Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-11-2020
Ran by user (administrator) on DESKTOP-5CNBDP2 (Gigabyte Technology Co., Ltd. Z390 AORUS MASTER) (12-11-2020 12:31:51)
Running from C:\Users\user\Desktop
Loaded Profiles: user
Platform: Windows 10 Home Version 1909 18363.900 (X64) Language: Čeština (Česko)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <4>
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Autodesk, Inc. -> Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
(Autodesk, Inc. -> Autodesk) C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\10.1.0.3194\AdskLicensingService\AdskLicensingService.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(AVB Disc Soft, SIA -> Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Flexera Software LLC -> Flexera) C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Node.js Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe <2>
(NZXT, Inc. -> ) C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe
(Opera Software AS -> Opera Software) C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2042424 2020-03-16] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [664872 2020-03-04] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Autodesk Genuine Service ] => C:\Users\user\AppData\Local\Programs\Autodesk\Genuine Service\GenuineService.exe [1077864 2020-01-02] (Autodesk, Inc. -> Autodesk)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331040 2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\Policies\system: []
HKU\S-1-5-19\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-20\...\Policies\system: []
HKU\S-1-5-20\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [648328 2020-06-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [371304 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [Voobly] => C:\Program Files (x86)\Voobly\voobly.exe [172032 2019-05-14] (Voobly) [File not signed]
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [] => [X]
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Run: [Opera Browser Assistant] => C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3152920 2020-11-10] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Policies\system: []
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\MountPoints2: {d9a7f775-262f-11ea-bd8c-0cdd24f3be65} - "F:\setup.exe"
HKU\S-1-5-18\...\Policies\system: []
HKU\S-1-5-18\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Print\Monitors\36C-0iSeriesPCL Language Monitor: C:\Windows\system32\KOAXJJAL.dll [25504 2020-11-05] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.193\Installer\chrmstp.exe [2020-11-11] (Google LLC -> Google LLC)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04765230-2A97-4733-A5B7-DC17260F5544} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {2C0E2277-FCAE-4F06-A567-E00620C3DEC9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => C:\Windows\system32\winrmsrv.exe [731136 2020-06-30] (Microsoft Corporation) [File not signed] <==== ATTENTION
Task: {3073B57D-F41B-4E2C-A02D-1F118EB03465} - System32\Tasks\nv4drv => C:\Windows\system32\config\systemprofile\AppData\Roaming\A73311EEB231477482B47E6F761F7679\DF90168526A04CAC9BCBCB682DF4ADCF.vbe [764400 2020-11-12] () [File not signed] <==== ATTENTION
Task: {3928F07D-CAE6-4281-B2A0-A5D717CB6E7A} - \NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} -> No File <==== ATTENTION
Task: {549C5E75-6202-4652-A2E7-9EABE7554434} - System32\Tasks\Opera scheduled Autoupdate 1588926009 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software)
Task: {5ECF0468-2533-4BB1-82D1-2D5283FDA6EB} - System32\Tasks\WindowsTaskCoreUpdate => C:\Windows\system32\config\systemprofile\AppData\Roaming\2E4DC7D9D1D849E7BDFCC48FB795A7BF\BD795E653A1D47A5AEB112E48F6FB456.vbe [23406 2020-11-12] () [File not signed] <==== ATTENTION
Task: {68F3A5A8-A9F9-442A-B69D-D038486FE234} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
Task: {6FD38BCD-176B-4AE1-96A2-BA66D986FC61} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [28678840 2020-06-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {7661FE7D-23BC-4BF8-AA76-5EEF30DA5B1F} - System32\Tasks\Opera scheduled assistant Autoupdate 1590174025 => C:\Users\user\AppData\Local\Programs\Opera\launcher.exe [1529368 2020-11-10] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\user\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {7C7DFC01-90E9-4E54-8BC2-8B00C9F94968} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1741416 2020-09-17] (Avast Software s.r.o. -> Avast Software)
Task: {87F85E3C-C4BB-46A1-A85D-10B668BCD297} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2019-12-22] (Google LLC -> Google LLC)
Task: {88E8938B-33AF-441C-AF15-05F5E74003DE} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {90362DF6-A101-4F76-A72F-C061E2A356C0} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
Task: {9282E40E-3EBE-4632-AF2A-BBD5DC35BA68} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {96AFE1F4-E03C-44B3-A578-360662C3BC81} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => C:\Windows\system32\winlogui.exe [750592 2020-06-30] (Microsoft Corporation) