000 ____D C:\usr
2020-11-05 14:08 - 2020-11-05 14:05 - 000160672 _____ (KONICA MINOLTA, INC.) C:\Windows\KOBDrvAPIW64.EXE
2020-11-05 14:08 - 2020-11-05 14:05 - 000112032 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOBDrvAPIIF.DLL
2020-11-05 14:08 - 2020-11-05 14:05 - 000104352 _____ (KONICA MINOLTA, INC.) C:\Windows\SysWOW64\KOBDrvAPIIF.DLL
2020-11-05 14:05 - 2020-11-05 14:05 - 014863535 _____ C:\Users\user\Downloads\GEIT6PCL6Winx64_21130CS.zip
2020-11-05 14:05 - 2020-11-05 14:05 - 000000000 ____D C:\Install
2020-11-05 14:01 - 2020-11-05 14:01 - 072588025 _____ C:\Users\user\Downloads\GEIT6DSETWin_21130CS.zip
2020-11-05 14:01 - 2020-11-05 14:01 - 000000000 ____D C:\Users\user\Downloads\GEIT6DSETWin_21130CS
2020-10-30 16:38 - 2020-10-30 16:38 - 000000000 ____D C:\Users\user\Downloads\ur
2020-10-30 16:34 - 2020-10-30 16:37 - 1661255063 _____ C:\Users\user\Downloads\ur.zip
2020-10-19 10:45 - 2020-10-19 10:45 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses2.2020.wav
2020-10-19 10:45 - 2020-10-19 10:45 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses1.2020 (1).wav
2020-10-19 10:35 - 2020-10-19 10:35 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses1.2020.wav

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-17 16:35 - 2020-05-04 11:34 - 000000000 ____D C:\FRST
2020-11-17 16:34 - 2020-09-15 07:51 - 000003358 _____ C:\Windows\system32\Tasks\nv4drv
2020-11-17 16:34 - 2019-12-10 14:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-17 16:34 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-17 16:34 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-11-17 16:23 - 2020-05-04 11:01 - 002294784 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-11-17 15:49 - 2019-12-22 20:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-11-17 13:27 - 2019-12-12 14:55 - 001606106 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-17 13:27 - 2019-03-19 12:55 - 000682526 _____ C:\Windows\system32\perfh005.dat
2020-11-17 13:27 - 2019-03-19 12:55 - 000137244 _____ C:\Windows\system32\perfc005.dat
2020-11-17 13:27 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-11-17 13:26 - 2020-09-01 21:14 - 000000000 ____D C:\Program Files\Rockstar Games
2020-11-17 13:26 - 2020-09-01 21:14 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-11-17 13:26 - 2020-09-01 21:06 - 000000000 ____D C:\Users\user\AppData\Local\Rockstar Games
2020-11-17 13:26 - 2020-09-01 21:06 - 000000000 ____D C:\ProgramData\Rockstar Games
2020-11-17 13:26 - 2020-05-08 09:20 - 000000000 ____D C:\Users\user\AppData\Roaming\Opera Software
2020-11-17 13:26 - 2020-05-08 09:20 - 000000000 ____D C:\Users\user\AppData\Local\Opera Software
2020-11-17 13:26 - 2020-03-16 15:51 - 000000000 ____D C:\Program Files (x86)\Voobly
2020-11-17 13:21 - 2020-01-13 12:58 - 000000000 ____D C:\Users\user\AppData\Roaming\audacity
2020-11-17 10:46 - 2019-12-10 14:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-11-16 16:34 - 2020-02-27 20:59 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-11-16 15:22 - 2019-03-19 05:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-11-16 15:20 - 2020-09-26 17:28 - 000000147 _____ C:\Windows\system32\Drivers\etc\hosts.rollback
2020-11-16 14:34 - 2020-03-18 01:10 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2020-11-16 14:34 - 2019-12-25 18:25 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2020-11-16 14:34 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-11-16 14:09 - 2019-12-26 15:43 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2020-11-16 13:44 - 2020-07-03 13:58 - 000000024 _____ C:\Windows\system32\perfdish001.dat
2020-11-16 13:37 - 2020-06-10 09:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-16 13:37 - 2020-06-10 09:17 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-16 13:37 - 2019-12-22 20:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-16 13:37 - 2019-12-22 20:12 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-12 13:32 - 2020-06-10 09:17 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-12 13:32 - 2020-06-10 09:17 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-12 10:03 - 2020-05-08 09:20 - 000004202 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1588926009
2020-11-11 12:10 - 2020-05-22 20:00 - 000004454 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1590174025
2020-11-05 14:06 - 2020-02-19 11:11 - 000000445 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2020-11-05 14:05 - 2020-06-11 22:36 - 000025504 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOAXJJAL.dll
2020-11-05 11:24 - 2020-04-11 10:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-10-30 12:23 - 2019-12-10 15:06 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1742551912-4009820896-394807726-1001
2020-10-30 12:23 - 2019-12-10 15:06 - 000000000 ___RD C:\Users\user\OneDrive
2020-10-30 12:23 - 2019-12-10 15:04 - 000002358 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2020-01-06 18:40 - 2020-01-06 18:40 - 000000028 _____ () C:\Users\user\AppData\Roaming\kulerdata.json
2019-12-22 20:57 - 2019-12-22 20:57 - 000000410 _____ () C:\Users\user\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-16-2020
Ran by user (17-11-2020 16:35:55)
Running from C:\Users\user\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2019-12-10 14:04:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1742551912-4009820896-394807726-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1742551912-4009820896-394807726-503 - Limited - Disabled)
Guest (S-1-5-21-1742551912-4009820896-394807726-501 - Limited - Disabled)
LveeFix (S-1-5-21-1742551912-4009820896-394807726-1002 - Administrator - Enabled) => C:\Users\LveeFix
user (S-1-5-21-1742551912-4009820896-394807726-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-1742551912-4009820896-394807726-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\uTorrent) (Version: 3.5.5.45790 - BitTorrent Inc.)
ACA & MEP 2021 Object Enabler (HKLM\...\{28B89EEF-4104-0000-5102-CF3F3A09B77D}) (Version: 8.3.51.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-4101-0000-3102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0_2) (Version: 17.0.2 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_3) (Version: 13.0.3 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_1_2) (Version: 24.1.2 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_1) (Version: 9.1 - Adobe Inc.)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2_1) (Version: 8.2.1 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Age of Empires II Definitive Edition (HKLM-x32\...\Age of Empires II Definitive Edition_is1) (Version: - )
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
AutoCAD 2021 – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-2102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 (HKLM\...\{28B89EEF-4101-0000-0102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-1102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Autodesk App Manager 2020-2021 (HKLM-x32\...\{DB92FEA7-F78C-469E-B138-E2303220F0C4}) (Version: 3.1.0 - Autodesk)
Autodesk AutoCAD 2021 – Čeština (Czech) (HKLM\...\AutoCAD 2021 – Čeština (Czech)) (Version: 24.0.47.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{6774FD60-7D4B-4D57-BE56-2702A07C9701}) (Version: 19.1.22.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{6EFAD582-86C1-4AB2-97C5-2070D0B90E08}) (Version: 19.1.22.0 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk)
Avira (HKLM-x32\...\{4BC31208-EC3B-453B-8819-6B81AE3EC153}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{caade1ea-26aa-4e8f-a4f0-59cf0c0e91a5}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{BBD09B2A-FCDB-4CDE-8614-8C608EA68E94}) (Version: 2.0.6.34011 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.5.0.10950 - Avira Operations GmbH & Co. KG)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.75.1088 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.1001 - Disc Soft Ltd)
Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Hidden
Dokan Library 1.4.0.1000 Bundle (HKLM-x32\...\{97cfdb6c-2faa-43ba-afbc-469e01845e99}) (Version: 1.4.0.1000 - Dokany Project)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
F1 2018 (HKLM-x32\...\F1 2018_is1) (Version: - )
FileZilla Client 3.49.1 (HKLM-x32\...\FileZilla Client) (Version: 3.49.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Horizon: Zero Down CE (HKLM-x32\...\Horizon: Zero Down CE_is1) (Version: - )
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Ledger Live 2.10.0 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.10.0 - Ledger Live Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LRTimelapse 4.2 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.2 - Gunther Wegner)
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.69 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - )
Microsoft OneDrive (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version: - Mobirise.com)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NVIDIA Ovladač HD audia 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 452.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.06 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
NZXT CAM 4.10.1 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.10.1 - NZXT, Inc.)
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.00 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{0edb50a3-501b-40f9-b197-0d143fdef576}) (Version: 1.00.00 - Patriot Memory)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.3.377 - Jan Fiala)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.1030.1 - GIGABYTE)
SketchUp 2019 (HKLM\...\{E16DD37C-6FBC-F51F-702E-DD6E92D6ED68}) (Version: 19.1.174.20409 - Trimble, Inc.)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
Speciální aplikace Autodesk 2020-2021 (HKLM-x32\...\{2CBD494D-0A3E-4CB3-AFB3-8CE1734613B0}) (Version: 3.1.0 - Autodesk)
Star Wars Jedi Fallen Order (HKLM-x32\...\Star Wars Jedi Fallen Order_is1) (Version: - )
Uložit do služby Autodesk Web and Mobile (HKLM\...\{A9005AC0-4AD8-4E84-B1F7-EE38BB6BCC2D}) (Version: 3.0.26 - Autodesk)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-12-22] (Adobe Systems Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.10.5.0_x86__kgqvnymyfvs32 [2020-06-18] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.39.4.0_x86__kgqvnymyfvs32 [2020-06-28] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-08] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-10] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-06] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0 [2020-06-23] (Spotify AB) [Startup Task]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\user\Creative Cloud Files [2019-12-22 21:00]
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2021\cs-CZ\acadficn.dll (Autodesk Asia Pte. Ltd. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2020-01-22] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2020-01-22] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvshext.dll [2020-08-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1742551912-4009820896-394807726-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32original.dll [746496 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [9216 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29791771.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50904365.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29791771.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50904365.sys => ""="Driver"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-11-16 15:23 - 000000147 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

2020-02-19 11:11 - 2020-11-05 14:06 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-5CNBDP2.mshome.net # 2025 11 2 4 13 6 7 91

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Downloads\nebula-stars-universe-galaxy-space-4k-kx-2560x1440.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "Voobly"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9BD1688D-F015-4BFF-B69B-724F9F8E254B}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{744E7215-70B1-4E3B-B104-4B103618F9C0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A9C7CC83-3045-4013-AFDD-6A96C9781B02}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{83AD6374-B204-4C43-AC64-65B7B766F2FE}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{14D241B6-2C3A-4401-9A41-BA3E6798638E}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0F142F97-D1CD-462F-94B1-60FF56B8277C}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B8CA292B-7112-4E0A-A8E5-1817BCD71D66}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{512D5D3D-72C1-4233-8A68-012479E8BA99}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{29A39C55-CBED-4300-B456-FF6215D3A6C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D8CDB9F-F5C8-4FED-AD0E-F3E62108392E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6E5B978-7F6D-493A-A9BF-F08951D5E717}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{649B2B89-0708-4A63-A498-6282B156BAD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39302AD9-C980-463E-9136-CB594F225BC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A0556009-B2E6-4DF7-BF21-3FFF8C706300}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{28F7B461-6AD5-4565-ABCE-B8D4240398AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{420D6374-ED4E-492C-8A08-B1D6889F1935}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EAB62F56-B95D-47A2-8BE7-240DD674A1F8}] => (Allow) LPort=57209
FirewallRules: [{0D78786E-4AD7-4E94-B04A-CE594A70B726}] => (Allow) LPort=57209
FirewallRules: [{05C17314-70C5-49D0-B5CB-26F3F80418BC}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{CCB96B1B-6E6D-420B-9390-A73340F9646A}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{E8060679-1F6A-4902-9CF8-939579C9A817}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CE3D9500-519A-4855-BA4E-D6687459B430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA872217-B7BB-402B-BC6C-07DAE7B0313B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{99F38A12-9869-4E07-817D-7C0023AC0876}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A7A38650-67CA-40D3-8BA0-B47D240E21F4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3EEB1BA-D570-4A89-B1F6-846ED96F480D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2E98697-86D0-48B7-89B3-7C29F3EF91FB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C15BCD6-DF59-431D-B5CB-A563A022D700}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6693D73A-BC85-4B18-B3C9-F5437B5EE8D8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90686CE2-468D-4D26-ADAE-56F8D024FFDD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{85B96675-7A22-4A52-928D-B476326CFA64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD00405-6209-4148-9700-2FD6A8DCBF83}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA57B887-43DA-49C3-8604-67DF4B499C5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12026078-FE39-4991-9FEE-780B3F8EAFEF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1FBB77D5-49C7-4B6F-B2F7-496E3E0CCA18}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C0E3C5A-58DC-4C92-B129-CA4FD095FC1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E3D0B39-A317-4FA1-A438-8443246ACD9E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5CA7A743-1F98-400E-940A-1171230F7BDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{55F6DD0E-B26D-46B1-A489-34BCB480C8D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F7C34A2-BEE3-49F6-A88A-42B2BF8F172D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35A6B95E-01CB-4097-8273-4BAE99E1C5A9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4177679-C37F-4F32-A759-563ED3C91239}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F649F3B1-889B-4815-95AF-EACEAB649D04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{79C13A3A-B284-41DA-AC27-605B7A30028A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A2D36B-2DB3-4974-80C2-66F0B9E4ACCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{579925F4-098C-4147-9F42-78D488875BBB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E01663A0-F656-4EA5-A0BE-2EF42A77EF3C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0A98C4A5-BC2A-4B72-8E5F-78DFA8DE47BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{08FF7ACE-1F9D-4865-BB9F-20314C6EC19A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8CFFDE96-4BE6-4F6E-974C-EE74755B1DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3C6A3D61-2AD5-42DA-B1E3-B6BE37D86AD0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37424D89-F2BD-480D-A1D0-1EBB34FBC3D5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B40FE188-250A-4CE7-BF95-D564F3B67955}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FC92B4D3-3E5C-47E7-A0BB-DECAA18A16BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FAE2B80-9FB8-40A0-9210-BA4D9808B435}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4885BF58-D6D5-4598-8231-FCDC67758587}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AD11AEA3-298C-4809-9499-A5D64E6106E4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3143BF1B-44E2-4C64-BD00-26AE3C907B9D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{878A6058-75DA-4E0E-8165-E3D242C9E457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C88E5328-F6A8-4BD6-A651-C6A5873583C7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDC9F9F5-2E02-4680-AFC1-AC21D3A85D37}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{720C8B70-76CE-4E58-8655-D30FAC87A9A3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B8635EC3-1EF2-45E5-A5E5-2BD0771D92F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6A05C3F9-D01B-47A0-B8C8-B21081E6C2BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CC681-9E8B-4172-BF39-82BF9076B5EC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D8B90BF1-B6B6-472E-9230-CE9461E08FCB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FE724A51-78D4-4713-8C4F-4F0C418E5740}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD04E17-1820-49A3-991A-4DB12345676A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{901480C4-8085-4F2E-9E1C-4354A5AE7824}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BADFF8A8-6BE3-4F5C-9010-45D8BC257E10}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{54C62852-3866-425A-8974-DD137C016709}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D25DEC4F-8B28-4E58-AF45-71A10B62A108}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2F49045A-D98F-4B13-99C5-33BED226F5A0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CCA89-2824-4E02-AC36-0B1525CA8EA0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{442DB915-2F22-464D-B411-94588626CC64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9B721A11-27FD-43BD-9407-2B387F36D38E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F84A4198-EB82-466C-A168-CAE66956871F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CF097CA1-A952-49B9-A2B0-ADA6287F5054}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A7EA8353-EA93-43B2-92B1-CAD88CA79551}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{036BA130-3519-4F73-8DBC-B3AACD8DB888}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3201ACF-472A-4FB6-A9BB-B81749C1FEB6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F360A133-33B9-4193-9459-113B350C70F4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{061C4CFB-C53C-4BE6-97C2-B5C7F547C820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34431212-2BD5-4680-B03B-0957B8D5B8BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE85DDFA-2A81-4F61-B800-41476B128CD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BCAC6C39-6F93-4616-B77F-2AB8A20BA323}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{770AEF79-5AFE-475B-9B81-4C4DC68BEAD2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{18167C02-E63F-4B45-8912-8EBCCE3E65EA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4172828C-7B89-47A8-A348-EC2C102F2CC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD9FAD53-21AF-4736-98F2-8C983E43136E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{18986D83-2697-4897-8E09-5660B48F3B6C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8E41F5F8-7DEF-4755-A344-34474E7E9F55}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C28FF491-EF2F-42B6-9ADB-F34DBD534A68}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AA771E77-C1F1-401F-88FA-A300A3037ACF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6C96DBCB-2237-48A7-A5C0-15769D0B07E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{276C5790-37E7-4FDC-9FE1-FC21E45AA976}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{00B4B467-33A5-49C1-8AC8-B007CCE3F877}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9372497E-611B-42B4-B8DF-D87982AA1404}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D3FCD9C5-72D4-4A7E-BF4C-B0445A72277E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE01608F-6143-4D89-A6D7-950B0DE9D8E2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0F644069-662A-41EC-BA3A-8D1ED56D4389}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9509B8B6-014E-4ED3-88F6-609DCC2DBDC6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{350AF2A6-EE4C-4D7D-B742-98F15BF644C5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CDE5A90E-8E78-4F3F-9081-91DDCC7266B6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B4F0D6B0-5D6A-4069-AE9D-B6E904C85167}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34181C25-5524-4AF6-8A0D-75C51ED31EC1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7231E36-308A-456B-A7F5-28B2857362AB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2AE92CAE-7119-4E0B-A01D-D58D8459AE7D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C0B2F339-A60F-41BC-AA5A-EA05EAEF824B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{89BB97F7-B40D-4119-B03B-F48B8830E146}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9E4AF474-E0F3-4262-9EF8-C9B34DE229B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96567DA6-A1BE-4E6F-95A8-C38CF15469B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A824C622-5AD5-4975-8A3B-F58311B63BB2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDCF5B8C-F7AC-4528-9263-ABA123D223FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D2A876B5-0199-4CFD-8D13-CB522E79CC96}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{38E2BEAF-0EFB-432D-8CAC-FC80938DD72A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{40346FEA-D925-41DA-B3E9-C4E71D120B97}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35E9A5DB-D2F8-4F57-B819-2D73175A04BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8AC27493-5861-447D-B901-2BD5D8EECB20}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F787A928-C8D5-4E9C-B588-41F19D688312}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4185F2F7-DBFC-48D5-8C7F-1ADBFA016BCC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{520D5D23-256A-4471-8CB0-11969EFD1135}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8EA5CCB8-8D6A-4E38-9FED-F956D59020CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4C7A07F7-BF48-4BD9-8A1B-7015ADCFBDEB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{773200FB-460F-4069-A99F-664D94B24469}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2CEA6A60-7D10-414F-B101-751C8C83E465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{125AC86D-02F0-45E2-A97E-8409EC7674B9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6C6926D0-E30B-44E0-B8D5-3EB724EADED0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D133B3A0-981B-4678-A113-2EF20FBC0457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FFEBF088-8CEB-4A9A-AF37-2688A5E9E11A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D611E184-FC32-4304-8C91-7501BD8908BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7BE8A83F-F7A5-4C61-902F-4010B6023158}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C5CD4C48-C4DA-47A4-BEC9-071FDF75FF6B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{24B5433A-FED8-4E3C-97BA-D9C180A64768}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{734A6860-3EE6-4906-842D-143E9887CEE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F2EA9B-9E3C-4102-AC7F-FD1C1795CDFE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F37FFEC-0B13-43A2-84C4-4B646D9EF176}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E5CC67FA-19E6-4F83-948A-D009C8A18B88}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4BDDD8D2-42AB-428E-BCEC-4C01B3D4B0CC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3BA1451B-AA13-4B43-B392-E92E36626125}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8C313259-58C8-49FF-947C-F4D80A751215}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{318448A1-3C83-429A-9F3B-021BA33A43EE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4739447-D306-4DBB-998A-78CB0577EF90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81A840CB-0318-4D7D-B4D8-E75E88A9ABCD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2858D07F-BEAA-4EA7-9378-52444B5D99CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{31FA352A-F9E1-4B9E-B63D-744CF8BA7BE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6D3B0F8D-1401-4372-957E-09403998E79F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A17A8DE7-B422-47D7-B560-F7BDF081BA74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68D40B93-37EC-4159-B7DF-667B8F36EDF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FBAA1739-6B85-446F-8DFB-0940A90E6162}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0EB668E2-5341-4CDF-B897-46EBA2795F81}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A25E703-136D-48CB-B511-DFD4FDD16130}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BF601B49-FB4C-4810-B29E-EF866AD2F516}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5ACEE9E4-B8CE-4514-98E5-D6F399E89C3A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{815779EE-2F28-42A8-8B7D-C4209C1ADCD6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6776851-A029-47AF-B505-40F007F9AE77}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64461CA7-447B-4AB9-B95D-6A343C3A0F15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{139D42A8-7461-44CB-832B-7CEFC70C93AC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E91E0CB4-A551-41D6-B1A2-6E40EC94F2CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{46B0E176-66EF-4332-810A-C420CAF64BD3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C1B119D8-3286-49EF-8260-48390C4D4558}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0FEF8F77-00CD-4F10-AE53-7D1636B4E29F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64DF7967-D7BF-4DAD-A89D-A02C41CEE46D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{266F8A68-0C89-4447-B121-55FCE74067D2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C307E89B-35A6-41CB-B894-98404B583505}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F4A39CB-88C6-451C-A7AA-3021BA476C42}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{02631513-EC74-4C46-B68B-65254F26E0A8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C32467B1-43CF-4645-AD76-354DD515C828}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F41711A9-7A50-4C4F-8C5A-8665E251ABF8}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E068E0A0-AC00-4F7D-B6D1-4D09723556AD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{84797E1C-2CD6-4371-A50C-5391913A886A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D807AF26-5F66-4223-8622-1F0EDD6E6940}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C553AE03-037E-442C-8A62-C1E04F29F5DB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF2D469D-BFFC-42A5-97CF-08170726E728}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D8330800-6989-44C9-A109-93E242AE0BA1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA2D5F9F-972F-427B-AB97-0ECBF6358981}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3C07E4B3-0B94-4021-AC18-EE09F7C85F94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44AB58B6-67DA-471E-B9F8-E5653D307918}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93B5E2D6-4F92-42A8-B118-1B4CBCA8EDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{70A1D573-CC3C-455D-9FF2-68D36C266467}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{57F3E5F4-7917-4FD0-8B1D-CB1B14B9148D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A9346CD-495F-4A62-A804-DA2000FA069E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{59669864-A486-47C1-95FD-8986F0977865}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{084BCA98-28AA-4204-AC7C-EB80A3CDDA6F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{89F99DBC-FB51-48B3-B1F0-FE5391871425}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{073E9DFC-59C2-49BE-80A7-B6F791CA386B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7421FEDC-89F3-4A75-B2F9-76361368ED11}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4A7187A-3C77-4469-B5EB-3A7C75AD236D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2D975246-C996-40AC-B556-887A8E88B340}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7E7F0FF6-588A-4F98-8D73-51357AA357F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1C742B8-E559-4966-8CE4-D44B8D3394F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{50988007-3A7E-4373-AE9A-90616BCB3BD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EECAB14D-6712-46C7-92E0-DAC97BB5FEA5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E1DADEE7-C194-44D6-9939-2FA13DE4B10A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DD9FE108-BA7E-4A7C-9312-A2D1D46E758A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{975B82E6-5B0A-4FCC-BDC6-1002B163E24F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7F174BFD-2F67-47C1-8744-6D7C4E209040}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3AAC42BD-199D-43AC-9456-8E5C4DB2AB45}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5C3BB71B-7FD9-4BE4-BFED-97D86813C897}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EAF765AD-A50E-4D3B-83B9-A3AC1C624ED3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{90C95B4F-0E52-498D-B266-EA3041C00640}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2BC5CA36-8189-4470-8ED0-46E8B7470597}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BF56B21A-4053-4D37-8DE5-F165CB9F44D4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56DE8B56-F72D-40A8-81E4-87E4B5CDE820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{84304E27-EB46-4016-BCCC-F52924A38936}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BB00EF0F-8A54-4F39-B539-663403CE5065}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{389E90FE-C80C-40E2-B0A8-B98C644A8D94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7181C2A7-796F-426C-9C29-108E0B06E39D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C69BA621-4D21-47FD-B07E-A11322054696}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8B7B05F8-CEA2-4128-9CCE-0EF70FF2AFBC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{76A33309-7B20-453A-9AF1-151FF04C4462}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{009BC8BB-A465-463B-B6FE-A92565DEF0CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8B9D408C-EB3A-4DDE-8A19-B027FDD06057}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A70D8838-63A1-410B-A306-BBE08369C93E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A9EA6DB-CD92-430D-A939-1FC9472390FC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0359D6F7-C06E-47BD-94CA-08D08EF749F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8C05BA53-1037-472C-A95A-E832F8F6FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{07CEAFEC-3548-4A48-B2E5-3665DE033DCA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{AB962CEC-780D-4982-9D26-CBC9BFE78D08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E204097D-B536-4F17-93D4-2C76E758A103}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{25D783BE-F365-4974-B4FF-5C43DBA864ED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1803AA-2395-45A1-8685-AEB8EB4DF959}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{95259B6A-8C20-4093-BF5F-F077AF9B5F42}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{7779A226-79BC-4383-B87C-7C98B26BF7AF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA8C45BE-8F96-41AD-AC5A-D4FF121E272A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3EF5AB21-1BBE-4F0D-AF39-C582A58509B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2D37C8CB-2EC8-4B94-88FD-29990CAD03C3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1109DC2B-4195-46D4-99FD-ADAD0FF180FD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3F469FA6-9F22-4D35-8CBB-C1613E522E75}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4BE6A8AF-7FA9-4FA7-B5CB-0C3A514B3CD1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BEB89631-E0B6-4B4B-BCD4-815F197168A2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93880792-9F98-4834-BD4E-89EB01F0F977}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{69586EF3-278B-4F65-BFE8-B09EFD9D594C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0057568-4C53-4655-8AD2-EEFEC0BF85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C3AB9A61-A251-4F70-A389-9AB08DF17E4E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{361D4629-A693-42CE-9196-3FED53DF7874}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B76BC34E-8E15-470C-B794-D8961EE8FE80}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9997AFE9-3611-4E27-B62A-E2C5F6C29A5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E4AD3FE7-63E1-4EF4-BDAD-0A3CF5203C25}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FF88611D-8298-4D47-A246-3307C167FBCC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A3F86C-9721-4699-9196-3576216E177C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F9E1AC54-F3A2-4EF4-A369-108966CB944E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{52A3035D-0521-4FE4-B75B-744C2DE1CEE9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9C0E2022-71BE-4121-B5D8-E0FCE3989922}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB725E1A-5252-434B-B8B7-191597265C53}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{71F774CA-E850-45C0-83DE-0C9A4A63C886}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF29EC3D-766B-4745-AB6A-4B08837CF5FF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A2BD5333-1B71-4217-A62B-335964FE7628}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39B24053-8577-4EAD-94B0-22D3DC4ABAAA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C73413DD-E1B2-47C5-BCFC-DCC531B61222}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{723AAEFA-60D2-4BB2-8BFF-71DA488D9D33}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4074D0BB-B5CA-417B-9B3D-98A9AF5AAF5C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{803E7B71-B456-4A87-957D-49B190DC8A51}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C5053B5C-347F-45E6-B58C-AAE9CF5F344D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F25A49C4-200C-4C25-9051-DBE2C359DC27}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39C15A3A-5A60-4C33-BD3A-22D77A422128}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6148DCC4-600C-47A0-94F8-5943F9AEAF66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E959DB2-48A4-49A3-9B30-C1BFAEC962AA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{141A7DFC-0C1F-4BD4-B4F6-F7988685685A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19DCA1F7-6D29-4D75-80E5-F44024D08BA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19FC3ADA-4B75-4D07-AB13-F08362925836}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5C4791C4-E518-4230-A01F-C2414C63AE08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81023AFA-E62E-43D5-97E9-B57E7A092462}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E92F19E-9A0A-4A83-AF2C-3E2487B7A29A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37972A94-112D-44B2-9EEC-FD1A562F1D4E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{0A1E345E-3E71-4EE9-8331-EA2FCD89456E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{257C14F4-5B52-40A4-9C4E-1DF40490CAA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{88B083F6-1D98-453B-960F-266A2F92465C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DF60D76F-0AA8-41F9-BD85-7B51023AC935}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E1FD8CE4-0C7F-4156-9F89-9B43A462C5BA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D53D265F-0CDB-4A8A-8254-224439981465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6ED31868-E0D3-4316-A41F-F8FCF799A3CB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D7F33A0B-0226-4F95-8552-22951EA2C491}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C95CBF46-E75D-4BD8-9CD5-449C4BDFA357}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E3298CFD-0C0A-406D-BF18-31C193E4FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FBBA51CA-DDB5-4CD8-8F22-7B7D3738EFE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16EC3942-EBBA-4799-B01C-207AAD6CD1DC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D0FAD837-335E-4FF7-9BDE-9EC7ECB5DCC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9AAD431D-CE35-4B42-85D1-A7E1077E5BA3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FBDB4A3-165D-4C59-9370-A2D7D74394D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56C77ADC-201E-405A-BF3F-C9D1E8082946}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D253F002-9D3D-4750-A1C9-E0A2F0B22174}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4C698845-B2D4-447C-919B-6282047E7522}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C23FC826-1D12-4CE0-AB5A-5185CB63866A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D1A5571A-784B-465B-A136-7185F09A3DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1B5ECF0F-2BBE-48AB-BDEB-1BD9504DF6CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5233C978-0242-4969-963B-E3E7DC25F872}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27C49FC2-C98F-47D6-BF63-E9E69931BDC5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF312D9C-2CEC-4773-B1E3-64CD666312DA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E55EBD1-1164-4C94-98C7-F62B18CAA578}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC9FE827-EB93-415D-A337-D2ECA6DF61C4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2422A04B-3960-4BB8-B974-4569331DC550}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5955A54B-EEE8-4AC0-931A-3B0C22977189}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B98EBAC-4AAE-4069-BBD1-35AB28ADE153}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{32E9A472-96F3-4FCA-A86D-F47F37068BBD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{746F4716-A8BD-48C4-A78C-B6352B1E9D56}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3DF93235-0D89-423D-BF16-F1140FB00C99}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{77F06FBA-C837-4F8B-B651-B97590F3A69D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{609945A4-8335-4C84-8415-65C6C5D3B70F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB4954D7-528C-440A-85E5-AA5ED5223C15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D40FE577-B2F7-416C-A3F6-33BF0F179E8C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96456D34-1067-426D-891C-66817592CAE9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64CBC813-AB0D-48FE-9574-F29DE39F7CF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{ADEACD11-F389-42C6-A9A7-60F7610A33F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F872F10-4FE7-45DC-AE21-26162E036F0A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AAD3F11D-83C0-48A8-ABB4-DC470985BB6A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5C8BF79B-1B66-4E14-8BF9-672DCE0C932E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E812D21A-8D97-4E06-B3E9-66A3FB1A0159}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EC44547E-B9D5-4EF9-B231-D04E6F7CCDC2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{651B963A-38F4-44F7-86DF-D6C2CDFED7CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1E15E1E-7628-4536-BEC3-40D27C85048C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F4645668-F876-4CDE-833C-D10134A8FF9F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4A7ADEEA-458F-4F04-9023-81FDE320E758}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A462D1E1-1C3B-4B24-87FF-73889FDA2C91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{EE30CF95-536C-4962-B750-B0A4BBFAADB9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{91849CAE-18E4-493A-92D6-4536E0F45726}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4874916E-34BE-4FA0-A136-A9E6700E342A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{16D32B91-D9FB-4362-955C-9D024F4BF32F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B2718225-2525-4356-A1DE-E7665A7B1C8B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A694A77B-1F24-400F-BF56-C3B399BE93E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3666A9E-3DDB-4966-B014-D37BDD0262C7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6CD6DA3A-E6DF-4556-8D4A-FE84B675126D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B910521-AD7C-4B12-8904-3F009400C81F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5CBA1262-C4D3-4DC5-BCCB-6B4F2D9BF731}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F09AAEA6-564A-4F01-BC56-9256476D6144}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3F506A86-1BCD-427C-988B-5069F8A00110}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1F97C1-2833-46B5-A0FF-FD4BDC34AF48}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6AE9B749-DE0E-4EC8-B425-9591A70458B1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4096B082-1F76-40FB-8D6A-31D411B43E66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E27FF460-D153-485D-8BF2-02BB20289EF9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C8CDD6E7-261C-470B-867C-2E0A305C081C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{56EDFFAD-7643-4300-AD15-8D0DF89B509D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BDE4B3F0-AFCE-42B3-80E3-8A5D1E3DC545}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3523ACA9-6A88-4243-80FE-0BAEF7EC3AED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F6F9B417-4F87-4A0D-990A-A417237974AD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{60C7F46C-86B7-435F-A7B4-3CC75CF312F7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B3AE992-4209-40FC-9A97-59965AED1420}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4D7FD718-4C5C-4DE5-9A9A-3337FD7A87B6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FD682FC4-77F5-4D7F-B096-36B86B48B661}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{073E09BB-E824-42CA-8C86-31FBA6BF6870}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D4B1AADB-78A9-4CA3-8724-0C10207A7FA2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{03000EEB-9C0B-4616-B1C9-C4B95E27ACA9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{14B8C861-3323-4CCD-B033-807F07ABC68A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{52E04AB4-13EC-4829-8507-28EBCF36E97C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9D8F66D5-0F93-45D7-82DB-AC62140FC173}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B7896EB-8B29-460B-9E03-D2FFDD7D85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A5245F2F-00D3-49A1-9FE0-0706FA69A520}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82B6597E-25ED-4816-BF52-E01F28D24C0D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{99D7983F-8E02-4D0C-9DCB-B53673EBDA87}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BE2A5392-25B7-48BB-92CC-3BF605CDFEAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF6438AC-9B0E-43A2-BB05-A65580E5EFAD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8DDB52EA-3303-43A1-9EDC-817297CB3593}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{675FE2CF-1F47-4BE9-B392-8F0B31FAD5E6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{3CBF9CCA-5F80-4E75-A9A0-295526FB0024}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{24788B50-A810-4FF7-99AB-A2844A149455}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2FC56437-09A6-43F4-84D2-0D67860B0EBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1D391574-36D1-48FA-A8A2-6FA5FA3D5D0D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68AB5D62-BB5D-4A7A-A2E4-2185B6F70715}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C92BEAD4-3475-42AD-B89C-8C8F8BCF48F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BEF849B6-9E6E-4FE0-A255-5DDD4DC31BCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DECC2FC6-4BDF-4A10-A0DD-2B01BA9D1F9E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{ABF23583-84C4-4195-9717-C3A754A4080C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{DC5BBDA3-A588-49E0-9A49-E19FB030F7D0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82DC9BA7-67A8-4CF3-8E66-AD4F645B9BD7}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4713757-C8F4-4BB7-AA27-BE340650CBBF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{239D823A-F643-4ECC-B394-B09068D9A8C6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C3CD3FD0-64C7-4511-8FBD-76FF0FD66D32}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F2ADED2F-45B6-422D-862F-F68D7BD97980}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BA717979-DC63-46A6-A1AD-1B9B64BBE8F0}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4DCE49F3-0073-45B7-8461-D76677618657}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C2413AE8-D003-4572-9067-D6EE13877D27}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6B321238-2F61-47A4-AEBE-FB48275835A1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A5438A7C-51A7-499F-844B-96A81D5FA6AF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81667A2E-E3F0-4243-9648-CEA95B853A3D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D8FE785-F51B-46E4-96E6-26D6ED316E1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7ACB403-97E2-4D0F-91DE-AC15D02AD251}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6E25349A-4B56-4293-9C0A-D04702DDE989}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{03F9E784-9C27-4BF3-AEFB-C7BB36E7EDC5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F0E28111-9CB1-4AF6-9DD0-AD89E5523515}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C4CBFF02-0D55-477E-BB97-F5E2ECD5F8C1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6007E736-3FB7-4AC5-8DDA-55C5B56FD03E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56CFF1CA-7157-453A-B843-04B36534BEB1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{54AE2208-02EC-4DE3-8D86-B363AADACDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D294E64-C01B-476D-B7DF-ACA34AC060BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4D845892-A583-419D-878A-3E195991DFC1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{566D0F56-ABFE-4A36-B0D1-35A401B8103A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{59E4BD35-84B3-4B09-864D-BCEDACE5E6E5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{577EB62D-EB01-4216-BB8D-D8838AA865BE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1121756E-15C6-4BF2-805E-8E4CE9B64569}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FEDDF0C7-87D3-45E2-87F6-EBD00B7BF63F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE754F0C-A0CE-4DEB-BF69-BFBF3111E802}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{86C4C530-B837-4F9D-92A6-32759F502E04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6896D75A-0444-4EE8-8C1B-DCCAE7E7F098}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2A3580EB-2695-46FE-9732-9905265834FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B85806F1-B486-4F61-8895-E9C8187CF088}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DDFBACCA-6900-4407-BDCE-FC31C27F1556}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16F4D5FD-01EC-4421-A669-63D2F5C77498}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{87D8DB73-BAA7-46EC-8A4A-3BEF9ECC1777}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1BD9A2D6-358E-407E-ACAF-2F5BF9936FDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8E629903-E2B9-479E-BD3D-D732F2438C64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8D62C98A-150B-4F74-945B-B1A637B99B91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0B238E8-A51F-4C56-8274-84E171289191}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5516882F-5FEB-4791-B8D7-10F9D546627D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8CCAC162-DE65-4BC6-A17F-30BE34E0D74E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5E36DD0C-D880-4ACC-9226-BC9C8BA375B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E5DCD26-9E3E-49A1-879F-977BFB030778}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F0525C-5AA4-4DF2-B96C-A45AC509304C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DDD5698E-5A63-4775-A08D-81C9CE62190A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{024DFB98-03C7-40AD-9BA2-E9E9194E9E3C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{616E2CE4-941F-470F-9722-646ECEA80935}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{388380E2-E380-499E-BC16-C1BCE07CDF43}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{612D849E-C56B-4298-97B5-F2EDBD5FAD79}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F0B6C457-1AEF-4956-AA40-401FAFDFE3BC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E864A38-979D-4EB2-B1E7-B850BB1EEB40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{409757AE-F7F3-4815-BC60-94F0157E6F0E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{155FE014-683D-4EA7-A93C-7B094D861EE1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D1B89A-194E-4489-B133-EB057E711E22}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{8ABD21F9-2415-47BE-A4D4-9C6E9CB540D4}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{11F49C31-A45D-45AA-BD31-95FB186E8C52}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9A3F164D-6002-4D17-99A0-30441DE3A6E3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{10080AEF-019B-43A6-BDA0-2BF3BCE369F8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9870AC12-796A-487F-9FDD-7DB0BD11BB33}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2634E034-DF42-4647-8CA0-255D70B55C4A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2ABA316F-95F9-44DA-861C-B8BED415E6B7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D404EDC1-B880-403F-8FC9-E0CFF1723A46}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{9A2E80A0-1541-45CC-9761-61366B3F7187}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1630523-66F0-45E7-A943-DC3724760AFF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{20C329B5-FE3C-4BB0-942D-E74E25CB2A1C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A63E5332-2470-41A9-8268-5F06C4F036CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A6385D6F-2C95-48AD-8D4C-6A7A4BD90B7E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9CEBB5B8-90FE-4159-AE07-5DE5A06949E9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC497F0A-867E-4D60-A664-A50E14FED4D6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E452FF31-71CF-477B-A819-F275602F48F2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{06D8F132-B4EE-4C72-ADB0-3BD4788444DB}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9B9E1F82-36CD-446A-A052-EE8603D628DF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD466303-A69F-400B-AAE8-1B1DD1708BE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{80B3DC9B-8875-4633-9AE3-D3E723D0CB1C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9745B821-914C-4B9C-BDC2-E74570A4A5FA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{126538A9-EF8B-4B5F-A105-BCC838A2D77F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{44F5EA72-2B61-4131-8244-F5C312E0DE7C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{407D8712-F7CA-4217-85A5-6A976FECC06D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E6DF2C0D-3E76-4C32-992B-16E1F5203C34}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{300286F5-174B-4948-BFB4-EF0C34C81F4F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{10675BEB-3A8E-4025-9E3B-271B33F21DAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BBE95EED-08B7-4DDD-B7C5-0D768253F9D7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EE72182E-4826-47FE-9508-C42B4440A868}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D62490-8010-414C-8C18-1F03C30115B2}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{396E43E5-DE02-451F-B256-DD574635CA38}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AB347484-2AA2-48E1-8B82-7C848FDA4915}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82AD3F7B-B164-43CE-A629-275A13ABE9C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{388AED80-2F56-4098-8F6A-669A49930C74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E490060-76CB-4931-93AB-FBA7C00782B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A86E42A-BE42-423D-A3E5-D3252DC55524}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6F3A854B-73A1-4B59-88D1-BB044587FA40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44020F35-B74E-43BC-9029-3A5BD73B61B7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{39A19D55-3C21-4B75-9D22-786640A00F1B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{009C2814-9608-435E-B73D-60C18BF54BBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4D16A462-5E7F-4644-A9DE-F6CBFB1E0428}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C64395DC-4F70-4487-B6A8-825F9CE35F06}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE2FDC7A-B454-4F29-AAEB-A8BECC10477A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90D9CB1B-EB5F-4CDC-A5F8-B9B22752A584}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37F31451-4220-4086-89DC-B58FAF55E859}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A46049F8-9C79-42D0-84D1-A7410FBF0E12}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C7DA7110-1E98-42CF-93D9-895280050B28}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D4F69536-5C00-4B57-AF6C-B3A67E87ADFD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6AA9E4A2-D09F-4288-AC0B-B034F32086FD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FA765916-6593-4AA7-9449-B59EC422759D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{729F3F4B-F3C9-4CE4-A3D0-5C18A4A0BE5C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9C3E0F65-24E4-4D8F-9B0D-DC45C363E4FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{614260BA-E91A-4586-B0FB-A43CDB9DDF81}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{946BE8CD-F780-4C12-B7E1-50EFFB323DE9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6DD6537F-AB9D-4382-A9FE-1BBC6DCD705D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B4B21132-DFD6-4B45-85B1-88D2CC22125A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F1AFD4EA-91DD-4733-A660-4484C50549AE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C93ECEE6-C1B1-4195-B036-2C84BDF4D476}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{982CD324-7841-4014-9061-4C61CAA84B41}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{97450C8F-202A-443C-8BB2-3E8C00316180}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12FCE835-4E59-415D-8FD8-DF4DF53855BB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF2EDF1B-DB2E-4D2B-93FF-2E9BCE782AC3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C970DBC3-8B00-4644-BCA2-DAB874CBB923}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E8BFFCEA-1C08-4EB1-9D26-4D58A7F1117F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E465ECBB-775D-429E-9B96-55529E550508}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A402C1CC-4291-4C6C-B8B4-98E60ADEC9F6}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.186\opera.exe => No File
FirewallRules: [{5B1C41ED-3183-4AD3-A078-42DFD241A17D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{73E87491-7F58-4B31-BC68-9D895F516430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EAFD9316-0F72-4952-AF7D-C2C5E1C88DE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6C042D8-BCD9-4683-B244-CE4E8645A2F6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27B4157E-65CE-4EBE-B910-888B69DB3F5E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2099E6D5-3318-4A46-BE2A-0BFC8064A552}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{7B860FE3-785B-4751-B8FD-9DF143593F02}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5664C3C5-D48A-4084-B2C5-1AA8E583AE3C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6387C489-EC66-4DB9-9E04-8CCB5B0F66E9}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0C3E4428-7724-4C6C-9816-7EC95B29D9BC}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{42638945-DDF2-43AD-B502-45B851E94E06}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2ABB9A40-F36C-494A-949E-4C75B5C6F353}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{347AF792-9D11-4DA3-94FC-5E4E8AE56443}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5EF0AC3-3AF8-4BC9-B1F9-14CB1D34F9D9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{53BB179A-1FB6-4665-A969-2440FC1DC175}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D955CA21-A1E2-4418-BCCF-9255AD57453C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4E3F5EBC-680B-4EF2-9EC3-4E7110F26F9F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{94396FBB-22CE-4842-9E73-695103F85521}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C919BE96-F587-4588-AED4-935E8FA6A0C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4F1D7D86-BAFC-460B-9C43-3576599F104A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EF7E039D-A68E-4E45-A349-36689BEE6774}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1155DBED-0BA4-4D0E-A7FE-E1B3B68EEB0C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{719385F7-C431-4E17-AB19-2075DA235EE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BB77705C-910B-4DB8-A446-1D866958AFF8}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1AB89C7-0298-4B9B-8DBD-BC28601EF3A5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AF0D50D0-C945-43DD-9F98-86EFEEAF1A32}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{58A9291F-CDF8-461E-B092-9E2004F6B80C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{75552F21-D1C2-440C-977E-07480CD45451}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C9A9BA6A-D91E-4D27-8A58-D188D0675C90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CBC1070F-1093-4FAD-92C7-711709080DEA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C78B4763-40FF-4E46-9D55-EE7A5C56331C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5F524D7-D387-40BC-A6D3-434C8B6AF3BA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6AAF572A-A5AD-4EE3-8481-B542B7BE46D5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{451F4261-A951-442F-9326-0E0F75229971}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{399D0680-750E-4F88-BD29-68F44937FC17}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{986C6A7E-117E-41B0-AB79-1EC3F50797A0}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{C3A821EC-7074-468A-8CA5-2E409880E64D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2948DDA3-09D1-4988-B1EE-FA4AF36A432C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{82814382-122D-4EAE-AFE3-28E88C8C09CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0BC232FB-2A22-462B-97C1-E0241C1EEA5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9899101B-FCC3-4F2F-97B3-389F2A890278}] => (Allow) C:\Windows\system32\winrmsrv.exe => No File
FirewallRules: [{38703C78-88F1-44C1-B76F-C3727CD4156D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4CC27C3F-E61A-4902-A6A9-E991BA34EC42}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FDE38FBD-71DA-4232-88A9-A4EC5DC6880A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F8A14AA9-8E6B-427F-9AB8-F12DF70FE87A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{11F955C2-4207-4E47-B81C-4EBC807A269E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8D599D53-9CFE-4F43-AF38-6EDFE7135CED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{21A6E14D-8133-4CBB-8E69-AC2C005AC97B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B1A3F10B-58B4-4369-9107-4A62AD23E44D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{CF5C2D96-FF04-4C3D-ADF3-6921BF2BC518}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4F34B347-66AC-49D8-B2F4-2B3101C5CFDA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{531CDDE7-07B9-4902-9269-B70343139BFD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F4AAF38E-22BB-4049-9B78-96D8C5366351}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{468A3692-95AB-4F1E-8D6C-FEB42DC54BB6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B947F9BF-1F27-4283-A7FB-41E03BDA48FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{86F879EE-9A2F-411E-8BDC-3C763697B7F3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{3FD5CFC2-EBEA-4434-BA63-CABF70928334}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D31910AB-2355-4959-8322-B9C5750E6649}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6CFE3718-5CF8-42D1-88F9-02218A186A0A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FB564A91-66C5-4609-8F07-4D8E417A757F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{11C3DFFC-4661-40A7-96F2-6EB54F21BBA3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FD20FD98-A814-4D58-821F-4E56141AE64E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{59B3F812-1A50-497E-90EC-BE6DB5370F79}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{76B3CE01-4E2A-417F-B871-124F5E9F1B72}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4458735B-367D-43E7-9798-EDFF7ABF9121}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A4707D71-E154-433E-9AFE-A8F7F23ABBB6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E6C4AF48-50C2-4064-ABF5-C62D7D1F7C50}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{974DE7B1-4ABC-4C59-9970-712283021675}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{CB5586A2-5AE7-431B-A2DC-0335D127F7BC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4B646D31-5753-4279-B25F-7C70403B9F10}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EDF0B63E-74F0-4DB3-819E-8CE3D01B661B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B4B81CB0-B126-4F91-AE94-070BAFA983CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{409BD531-2F26-4877-AF12-584E132FD617}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{24FB95B4-6811-4BF6-82B5-4121D7A44945}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6D9696FF-1155-4138-AF82-E1B67478F4A2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{46E4AECC-3A85-48EE-B355-F56C15C9153F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{58700B2D-2328-4656-9789-AD817C2644A1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{00C5D01B-B8DC-4690-9836-59DF79ABDEB1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5B708ABA-27E0-44BE-ACA2-341900EFA83F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{548A53A9-D168-49F6-A2B2-C68482E74A71}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C104E1C1-A3C0-4A2E-BF32-9E157CC4EC67}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3358A12C-419F-48AA-AC8F-CD2AC5515C8E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]

==================== Restore Points =========================

02-11-2020 10:39:16 Naplánovaný kontrolní bod
11-11-2020 13:22:52 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/11/2020 03:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: javaw.exe, verze: 8.0.2310.11, časové razítko: 0x5d987068
Název chybujícího modulu: J7GB1548872857273787995.tmp, verze: 0.0.0.0, časové razítko: 0x5278cf66
Kód výjimky: 0xc000041d
Posun chyby: 0x00000000000089d2
ID chybujícího procesu: 0x368c
Čas spuštění chybující aplikace: 0x01d6b834e334ce99
Cesta k chybující aplikaci: C:\Program Files\Java\jre1.8.0_231\bin\javaw.exe
Cesta k chybujícímu modulu: C:\Users\user\AppData\Local\Temp\J7GB1548872857273787995.tmp
ID zprávy: 10ca0119-c922-4a20-a9a8-b34d7d7c4c0b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (11/11/2020 03:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: javaw.exe, verze: 8.0.2310.11, časové razítko: 0x5d987068
Název chybujícího modulu: J7GB1548872857273787995.tmp, verze: 0.0.0.0, časové razítko: 0x5278cf66
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000089d2
ID chybujícího procesu: 0x368c
Čas spuštění chybující aplikace: 0x01d6b834e334ce99
Cesta k chybující aplikaci: C:\Program Files\Java\jre1.8.0_231\bin\javaw.exe
Cesta k chybujícímu modulu: C:\Users\user\AppData\Local\Temp\J7GB1548872857273787995.tmp
ID zprávy: b03a36d2-6317-4a69-a4d6-f0e14ddaf44e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:

Error: (10/26/2020 12:18:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/26/2020 12:18:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.

Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]


System errors:
=============
Error: (11/17/2020 04:36:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.

Error: (11/17/2020 04:36:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.

Error: (11/17/2020 04:34:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/17/2020 04:34:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.

Error: (11/17/2020 04:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba AntiVirMailService závisí na službě AntiVirService, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/17/2020 04:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AntiVirService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/17/2020 04:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba AntiVirWebService závisí na službě AntiVirService, která neuspěla při spuštění v důsledku následující chyby:
Operace byla dokončena úspěšně.

Error: (11/17/2020 04:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AntivirProtectedService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
===================================
Date: 2020-03-10 19:58:13.183
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {078A4708-937B-4A38-944F-8995F3777010}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-09 11:37:13.201
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {9F8AD6FA-51DA-443F-AEA6-1F99184B015A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-08 22:13:33.442
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B0C2DA71-3C9F-4818-9E58-16F19F2F1A86}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-06 09:55:54.648
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2C6C338E-C950-4942-88E6-19D1D93985AE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-04 21:52:17.253
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {630B2D30-1C43-4513-8AA1-D3F615F19A38}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-02-21 11:03:45.553
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072f8f
Popis chyby: Došlo k chybě zabezpečení.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:56:52.865
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

CodeIntegrity:
===================================

Date: 2020-05-26 20:54:44.290
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-13 00:24:44.488
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:21:37.810
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:20:30.940
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:12:05.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:11:45.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:05:48.478
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:01:39.489
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 06/05/2019
Motherboard: Gigabyte Technology Co., Ltd. Z390 AORUS MASTER-CF
Processor: Intel(R) Core(TM) i9-9900KS CPU @ 4.00GHz
Percentage of memory in use: 12%
Total physical RAM: 32699.06 MB
Available physical RAM: 28587.79 MB
Total Virtual: 42939.06 MB
Available Virtual: 37235.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.31 GB) (Free:257.47 GB) NTFS
Drive d: (SSD_media) (Fixed) (Total:1907.71 GB) (Free:1136.38 GB) NTFS
Drive e: (HDD_media) (Fixed) (Total:7452.02 GB) (Free:1030.67 GB) NTFS
Drive h: (LaCie ) (Fixed) (Total:3725.9 GB) (Free:2569.58 GB) NTFS

\\?\Volume{bc482910-1514-4415-a922-9631669f2a92}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{c847343e-84fa-4e77-aad1-a43962b7b6fc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 1907.7 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 5 (Size: 3726 GB) (Disk ID: 1BE886AD)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118265
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#8 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: []
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: []
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [Voobly] => "C:\Program Files (x86)\Voobly\voobly.exe" --startup
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [] => [X]
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Policies\system: []
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\MountPoints2: {d9a7f775-262f-11ea-bd8c-0cdd24f3be65} - "F:\setup.exe"
HKU\S-1-5-18\...\Policies\system: []
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {3928F07D-CAE6-4281-B2A0-A5D717CB6E7A} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {68F3A5A8-A9F9-442A-B69D-D038486FE234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
Task: {87F85E3C-C4BB-46A1-A85D-10B668BCD297} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
S3 wuauserv; C:\Windows\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => -> No File
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
FirewallRules: [{05C17314-70C5-49D0-B5CB-26F3F80418BC}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{CCB96B1B-6E6D-420B-9390-A73340F9646A}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{E8060679-1F6A-4902-9CF8-939579C9A817}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CE3D9500-519A-4855-BA4E-D6687459B430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA872217-B7BB-402B-BC6C-07DAE7B0313B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{99F38A12-9869-4E07-817D-7C0023AC0876}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A7A38650-67CA-40D3-8BA0-B47D240E21F4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3EEB1BA-D570-4A89-B1F6-846ED96F480D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2E98697-86D0-48B7-89B3-7C29F3EF91FB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C15BCD6-DF59-431D-B5CB-A563A022D700}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6693D73A-BC85-4B18-B3C9-F5437B5EE8D8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90686CE2-468D-4D26-ADAE-56F8D024FFDD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{85B96675-7A22-4A52-928D-B476326CFA64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD00405-6209-4148-9700-2FD6A8DCBF83}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA57B887-43DA-49C3-8604-67DF4B499C5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12026078-FE39-4991-9FEE-780B3F8EAFEF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1FBB77D5-49C7-4B6F-B2F7-496E3E0CCA18}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C0E3C5A-58DC-4C92-B129-CA4FD095FC1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E3D0B39-A317-4FA1-A438-8443246ACD9E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5CA7A743-1F98-400E-940A-1171230F7BDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{55F6DD0E-B26D-46B1-A489-34BCB480C8D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F7C34A2-BEE3-49F6-A88A-42B2BF8F172D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35A6B95E-01CB-4097-8273-4BAE99E1C5A9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4177679-C37F-4F32-A759-563ED3C91239}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F649F3B1-889B-4815-95AF-EACEAB649D04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{79C13A3A-B284-41DA-AC27-605B7A30028A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A2D36B-2DB3-4974-80C2-66F0B9E4ACCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{579925F4-098C-4147-9F42-78D488875BBB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E01663A0-F656-4EA5-A0BE-2EF42A77EF3C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0A98C4A5-BC2A-4B72-8E5F-78DFA8DE47BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{08FF7ACE-1F9D-4865-BB9F-20314C6EC19A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8CFFDE96-4BE6-4F6E-974C-EE74755B1DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3C6A3D61-2AD5-42DA-B1E3-B6BE37D86AD0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37424D89-F2BD-480D-A1D0-1EBB34FBC3D5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B40FE188-250A-4CE7-BF95-D564F3B67955}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FC92B4D3-3E5C-47E7-A0BB-DECAA18A16BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FAE2B80-9FB8-40A0-9210-BA4D9808B435}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4885BF58-D6D5-4598-8231-FCDC67758587}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AD11AEA3-298C-4809-9499-A5D64E6106E4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3143BF1B-44E2-4C64-BD00-26AE3C907B9D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{878A6058-75DA-4E0E-8165-E3D242C9E457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C88E5328-F6A8-4BD6-A651-C6A5873583C7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDC9F9F5-2E02-4680-AFC1-AC21D3A85D37}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{720C8B70-76CE-4E58-8655-D30FAC87A9A3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B8635EC3-1EF2-45E5-A5E5-2BD0771D92F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6A05C3F9-D01B-47A0-B8C8-B21081E6C2BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CC681-9E8B-4172-BF39-82BF9076B5EC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D8B90BF1-B6B6-472E-9230-CE9461E08FCB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FE724A51-78D4-4713-8C4F-4F0C418E5740}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD04E17-1820-49A3-991A-4DB12345676A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{901480C4-8085-4F2E-9E1C-4354A5AE7824}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BADFF8A8-6BE3-4F5C-9010-45D8BC257E10}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{54C62852-3866-425A-8974-DD137C016709}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D25DEC4F-8B28-4E58-AF45-71A10B62A108}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2F49045A-D98F-4B13-99C5-33BED226F5A0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CCA89-2824-4E02-AC36-0B1525CA8EA0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{442DB915-2F22-464D-B411-94588626CC64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9B721A11-27FD-43BD-9407-2B387F36D38E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F84A4198-EB82-466C-A168-CAE66956871F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CF097CA1-A952-49B9-A2B0-ADA6287F5054}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A7EA8353-EA93-43B2-92B1-CAD88CA79551}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{036BA130-3519-4F73-8DBC-B3AACD8DB888}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3201ACF-472A-4FB6-A9BB-B81749C1FEB6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F360A133-33B9-4193-9459-113B350C70F4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{061C4CFB-C53C-4BE6-97C2-B5C7F547C820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34431212-2BD5-4680-B03B-0957B8D5B8BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE85DDFA-2A81-4F61-B800-41476B128CD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BCAC6C39-6F93-4616-B77F-2AB8A20BA323}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{770AEF79-5AFE-475B-9B81-4C4DC68BEAD2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{18167C02-E63F-4B45-8912-8EBCCE3E65EA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4172828C-7B89-47A8-A348-EC2C102F2CC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD9FAD53-21AF-4736-98F2-8C983E43136E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{18986D83-2697-4897-8E09-5660B48F3B6C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8E41F5F8-7DEF-4755-A344-34474E7E9F55}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C28FF491-EF2F-42B6-9ADB-F34DBD534A68}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AA771E77-C1F1-401F-88FA-A300A3037ACF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6C96DBCB-2237-48A7-A5C0-15769D0B07E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{276C5790-37E7-4FDC-9FE1-FC21E45AA976}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{00B4B467-33A5-49C1-8AC8-B007CCE3F877}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9372497E-611B-42B4-B8DF-D87982AA1404}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D3FCD9C5-72D4-4A7E-BF4C-B0445A72277E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE01608F-6143-4D89-A6D7-950B0DE9D8E2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0F644069-662A-41EC-BA3A-8D1ED56D4389}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9509B8B6-014E-4ED3-88F6-609DCC2DBDC6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{350AF2A6-EE4C-4D7D-B742-98F15BF644C5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CDE5A90E-8E78-4F3F-9081-91DDCC7266B6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B4F0D6B0-5D6A-4069-AE9D-B6E904C85167}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34181C25-5524-4AF6-8A0D-75C51ED31EC1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7231E36-308A-456B-A7F5-28B2857362AB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2AE92CAE-7119-4E0B-A01D-D58D8459AE7D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C0B2F339-A60F-41BC-AA5A-EA05EAEF824B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{89BB97F7-B40D-4119-B03B-F48B8830E146}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9E4AF474-E0F3-4262-9EF8-C9B34DE229B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96567DA6-A1BE-4E6F-95A8-C38CF15469B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A824C622-5AD5-4975-8A3B-F58311B63BB2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDCF5B8C-F7AC-4528-9263-ABA123D223FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D2A876B5-0199-4CFD-8D13-CB522E79CC96}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{38E2BEAF-0EFB-432D-8CAC-FC80938DD72A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{40346FEA-D925-41DA-B3E9-C4E71D120B97}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35E9A5DB-D2F8-4F57-B819-2D73175A04BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8AC27493-5861-447D-B901-2BD5D8EECB20}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F787A928-C8D5-4E9C-B588-41F19D688312}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4185F2F7-DBFC-48D5-8C7F-1ADBFA016BCC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{520D5D23-256A-4471-8CB0-11969EFD1135}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8EA5CCB8-8D6A-4E38-9FED-F956D59020CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4C7A07F7-BF48-4BD9-8A1B-7015ADCFBDEB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{773200FB-460F-4069-A99F-664D94B24469}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2CEA6A60-7D10-414F-B101-751C8C83E465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{125AC86D-02F0-45E2-A97E-8409EC7674B9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6C6926D0-E30B-44E0-B8D5-3EB724EADED0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D133B3A0-981B-4678-A113-2EF20FBC0457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FFEBF088-8CEB-4A9A-AF37-2688A5E9E11A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D611E184-FC32-4304-8C91-7501BD8908BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7BE8A83F-F7A5-4C61-902F-4010B6023158}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C5CD4C48-C4DA-47A4-BEC9-071FDF75FF6B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{24B5433A-FED8-4E3C-97BA-D9C180A64768}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{734A6860-3EE6-4906-842D-143E9887CEE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F2EA9B-9E3C-4102-AC7F-FD1C1795CDFE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F37FFEC-0B13-43A2-84C4-4B646D9EF176}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E5CC67FA-19E6-4F83-948A-D009C8A18B88}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4BDDD8D2-42AB-428E-BCEC-4C01B3D4B0CC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3BA1451B-AA13-4B43-B392-E92E36626125}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8C313259-58C8-49FF-947C-F4D80A751215}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{318448A1-3C83-429A-9F3B-021BA33A43EE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4739447-D306-4DBB-998A-78CB0577EF90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81A840CB-0318-4D7D-B4D8-E75E88A9ABCD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2858D07F-BEAA-4EA7-9378-52444B5D99CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{31FA352A-F9E1-4B9E-B63D-744CF8BA7BE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6D3B0F8D-1401-4372-957E-09403998E79F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A17A8DE7-B422-47D7-B560-F7BDF081BA74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68D40B93-37EC-4159-B7DF-667B8F36EDF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FBAA1739-6B85-446F-8DFB-0940A90E6162}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0EB668E2-5341-4CDF-B897-46EBA2795F81}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A25E703-136D-48CB-B511-DFD4FDD16130}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BF601B49-FB4C-4810-B29E-EF866AD2F516}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5ACEE9E4-B8CE-4514-98E5-D6F399E89C3A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{815779EE-2F28-42A8-8B7D-C4209C1ADCD6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6776851-A029-47AF-B505-40F007F9AE77}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64461CA7-447B-4AB9-B95D-6A343C3A0F15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{139D42A8-7461-44CB-832B-7CEFC70C93AC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E91E0CB4-A551-41D6-B1A2-6E40EC94F2CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{46B0E176-66EF-4332-810A-C420CAF64BD3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C1B119D8-3286-49EF-8260-48390C4D4558}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0FEF8F77-00CD-4F10-AE53-7D1636B4E29F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64DF7967-D7BF-4DAD-A89D-A02C41CEE46D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{266F8A68-0C89-4447-B121-55FCE74067D2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C307E89B-35A6-41CB-B894-98404B583505}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F4A39CB-88C6-451C-A7AA-3021BA476C42}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{02631513-EC74-4C46-B68B-65254F26E0A8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C32467B1-43CF-4645-AD76-354DD515C828}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F41711A9-7A50-4C4F-8C5A-8665E251ABF8}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E068E0A0-AC00-4F7D-B6D1-4D09723556AD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{84797E1C-2CD6-4371-A50C-5391913A886A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D807AF26-5F66-4223-8622-1F0EDD6E6940}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C553AE03-037E-442C-8A62-C1E04F29F5DB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF2D469D-BFFC-42A5-97CF-08170726E728}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D8330800-6989-44C9-A109-93E242AE0BA1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA2D5F9F-972F-427B-AB97-0ECBF6358981}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3C07E4B3-0B94-4021-AC18-EE09F7C85F94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44AB58B6-67DA-471E-B9F8-E5653D307918}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93B5E2D6-4F92-42A8-B118-1B4CBCA8EDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{70A1D573-CC3C-455D-9FF2-68D36C266467}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{57F3E5F4-7917-4FD0-8B1D-CB1B14B9148D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A9346CD-495F-4A62-A804-DA2000FA069E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{59669864-A486-47C1-95FD-8986F0977865}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{084BCA98-28AA-4204-AC7C-EB80A3CDDA6F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{89F99DBC-FB51-48B3-B1F0-FE5391871425}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{073E9DFC-59C2-49BE-80A7-B6F791CA386B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7421FEDC-89F3-4A75-B2F9-76361368ED11}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4A7187A-3C77-4469-B5EB-3A7C75AD236D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2D975246-C996-40AC-B556-887A8E88B340}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7E7F0FF6-588A-4F98-8D73-51357AA357F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1C742B8-E559-4966-8CE4-D44B8D3394F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{50988007-3A7E-4373-AE9A-90616BCB3BD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EECAB14D-6712-46C7-92E0-DAC97BB5FEA5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E1DADEE7-C194-44D6-9939-2FA13DE4B10A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DD9FE108-BA7E-4A7C-9312-A2D1D46E758A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{975B82E6-5B0A-4FCC-BDC6-1002B163E24F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7F174BFD-2F67-47C1-8744-6D7C4E209040}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3AAC42BD-199D-43AC-9456-8E5C4DB2AB45}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5C3BB71B-7FD9-4BE4-BFED-97D86813C897}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EAF765AD-A50E-4D3B-83B9-A3AC1C624ED3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{90C95B4F-0E52-498D-B266-EA3041C00640}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2BC5CA36-8189-4470-8ED0-46E8B7470597}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BF56B21A-4053-4D37-8DE5-F165CB9F44D4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56DE8B56-F72D-40A8-81E4-87E4B5CDE820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{84304E27-EB46-4016-BCCC-F52924A38936}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BB00EF0F-8A54-4F39-B539-663403CE5065}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{389E90FE-C80C-40E2-B0A8-B98C644A8D94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7181C2A7-796F-426C-9C29-108E0B06E39D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C69BA621-4D21-47FD-B07E-A11322054696}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8B7B05F8-CEA2-4128-9CCE-0EF70FF2AFBC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{76A33309-7B20-453A-9AF1-151FF04C4462}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{009BC8BB-A465-463B-B6FE-A92565DEF0CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8B9D408C-EB3A-4DDE-8A19-B027FDD06057}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A70D8838-63A1-410B-A306-BBE08369C93E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A9EA6DB-CD92-430D-A939-1FC9472390FC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0359D6F7-C06E-47BD-94CA-08D08EF749F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8C05BA53-1037-472C-A95A-E832F8F6FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{07CEAFEC-3548-4A48-B2E5-3665DE033DCA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{AB962CEC-780D-4982-9D26-CBC9BFE78D08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E204097D-B536-4F17-93D4-2C76E758A103}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{25D783BE-F365-4974-B4FF-5C43DBA864ED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1803AA-2395-45A1-8685-AEB8EB4DF959}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{95259B6A-8C20-4093-BF5F-F077AF9B5F42}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{7779A226-79BC-4383-B87C-7C98B26BF7AF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA8C45BE-8F96-41AD-AC5A-D4FF121E272A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3EF5AB21-1BBE-4F0D-AF39-C582A58509B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2D37C8CB-2EC8-4B94-88FD-29990CAD03C3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1109DC2B-4195-46D4-99FD-ADAD0FF180FD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3F469FA6-9F22-4D35-8CBB-C1613E522E75}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4BE6A8AF-7FA9-4FA7-B5CB-0C3A514B3CD1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BEB89631-E0B6-4B4B-BCD4-815F197168A2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93880792-9F98-4834-BD4E-89EB01F0F977}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{69586EF3-278B-4F65-BFE8-B09EFD9D594C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0057568-4C53-4655-8AD2-EEFEC0BF85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C3AB9A61-A251-4F70-A389-9AB08DF17E4E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{361D4629-A693-42CE-9196-3FED53DF7874}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B76BC34E-8E15-470C-B794-D8961EE8FE80}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9997AFE9-3611-4E27-B62A-E2C5F6C29A5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E4AD3FE7-63E1-4EF4-BDAD-0A3CF5203C25}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FF88611D-8298-4D47-A246-3307C167FBCC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A3F86C-9721-4699-9196-3576216E177C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F9E1AC54-F3A2-4EF4-A369-108966CB944E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{52A3035D-0521-4FE4-B75B-744C2DE1CEE9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9C0E2022-71BE-4121-B5D8-E0FCE3989922}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB725E1A-5252-434B-B8B7-191597265C53}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{71F774CA-E850-45C0-83DE-0C9A4A63C886}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF29EC3D-766B-4745-AB6A-4B08837CF5FF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A2BD5333-1B71-4217-A62B-335964FE7628}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39B24053-8577-4EAD-94B0-22D3DC4ABAAA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C73413DD-E1B2-47C5-BCFC-DCC531B61222}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{723AAEFA-60D2-4BB2-8BFF-71DA488D9D33}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4074D0BB-B5CA-417B-9B3D-98A9AF5AAF5C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{803E7B71-B456-4A87-957D-49B190DC8A51}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C5053B5C-347F-45E6-B58C-AAE9CF5F344D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F25A49C4-200C-4C25-9051-DBE2C359DC27}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39C15A3A-5A60-4C33-BD3A-22D77A422128}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6148DCC4-600C-47A0-94F8-5943F9AEAF66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E959DB2-48A4-49A3-9B30-C1BFAEC962AA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{141A7DFC-0C1F-4BD4-B4F6-F7988685685A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19DCA1F7-6D29-4D75-80E5-F44024D08BA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19FC3ADA-4B75-4D07-AB13-F08362925836}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5C4791C4-E518-4230-A01F-C2414C63AE08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81023AFA-E62E-43D5-97E9-B57E7A092462}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E92F19E-9A0A-4A83-AF2C-3E2487B7A29A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37972A94-112D-44B2-9EEC-FD1A562F1D4E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{0A1E345E-3E71-4EE9-8331-EA2FCD89456E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{257C14F4-5B52-40A4-9C4E-1DF40490CAA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{88B083F6-1D98-453B-960F-266A2F92465C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DF60D76F-0AA8-41F9-BD85-7B51023AC935}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E1FD8CE4-0C7F-4156-9F89-9B43A462C5BA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D53D265F-0CDB-4A8A-8254-224439981465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6ED31868-E0D3-4316-A41F-F8FCF799A3CB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D7F33A0B-0226-4F95-8552-22951EA2C491}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C95CBF46-E75D-4BD8-9CD5-449C4BDFA357}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E3298CFD-0C0A-406D-BF18-31C193E4FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FBBA51CA-DDB5-4CD8-8F22-7B7D3738EFE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16EC3942-EBBA-4799-B01C-207AAD6CD1DC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D0FAD837-335E-4FF7-9BDE-9EC7ECB5DCC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9AAD431D-CE35-4B42-85D1-A7E1077E5BA3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FBDB4A3-165D-4C59-9370-A2D7D74394D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56C77ADC-201E-405A-BF3F-C9D1E8082946}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D253F002-9D3D-4750-A1C9-E0A2F0B22174}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4C698845-B2D4-447C-919B-6282047E7522}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C23FC826-1D12-4CE0-AB5A-5185CB63866A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D1A5571A-784B-465B-A136-7185F09A3DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1B5ECF0F-2BBE-48AB-BDEB-1BD9504DF6CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5233C978-0242-4969-963B-E3E7DC25F872}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27C49FC2-C98F-47D6-BF63-E9E69931BDC5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF312D9C-2CEC-4773-B1E3-64CD666312DA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E55EBD1-1164-4C94-98C7-F62B18CAA578}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC9FE827-EB93-415D-A337-D2ECA6DF61C4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2422A04B-3960-4BB8-B974-4569331DC550}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5955A54B-EEE8-4AC0-931A-3B0C22977189}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B98EBAC-4AAE-4069-BBD1-35AB28ADE153}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{32E9A472-96F3-4FCA-A86D-F47F37068BBD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{746F4716-A8BD-48C4-A78C-B6352B1E9D56}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3DF93235-0D89-423D-BF16-F1140FB00C99}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{77F06FBA-C837-4F8B-B651-B97590F3A69D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{609945A4-8335-4C84-8415-65C6C5D3B70F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB4954D7-528C-440A-85E5-AA5ED5223C15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D40FE577-B2F7-416C-A3F6-33BF0F179E8C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96456D34-1067-426D-891C-66817592CAE9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64CBC813-AB0D-48FE-9574-F29DE39F7CF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{ADEACD11-F389-42C6-A9A7-60F7610A33F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F872F10-4FE7-45DC-AE21-26162E036F0A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AAD3F11D-83C0-48A8-ABB4-DC470985BB6A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5C8BF79B-1B66-4E14-8BF9-672DCE0C932E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E812D21A-8D97-4E06-B3E9-66A3FB1A0159}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EC44547E-B9D5-4EF9-B231-D04E6F7CCDC2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{651B963A-38F4-44F7-86DF-D6C2CDFED7CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1E15E1E-7628-4536-BEC3-40D27C85048C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F4645668-F876-4CDE-833C-D10134A8FF9F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4A7ADEEA-458F-4F04-9023-81FDE320E758}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A462D1E1-1C3B-4B24-87FF-73889FDA2C91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{EE30CF95-536C-4962-B750-B0A4BBFAADB9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{91849CAE-18E4-493A-92D6-4536E0F45726}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4874916E-34BE-4FA0-A136-A9E6700E342A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{16D32B91-D9FB-4362-955C-9D024F4BF32F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B2718225-2525-4356-A1DE-E7665A7B1C8B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A694A77B-1F24-400F-BF56-C3B399BE93E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3666A9E-3DDB-4966-B014-D37BDD0262C7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6CD6DA3A-E6DF-4556-8D4A-FE84B675126D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B910521-AD7C-4B12-8904-3F009400C81F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5CBA1262-C4D3-4DC5-BCCB-6B4F2D9BF731}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F09AAEA6-564A-4F01-BC56-9256476D6144}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3F506A86-1BCD-427C-988B-5069F8A00110}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1F97C1-2833-46B5-A0FF-FD4BDC34AF48}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6AE9B749-DE0E-4EC8-B425-9591A70458B1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4096B082-1F76-40FB-8D6A-31D411B43E66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E27FF460-D153-485D-8BF2-02BB20289EF9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C8CDD6E7-261C-470B-867C-2E0A305C081C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{56EDFFAD-7643-4300-AD15-8D0DF89B509D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BDE4B3F0-AFCE-42B3-80E3-8A5D1E3DC545}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3523ACA9-6A88-4243-80FE-0BAEF7EC3AED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F6F9B417-4F87-4A0D-990A-A417237974AD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{60C7F46C-86B7-435F-A7B4-3CC75CF312F7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B3AE992-4209-40FC-9A97-59965AED1420}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4D7FD718-4C5C-4DE5-9A9A-3337FD7A87B6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FD682FC4-77F5-4D7F-B096-36B86B48B661}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{073E09BB-E824-42CA-8C86-31FBA6BF6870}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D4B1AADB-78A9-4CA3-8724-0C10207A7FA2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{03000EEB-9C0B-4616-B1C9-C4B95E27ACA9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{14B8C861-3323-4CCD-B033-807F07ABC68A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{52E04AB4-13EC-4829-8507-28EBCF36E97C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9D8F66D5-0F93-45D7-82DB-AC62140FC173}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B7896EB-8B29-460B-9E03-D2FFDD7D85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A5245F2F-00D3-49A1-9FE0-0706FA69A520}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82B6597E-25ED-4816-BF52-E01F28D24C0D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{99D7983F-8E02-4D0C-9DCB-B53673EBDA87}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BE2A5392-25B7-48BB-92CC-3BF605CDFEAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF6438AC-9B0E-43A2-BB05-A65580E5EFAD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8DDB52EA-3303-43A1-9EDC-817297CB3593}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{675FE2CF-1F47-4BE9-B392-8F0B31FAD5E6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{3CBF9CCA-5F80-4E75-A9A0-295526FB0024}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{24788B50-A810-4FF7-99AB-A2844A149455}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2FC56437-09A6-43F4-84D2-0D67860B0EBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1D391574-36D1-48FA-A8A2-6FA5FA3D5D0D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68AB5D62-BB5D-4A7A-A2E4-2185B6F70715}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C92BEAD4-3475-42AD-B89C-8C8F8BCF48F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BEF849B6-9E6E-4FE0-A255-5DDD4DC31BCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DECC2FC6-4BDF-4A10-A0DD-2B01BA9D1F9E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{ABF23583-84C4-4195-9717-C3A754A4080C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{DC5BBDA3-A588-49E0-9A49-E19FB030F7D0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82DC9BA7-67A8-4CF3-8E66-AD4F645B9BD7}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4713757-C8F4-4BB7-AA27-BE340650CBBF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{239D823A-F643-4ECC-B394-B09068D9A8C6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C3CD3FD0-64C7-4511-8FBD-76FF0FD66D32}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F2ADED2F-45B6-422D-862F-F68D7BD97980}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BA717979-DC63-46A6-A1AD-1B9B64BBE8F0}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4DCE49F3-0073-45B7-8461-D76677618657}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C2413AE8-D003-4572-9067-D6EE13877D27}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6B321238-2F61-47A4-AEBE-FB48275835A1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A5438A7C-51A7-499F-844B-96A81D5FA6AF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81667A2E-E3F0-4243-9648-CEA95B853A3D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D8FE785-F51B-46E4-96E6-26D6ED316E1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7ACB403-97E2-4D0F-91DE-AC15D02AD251}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6E25349A-4B56-4293-9C0A-D04702DDE989}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{03F9E784-9C27-4BF3-AEFB-C7BB36E7EDC5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F0E28111-9CB1-4AF6-9DD0-AD89E5523515}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C4CBFF02-0D55-477E-BB97-F5E2ECD5F8C1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6007E736-3FB7-4AC5-8DDA-55C5B56FD03E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56CFF1CA-7157-453A-B843-04B36534BEB1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{54AE2208-02EC-4DE3-8D86-B363AADACDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D294E64-C01B-476D-B7DF-ACA34AC060BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4D845892-A583-419D-878A-3E195991DFC1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{566D0F56-ABFE-4A36-B0D1-35A401B8103A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{59E4BD35-84B3-4B09-864D-BCEDACE5E6E5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{577EB62D-EB01-4216-BB8D-D8838AA865BE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1121756E-15C6-4BF2-805E-8E4CE9B64569}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FEDDF0C7-87D3-45E2-87F6-EBD00B7BF63F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE754F0C-A0CE-4DEB-BF69-BFBF3111E802}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{86C4C530-B837-4F9D-92A6-32759F502E04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6896D75A-0444-4EE8-8C1B-DCCAE7E7F098}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2A3580EB-2695-46FE-9732-9905265834FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B85806F1-B486-4F61-8895-E9C8187CF088}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DDFBACCA-6900-4407-BDCE-FC31C27F1556}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16F4D5FD-01EC-4421-A669-63D2F5C77498}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{87D8DB73-BAA7-46EC-8A4A-3BEF9ECC1777}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1BD9A2D6-358E-407E-ACAF-2F5BF9936FDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8E629903-E2B9-479E-BD3D-D732F2438C64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8D62C98A-150B-4F74-945B-B1A637B99B91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0B238E8-A51F-4C56-8274-84E171289191}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5516882F-5FEB-4791-B8D7-10F9D546627D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8CCAC162-DE65-4BC6-A17F-30BE34E0D74E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5E36DD0C-D880-4ACC-9226-BC9C8BA375B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E5DCD26-9E3E-49A1-879F-977BFB030778}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F0525C-5AA4-4DF2-B96C-A45AC509304C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DDD5698E-5A63-4775-A08D-81C9CE62190A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{024DFB98-03C7-40AD-9BA2-E9E9194E9E3C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{616E2CE4-941F-470F-9722-646ECEA80935}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{388380E2-E380-499E-BC16-C1BCE07CDF43}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{612D849E-C56B-4298-97B5-F2EDBD5FAD79}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F0B6C457-1AEF-4956-AA40-401FAFDFE3BC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E864A38-979D-4EB2-B1E7-B850BB1EEB40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{409757AE-F7F3-4815-BC60-94F0157E6F0E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{155FE014-683D-4EA7-A93C-7B094D861EE1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D1B89A-194E-4489-B133-EB057E711E22}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{8ABD21F9-2415-47BE-A4D4-9C6E9CB540D4}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{11F49C31-A45D-45AA-BD31-95FB186E8C52}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9A3F164D-6002-4D17-99A0-30441DE3A6E3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{10080AEF-019B-43A6-BDA0-2BF3BCE369F8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9870AC12-796A-487F-9FDD-7DB0BD11BB33}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2634E034-DF42-4647-8CA0-255D70B55C4A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2ABA316F-95F9-44DA-861C-B8BED415E6B7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D404EDC1-B880-403F-8FC9-E0CFF1723A46}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{9A2E80A0-1541-45CC-9761-61366B3F7187}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1630523-66F0-45E7-A943-DC3724760AFF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{20C329B5-FE3C-4BB0-942D-E74E25CB2A1C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A63E5332-2470-41A9-8268-5F06C4F036CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A6385D6F-2C95-48AD-8D4C-6A7A4BD90B7E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9CEBB5B8-90FE-4159-AE07-5DE5A06949E9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC497F0A-867E-4D60-A664-A50E14FED4D6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E452FF31-71CF-477B-A819-F275602F48F2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{06D8F132-B4EE-4C72-ADB0-3BD4788444DB}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9B9E1F82-36CD-446A-A052-EE8603D628DF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD466303-A69F-400B-AAE8-1B1DD1708BE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{80B3DC9B-8875-4633-9AE3-D3E723D0CB1C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9745B821-914C-4B9C-BDC2-E74570A4A5FA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{126538A9-EF8B-4B5F-A105-BCC838A2D77F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{44F5EA72-2B61-4131-8244-F5C312E0DE7C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{407D8712-F7CA-4217-85A5-6A976FECC06D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E6DF2C0D-3E76-4C32-992B-16E1F5203C34}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{300286F5-174B-4948-BFB4-EF0C34C81F4F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{10675BEB-3A8E-4025-9E3B-271B33F21DAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BBE95EED-08B7-4DDD-B7C5-0D768253F9D7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EE72182E-4826-47FE-9508-C42B4440A868}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D62490-8010-414C-8C18-1F03C30115B2}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{396E43E5-DE02-451F-B256-DD574635CA38}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AB347484-2AA2-48E1-8B82-7C848FDA4915}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82AD3F7B-B164-43CE-A629-275A13ABE9C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{388AED80-2F56-4098-8F6A-669A49930C74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E490060-76CB-4931-93AB-FBA7C00782B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A86E42A-BE42-423D-A3E5-D3252DC55524}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6F3A854B-73A1-4B59-88D1-BB044587FA40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44020F35-B74E-43BC-9029-3A5BD73B61B7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{39A19D55-3C21-4B75-9D22-786640A00F1B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{009C2814-9608-435E-B73D-60C18BF54BBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4D16A462-5E7F-4644-A9DE-F6CBFB1E0428}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C64395DC-4F70-4487-B6A8-825F9CE35F06}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE2FDC7A-B454-4F29-AAEB-A8BECC10477A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90D9CB1B-EB5F-4CDC-A5F8-B9B22752A584}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37F31451-4220-4086-89DC-B58FAF55E859}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A46049F8-9C79-42D0-84D1-A7410FBF0E12}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C7DA7110-1E98-42CF-93D9-895280050B28}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D4F69536-5C00-4B57-AF6C-B3A67E87ADFD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6AA9E4A2-D09F-4288-AC0B-B034F32086FD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FA765916-6593-4AA7-9449-B59EC422759D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{729F3F4B-F3C9-4CE4-A3D0-5C18A4A0BE5C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9C3E0F65-24E4-4D8F-9B0D-DC45C363E4FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{614260BA-E91A-4586-B0FB-A43CDB9DDF81}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{946BE8CD-F780-4C12-B7E1-50EFFB323DE9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6DD6537F-AB9D-4382-A9FE-1BBC6DCD705D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B4B21132-DFD6-4B45-85B1-88D2CC22125A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F1AFD4EA-91DD-4733-A660-4484C50549AE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C93ECEE6-C1B1-4195-B036-2C84BDF4D476}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{982CD324-7841-4014-9061-4C61CAA84B41}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{97450C8F-202A-443C-8BB2-3E8C00316180}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12FCE835-4E59-415D-8FD8-DF4DF53855BB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF2EDF1B-DB2E-4D2B-93FF-2E9BCE782AC3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C970DBC3-8B00-4644-BCA2-DAB874CBB923}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E8BFFCEA-1C08-4EB1-9D26-4D58A7F1117F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E465ECBB-775D-429E-9B96-55529E550508}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A402C1CC-4291-4C6C-B8B4-98E60ADEC9F6}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.186\opera.exe => No File
FirewallRules: [{5B1C41ED-3183-4AD3-A078-42DFD241A17D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{73E87491-7F58-4B31-BC68-9D895F516430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EAFD9316-0F72-4952-AF7D-C2C5E1C88DE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6C042D8-BCD9-4683-B244-CE4E8645A2F6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27B4157E-65CE-4EBE-B910-888B69DB3F5E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2099E6D5-3318-4A46-BE2A-0BFC8064A552}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{7B860FE3-785B-4751-B8FD-9DF143593F02}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5664C3C5-D48A-4084-B2C5-1AA8E583AE3C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2ABB9A40-F36C-494A-949E-4C75B5C6F353}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{347AF792-9D11-4DA3-94FC-5E4E8AE56443}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5EF0AC3-3AF8-4BC9-B1F9-14CB1D34F9D9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{53BB179A-1FB6-4665-A969-2440FC1DC175}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D955CA21-A1E2-4418-BCCF-9255AD57453C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4E3F5EBC-680B-4EF2-9EC3-4E7110F26F9F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{94396FBB-22CE-4842-9E73-695103F85521}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C919BE96-F587-4588-AED4-935E8FA6A0C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4F1D7D86-BAFC-460B-9C43-3576599F104A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EF7E039D-A68E-4E45-A349-36689BEE6774}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1155DBED-0BA4-4D0E-A7FE-E1B3B68EEB0C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{719385F7-C431-4E17-AB19-2075DA235EE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BB77705C-910B-4DB8-A446-1D866958AFF8}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1AB89C7-0298-4B9B-8DBD-BC28601EF3A5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AF0D50D0-C945-43DD-9F98-86EFEEAF1A32}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{58A9291F-CDF8-461E-B092-9E2004F6B80C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{75552F21-D1C2-440C-977E-07480CD45451}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C9A9BA6A-D91E-4D27-8A58-D188D0675C90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CBC1070F-1093-4FAD-92C7-711709080DEA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C78B4763-40FF-4E46-9D55-EE7A5C56331C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5F524D7-D387-40BC-A6D3-434C8B6AF3BA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6AAF572A-A5AD-4EE3-8481-B542B7BE46D5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{451F4261-A951-442F-9326-0E0F75229971}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{399D0680-750E-4F88-BD29-68F44937FC17}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{986C6A7E-117E-41B0-AB79-1EC3F50797A0}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.320\opera.exe => No File
FirewallRules: [{C3A821EC-7074-468A-8CA5-2E409880E64D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2948DDA3-09D1-4988-B1EE-FA4AF36A432C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{82814382-122D-4EAE-AFE3-28E88C8C09CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0BC232FB-2A22-462B-97C1-E0241C1EEA5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9899101B-FCC3-4F2F-97B3-389F2A890278}] => (Allow) C:\Windows\system32\winrmsrv.exe => No File
FirewallRules: [{38703C78-88F1-44C1-B76F-C3727CD4156D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4CC27C3F-E61A-4902-A6A9-E991BA34EC42}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FDE38FBD-71DA-4232-88A9-A4EC5DC6880A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F8A14AA9-8E6B-427F-9AB8-F12DF70FE87A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B1A3F10B-58B4-4369-9107-4A62AD23E44D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{CF5C2D96-FF04-4C3D-ADF3-6921BF2BC518}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4F34B347-66AC-49D8-B2F4-2B3101C5CFDA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{531CDDE7-07B9-4902-9269-B70343139BFD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F4AAF38E-22BB-4049-9B78-96D8C5366351}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{468A3692-95AB-4F1E-8D6C-FEB42DC54BB6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B947F9BF-1F27-4283-A7FB-41E03BDA48FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{86F879EE-9A2F-411E-8BDC-3C763697B7F3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{3FD5CFC2-EBEA-4434-BA63-CABF70928334}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D31910AB-2355-4959-8322-B9C5750E6649}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6CFE3718-5CF8-42D1-88F9-02218A186A0A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FB564A91-66C5-4609-8F07-4D8E417A757F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{11C3DFFC-4661-40A7-96F2-6EB54F21BBA3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FD20FD98-A814-4D58-821F-4E56141AE64E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{59B3F812-1A50-497E-90EC-BE6DB5370F79}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{76B3CE01-4E2A-417F-B871-124F5E9F1B72}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4458735B-367D-43E7-9798-EDFF7ABF9121}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A4707D71-E154-433E-9AFE-A8F7F23ABBB6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E6C4AF48-50C2-4064-ABF5-C62D7D1F7C50}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{974DE7B1-4ABC-4C59-9970-712283021675}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{CB5586A2-5AE7-431B-A2DC-0335D127F7BC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4B646D31-5753-4279-B25F-7C70403B9F10}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EDF0B63E-74F0-4DB3-819E-8CE3D01B661B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B4B81CB0-B126-4F91-AE94-070BAFA983CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{409BD531-2F26-4877-AF12-584E132FD617}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{24FB95B4-6811-4BF6-82B5-4121D7A44945}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6D9696FF-1155-4138-AF82-E1B67478F4A2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{46E4AECC-3A85-48EE-B355-F56C15C9153F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{58700B2D-2328-4656-9789-AD817C2644A1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{00C5D01B-B8DC-4690-9836-59DF79ABDEB1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5B708ABA-27E0-44BE-ACA2-341900EFA83F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{548A53A9-D168-49F6-A2B2-C68482E74A71}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C104E1C1-A3C0-4A2E-BF32-9E157CC4EC67}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3358A12C-419F-48AA-AC8F-CD2AC5515C8E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]

EmptyTemp:
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lveecze
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 04 kvě 2020 08:49

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#9 Příspěvek od lveecze »

Fixlog moc dlouhý, zasílám v příloze v raru.
Fixlog.rar
(18.08 KiB) Staženo 33 x
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15215
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#10 Příspěvek od JaRon »

:thumbsup:
+ napis kolegovi aky je stav PC :???: prip. vloz aktualne logy FRST
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118265
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#11 Příspěvek od Rudy »

Bylo smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lveecze
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 04 kvě 2020 08:49

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#12 Příspěvek od lveecze »

Při spuštění systému bohužel obě tyto aplikace svchost a isaas znovu naskočí a problém stále přetrvává. Přestože je AVP smaže z adresáře, kde se nacházejí, tj :C/Windows/Temp, po restartu se tam opět nakopírují, nejspíše stáhnou z internetu. Bez internetu se tyto virové aplikace ani nespustí, ani se nezakáže Správce úloh.

Zasílám nové aktuální logy.

Děkuji za kontrolu,

- Lev

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-11-2020
Ran by user (administrator) on DESKTOP-5CNBDP2 (Gigabyte Technology Co., Ltd. Z390 AORUS MASTER) (19-11-2020 13:46:19)
Running from C:\Users\user\Desktop
Loaded Profiles: user
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.892_none_5efe5b5a590f76dc\TiWorker.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe <2>
(NZXT, Inc. -> ) C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\user\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331040 2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: []
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: []
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-06-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Policies\system: []
HKU\S-1-5-18\...\Policies\system: []
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Print\Monitors\36C-0iSeriesPCL Language Monitor: C:\Windows\system32\KOAXJJAL.dll [25504 2020-11-05] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-16] (Google LLC -> Google LLC)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04765230-2A97-4733-A5B7-DC17260F5544} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {3073B57D-F41B-4E2C-A02D-1F118EB03465} - System32\Tasks\nv4drv => C:\Windows\system32\config\systemprofile\AppData\Roaming\0B9DB7F2219442CC9FFD6B306B417011\07DD7C493658469DBDEBBBA5014F8F4F.vbe [770108 2020-11-19] () [File not signed] <==== ATTENTION
Task: {549C5E75-6202-4652-A2E7-9EABE7554434} - System32\Tasks\Opera scheduled Autoupdate 1588926009 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe
Task: {6FD38BCD-176B-4AE1-96A2-BA66D986FC61} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [28678840 2020-06-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7661FE7D-23BC-4BF8-AA76-5EEF30DA5B1F} - System32\Tasks\Opera scheduled assistant Autoupdate 1590174025 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\user\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {7C7DFC01-90E9-4E54-8BC2-8B00C9F94968} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {90362DF6-A101-4F76-A72F-C061E2A356C0} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Task: {979E2088-5124-48CE-9FE5-BEFD4F6E0EAD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A3F814F3-6C62-4BFD-8EE5-6324CF350C6D} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe
Task: {A7853793-6991-4BB0-A423-4AEE6729A5D2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EB3CB31D-D02A-4A69-9B7B-0D41910186F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0bf7a325-c941-4528-8368-700194cb8264}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8a9bf6ab-39a1-4974-abbd-bf2eb4e85a86}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-18]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-11-19]
CHR Extension: (Prezentace) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-22]
CHR Extension: (Dokumenty) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-22]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-22]
CHR Extension: (Avira Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-11-17]
CHR Extension: (Avira Safe Shopping) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-10-28]
CHR Extension: (Tabulky) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-17]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-29]
CHR Extension: (MetaMask) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2020-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-16]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [545800 2020-08-14] (NZXT, Inc. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
U3 wuauserv; C:\Windows\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntivirProtectedService; "C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208024 2020-06-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [140280 2020-06-01] (ADAPP SASU -> Dokan Project)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 gdrv; C:\Windows\gdrv.sys [25640 2020-01-12] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-12] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 SaiHFF32; C:\Windows\system32\DRIVERS\SaiHFF32.sys [177536 2007-09-13] (Saitek -> Saitek)
S3 SaiIFF32; C:\Windows\system32\DRIVERS\SaiIFF32.sys [20864 2007-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Saitek)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1968-04-08] () [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45960 2020-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [376544 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 cpuz149; \??\C:\Windows\temp\cpuz149\cpuz149_x64.sys [X]
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-19 13:46 - 2020-11-19 13:46 - 000019914 _____ C:\Users\user\Desktop\FRST.txt
2020-11-18 10:33 - 2020-11-18 10:33 - 000018517 _____ C:\Users\user\Desktop\Fixlog.rar
2020-11-16 14:43 - 2020-11-17 13:23 - 000000000 ____D C:\KVRT_Data
2020-11-16 14:42 - 2020-11-16 14:43 - 185992048 _____ (AO Kaspersky Lab) C:\Users\user\Downloads\KVRT.exe
2020-11-16 14:04 - 2020-11-16 14:04 - 074148317 _____ C:\Users\user\Downloads\Nahled9.mp4
2020-11-12 12:23 - 2020-11-18 10:28 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2020-11-12 12:21 - 2020-11-18 10:37 - 000000000 ____D C:\Users\user\Desktop\devirovani_listopad20
2020-11-12 12:04 - 2020-11-12 12:05 - 074042675 _____ C:\Users\user\Downloads\Nahled6.mp4
2020-11-05 14:08 - 2020-11-05 14:08 - 000000000 ____D C:\usr
2020-11-05 14:08 - 2020-11-05 14:05 - 000160672 _____ (KONICA MINOLTA, INC.) C:\Windows\KOBDrvAPIW64.EXE
2020-11-05 14:08 - 2020-11-05 14:05 - 000112032 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOBDrvAPIIF.DLL
2020-11-05 14:08 - 2020-11-05 14:05 - 000104352 _____ (KONICA MINOLTA, INC.) C:\Windows\SysWOW64\KOBDrvAPIIF.DLL
2020-11-05 14:05 - 2020-11-05 14:05 - 014863535 _____ C:\Users\user\Downloads\GEIT6PCL6Winx64_21130CS.zip
2020-11-05 14:05 - 2020-11-05 14:05 - 000000000 ____D C:\Install
2020-11-05 14:01 - 2020-11-05 14:01 - 072588025 _____ C:\Users\user\Downloads\GEIT6DSETWin_21130CS.zip
2020-11-05 14:01 - 2020-11-05 14:01 - 000000000 ____D C:\Users\user\Downloads\GEIT6DSETWin_21130CS
2020-10-30 16:38 - 2020-10-30 16:38 - 000000000 ____D C:\Users\user\Downloads\ur
2020-10-30 16:34 - 2020-10-30 16:37 - 1661255063 _____ C:\Users\user\Downloads\ur.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-11-19 13:46 - 2020-05-04 11:34 - 000000000 ____D C:\FRST
2020-11-19 13:44 - 2019-12-10 14:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-11-19 13:44 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2020-11-19 13:34 - 2019-12-12 14:55 - 001606106 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-19 13:34 - 2019-03-19 12:55 - 000682526 _____ C:\Windows\system32\perfh005.dat
2020-11-19 13:34 - 2019-03-19 12:55 - 000137244 _____ C:\Windows\system32\perfc005.dat
2020-11-19 13:34 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-11-19 13:33 - 2019-12-22 20:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-11-19 13:29 - 2020-09-15 07:51 - 000003358 _____ C:\Windows\system32\Tasks\nv4drv
2020-11-19 13:29 - 2019-12-10 14:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-19 13:29 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-18 17:02 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-11-18 14:15 - 2020-02-27 20:59 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-11-18 13:04 - 2020-10-15 17:30 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2020-11-18 10:50 - 2019-12-10 15:05 - 000000000 ____D C:\Users\user\AppData\Local\ConnectedDevicesPlatform
2020-11-18 10:29 - 2020-05-07 10:55 - 000154036 _____ C:\Users\user\Desktop\Fixlog.txt
2020-11-18 10:28 - 2020-06-24 14:39 - 000000000 ____D C:\Users\user\AppData\LocalLow\Temp
2020-11-18 10:28 - 2020-05-04 11:01 - 002294784 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-11-17 13:26 - 2020-09-01 21:14 - 000000000 ____D C:\Program Files\Rockstar Games
2020-11-17 13:26 - 2020-09-01 21:14 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2020-11-17 13:26 - 2020-09-01 21:06 - 000000000 ____D C:\Users\user\AppData\Local\Rockstar Games
2020-11-17 13:26 - 2020-09-01 21:06 - 000000000 ____D C:\ProgramData\Rockstar Games
2020-11-17 13:26 - 2020-05-08 09:20 - 000000000 ____D C:\Users\user\AppData\Roaming\Opera Software
2020-11-17 13:26 - 2020-05-08 09:20 - 000000000 ____D C:\Users\user\AppData\Local\Opera Software
2020-11-17 13:26 - 2020-03-16 15:51 - 000000000 ____D C:\Program Files (x86)\Voobly
2020-11-17 13:21 - 2020-01-13 12:58 - 000000000 ____D C:\Users\user\AppData\Roaming\audacity
2020-11-16 15:22 - 2019-03-19 05:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2020-11-16 15:20 - 2020-09-26 17:28 - 000000147 _____ C:\Windows\system32\Drivers\etc\hosts.rollback
2020-11-16 14:34 - 2020-03-18 01:10 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2020-11-16 14:34 - 2019-12-25 18:25 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2020-11-16 14:34 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports
2020-11-16 14:09 - 2019-12-26 15:43 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
2020-11-16 13:44 - 2020-07-03 13:58 - 000000024 _____ C:\Windows\system32\perfdish001.dat
2020-11-16 13:37 - 2020-06-10 09:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-11-16 13:37 - 2020-06-10 09:17 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-11-16 13:37 - 2019-12-22 20:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-16 13:37 - 2019-12-22 20:12 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-12 13:32 - 2020-06-10 09:17 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-12 13:32 - 2020-06-10 09:17 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-12 10:03 - 2020-05-08 09:20 - 000004202 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1588926009
2020-11-11 12:10 - 2020-05-22 20:00 - 000004454 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1590174025
2020-11-05 14:06 - 2020-02-19 11:11 - 000000445 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2020-11-05 14:05 - 2020-06-11 22:36 - 000025504 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOAXJJAL.dll
2020-11-05 11:24 - 2020-04-11 10:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-10-30 12:23 - 2019-12-10 15:06 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1742551912-4009820896-394807726-1001
2020-10-30 12:23 - 2019-12-10 15:06 - 000000000 ___RD C:\Users\user\OneDrive
2020-10-30 12:23 - 2019-12-10 15:04 - 000002358 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

==================== Files in the root of some directories ========

2020-01-06 18:40 - 2020-01-06 18:40 - 000000028 _____ () C:\Users\user\AppData\Roaming\kulerdata.json
2019-12-22 20:57 - 2019-12-22 20:57 - 000000410 _____ () C:\Users\user\AppData\Local\oobelibMkey.log

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2020
Ran by user (19-11-2020 13:46:44)
Running from C:\Users\user\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2019-12-10 14:04:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1742551912-4009820896-394807726-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1742551912-4009820896-394807726-503 - Limited - Disabled)
Guest (S-1-5-21-1742551912-4009820896-394807726-501 - Limited - Disabled)
LveeFix (S-1-5-21-1742551912-4009820896-394807726-1002 - Administrator - Enabled) => C:\Users\LveeFix
user (S-1-5-21-1742551912-4009820896-394807726-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-1742551912-4009820896-394807726-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\uTorrent) (Version: 3.5.5.45790 - BitTorrent Inc.)
ACA & MEP 2021 Object Enabler (HKLM\...\{28B89EEF-4104-0000-5102-CF3F3A09B77D}) (Version: 8.3.51.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-4101-0000-3102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0_2) (Version: 17.0.2 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_3) (Version: 13.0.3 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_1_2) (Version: 24.1.2 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_1) (Version: 9.1 - Adobe Inc.)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2_1) (Version: 8.2.1 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Age of Empires II Definitive Edition (HKLM-x32\...\Age of Empires II Definitive Edition_is1) (Version: - )
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
AutoCAD 2021 – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-2102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 (HKLM\...\{28B89EEF-4101-0000-0102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-1102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Autodesk App Manager 2020-2021 (HKLM-x32\...\{DB92FEA7-F78C-469E-B138-E2303220F0C4}) (Version: 3.1.0 - Autodesk)
Autodesk AutoCAD 2021 – Čeština (Czech) (HKLM\...\AutoCAD 2021 – Čeština (Czech)) (Version: 24.0.47.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{6774FD60-7D4B-4D57-BE56-2702A07C9701}) (Version: 19.1.22.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{6EFAD582-86C1-4AB2-97C5-2070D0B90E08}) (Version: 19.1.22.0 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk)
Avira (HKLM-x32\...\{4BC31208-EC3B-453B-8819-6B81AE3EC153}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{caade1ea-26aa-4e8f-a4f0-59cf0c0e91a5}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{BBD09B2A-FCDB-4CDE-8614-8C608EA68E94}) (Version: 2.0.6.34011 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.5.0.10950 - Avira Operations GmbH & Co. KG)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.75.1088 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.1001 - Disc Soft Ltd)
Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Hidden
Dokan Library 1.4.0.1000 Bundle (HKLM-x32\...\{97cfdb6c-2faa-43ba-afbc-469e01845e99}) (Version: 1.4.0.1000 - Dokany Project)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
F1 2018 (HKLM-x32\...\F1 2018_is1) (Version: - )
FileZilla Client 3.49.1 (HKLM-x32\...\FileZilla Client) (Version: 3.49.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Horizon: Zero Down CE (HKLM-x32\...\Horizon: Zero Down CE_is1) (Version: - )
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Ledger Live 2.10.0 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.10.0 - Ledger Live Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LRTimelapse 4.2 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.2 - Gunther Wegner)
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.69 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.99 - )
Microsoft OneDrive (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version: - Mobirise.com)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NVIDIA Ovladač HD audia 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 452.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.06 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
NZXT CAM 4.10.1 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.10.1 - NZXT, Inc.)
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.00 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{0edb50a3-501b-40f9-b197-0d143fdef576}) (Version: 1.00.00 - Patriot Memory)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.3.377 - Jan Fiala)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.1030.1 - GIGABYTE)
SketchUp 2019 (HKLM\...\{E16DD37C-6FBC-F51F-702E-DD6E92D6ED68}) (Version: 19.1.174.20409 - Trimble, Inc.)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
Speciální aplikace Autodesk 2020-2021 (HKLM-x32\...\{2CBD494D-0A3E-4CB3-AFB3-8CE1734613B0}) (Version: 3.1.0 - Autodesk)
Star Wars Jedi Fallen Order (HKLM-x32\...\Star Wars Jedi Fallen Order_is1) (Version: - )
Uložit do služby Autodesk Web and Mobile (HKLM\...\{A9005AC0-4AD8-4E84-B1F7-EE38BB6BCC2D}) (Version: 3.0.26 - Autodesk)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)

Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-12-22] (Adobe Systems Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.10.5.0_x86__kgqvnymyfvs32 [2020-06-18] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.39.4.0_x86__kgqvnymyfvs32 [2020-06-28] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-08] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-10] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-06] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0 [2020-06-23] (Spotify AB) [Startup Task]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\user\Creative Cloud Files [2019-12-22 21:00]
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2021\cs-CZ\acadficn.dll (Autodesk Asia Pte. Ltd. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2020-01-22] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2020-01-22] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvshext.dll [2020-08-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1742551912-4009820896-394807726-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32original.dll [746496 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [9216 2019-03-19] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29791771.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\50904365.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29791771.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\50904365.sys => ""="Driver"

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10454__180408__yaie
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2020-11-16 15:23 - 000000147 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost

2020-02-19 11:11 - 2020-11-05 14:06 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-5CNBDP2.mshome.net # 2025 11 2 4 13 6 7 91

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Control Panel\Desktop\\Wallpaper -> c:\users\user\downloads\nebula-stars-universe-galaxy-space-4k-kx-2560x1440.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "Voobly"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "Opera Browser Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{9BD1688D-F015-4BFF-B69B-724F9F8E254B}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{744E7215-70B1-4E3B-B104-4B103618F9C0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A9C7CC83-3045-4013-AFDD-6A96C9781B02}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{83AD6374-B204-4C43-AC64-65B7B766F2FE}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{14D241B6-2C3A-4401-9A41-BA3E6798638E}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0F142F97-D1CD-462F-94B1-60FF56B8277C}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B8CA292B-7112-4E0A-A8E5-1817BCD71D66}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{512D5D3D-72C1-4233-8A68-012479E8BA99}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{29A39C55-CBED-4300-B456-FF6215D3A6C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D8CDB9F-F5C8-4FED-AD0E-F3E62108392E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6E5B978-7F6D-493A-A9BF-F08951D5E717}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{649B2B89-0708-4A63-A498-6282B156BAD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39302AD9-C980-463E-9136-CB594F225BC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A0556009-B2E6-4DF7-BF21-3FFF8C706300}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{28F7B461-6AD5-4565-ABCE-B8D4240398AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{420D6374-ED4E-492C-8A08-B1D6889F1935}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EAB62F56-B95D-47A2-8BE7-240DD674A1F8}] => (Allow) LPort=57209
FirewallRules: [{0D78786E-4AD7-4E94-B04A-CE594A70B726}] => (Allow) LPort=57209
FirewallRules: [{6387C489-EC66-4DB9-9E04-8CCB5B0F66E9}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0C3E4428-7724-4C6C-9816-7EC95B29D9BC}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{42638945-DDF2-43AD-B502-45B851E94E06}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{11F955C2-4207-4E47-B81C-4EBC807A269E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{8D599D53-9CFE-4F43-AF38-6EDFE7135CED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{21A6E14D-8133-4CBB-8E69-AC2C005AC97B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75219DDF-A467-4007-93BE-BEFE6D3ED88A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27BA5BC2-6249-4BC4-A0F2-E07ED3901D4F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8ACA5A72-1F64-404C-B26F-FAE82DD6BF02}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5279BD4D-94F5-4386-92A3-AC4B5765EF2C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5EEFFD78-2BCE-4092-B07E-17690472AD97}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{11B36587-101C-4C94-B48D-5C33E1BD4894}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0959D5EF-0E6A-4CFC-BAC8-99C79D022643}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{51B0A3A9-33EB-40E9-94E1-683C2842F8DB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{385D398D-0D89-4C7A-85E1-0E4CC1BFE841}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{DA40C441-AB13-4D1B-8810-33E3BFBEE127}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6AB6D372-48B1-4478-B968-49DBB00CFACD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{163EECA9-1E7C-43C9-B53B-FF3A061CB99D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A1BA345B-BA99-4B79-9746-AD64461AD683}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5FE8AE0-2741-4F17-84F3-317974F60E93}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3C1FBDBC-996B-448E-B83D-66F7C558B908}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F3F688F6-7096-40B3-B740-3A84E4441189}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E2E476B7-3B17-4459-9D1C-24FA110F3C0E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{67788432-C122-4AEE-986B-8150081D08CB}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1275CC5F-F799-476B-82F0-B1885586D6D2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D71FF00A-B92D-4228-BCFB-76611048EF66}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E209FC2A-A504-4711-BB77-053AAF8A442E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{155C47DD-A501-4352-8CDC-50FE35D7C226}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{9AECAF81-F0DD-4080-9E5E-A758B798C1A4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{91AB6B65-3C0B-4D80-957F-802434C224AB}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{10825616-A0DC-4C15-81EC-CDA63C3C33DE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1625917-DE70-4DCD-9911-D01EF981821C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CCF78045-3586-4018-BBE3-CCD43934DF3A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{94EF4D4F-39FE-4D8E-9AFB-31164756D2BA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{82820B64-DC19-45E7-90B4-8CBB649C7A35}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{076CFCC4-9C2B-4FEF-B9E4-2680A50922C6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]

==================== Restore Points =========================

02-11-2020 10:39:16 Naplánovaný kontrolní bod
11-11-2020 13:22:52 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.WinJS.1.0_8wekyb3d8bbwe-2147024893

Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893

Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.VCLibs.140.00.UWPDesktop_8wekyb3d8bbwe-2147024893

Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.VCLibs.110.00_8wekyb3d8bbwe-2147024893

Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.UI.Xaml.2.4_8wekyb3d8bbwe-2147024893

Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.UI.Xaml.2.3_8wekyb3d8bbwe-2147024893

Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.UI.Xaml.2.2_8wekyb3d8bbwe-2147024893

Error: (11/18/2020 10:46:44 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-5CNBDP2)
Description: Microsoft.UI.Xaml.2.1_8wekyb3d8bbwe-2147024893


System errors:
=============
Error: (11/19/2020 01:29:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/19/2020 01:29:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba AntiVirWebService závisí na službě AntiVirService, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/19/2020 01:29:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AntivirProtectedService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/19/2020 01:29:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba AntiVirMailService závisí na službě AntiVirService, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/19/2020 01:29:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AntiVirService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/19/2020 01:29:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AntiVirSchedulerService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/18/2020 10:50:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WinRing0_1_2_0 neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (11/18/2020 10:50:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba AntiVirWebService závisí na službě AntiVirService, která neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.


Windows Defender:
===================================
Date: 2020-03-10 19:58:13.183
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {078A4708-937B-4A38-944F-8995F3777010}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-09 11:37:13.201
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {9F8AD6FA-51DA-443F-AEA6-1F99184B015A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-08 22:13:33.442
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B0C2DA71-3C9F-4818-9E58-16F19F2F1A86}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-06 09:55:54.648
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2C6C338E-C950-4942-88E6-19D1D93985AE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-04 21:52:17.253
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {630B2D30-1C43-4513-8AA1-D3F615F19A38}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-02-21 11:03:45.553
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072f8f
Popis chyby: Došlo k chybě zabezpečení.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

Date: 2020-02-21 10:56:52.865
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.

CodeIntegrity:
===================================

Date: 2020-05-26 20:54:44.290
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-05-13 00:24:44.488
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:21:37.810
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:20:30.940
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:12:05.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:11:45.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:05:48.478
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

Date: 2020-05-13 00:01:39.489
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F9 06/05/2019
Motherboard: Gigabyte Technology Co., Ltd. Z390 AORUS MASTER-CF
Processor: Intel(R) Core(TM) i9-9900KS CPU @ 4.00GHz
Percentage of memory in use: 14%
Total physical RAM: 32699.06 MB
Available physical RAM: 27807.82 MB
Total Virtual: 42939.06 MB
Available Virtual: 36050.11 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:476.31 GB) (Free:305.03 GB) NTFS
Drive d: (SSD_media) (Fixed) (Total:1907.71 GB) (Free:1136.39 GB) NTFS
Drive e: (HDD_media) (Fixed) (Total:7452.02 GB) (Free:902.21 GB) NTFS
Drive f: () (Removable) (Total:29.71 GB) (Free:19.75 GB) FAT32

\\?\Volume{bc482910-1514-4415-a922-9631669f2a92}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{c847343e-84fa-4e77-aad1-a43962b7b6fc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 2 (Protective MBR) (Size: 1907.7 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 3 (Protective MBR) (Size: 29.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118265
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#13 Příspěvek od Rudy »

Zkusíme ještě vyčistit webové prohlížeče. Spousťte tuto utilitu:
Junkware removal tool: https://www.stahuj.cz/utility_a_ostatni ... oval-tool/
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
lveecze
Návštěvník
Návštěvník
Příspěvky: 17
Registrován: 04 kvě 2020 08:49

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#14 Příspěvek od lveecze »

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by user (Administrator) on 19.11.2020 at 17:38:47,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1

Successfully deleted: C:\Windows\system32\Tasks\AviraSystemSpeedupUpdate (Task)



Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.11.2020 at 17:39:43,48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118265
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Výkon CPU a GPU samovolně stoupá k 90% - mining v pozadí?

#15 Příspěvek od Rudy »

Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“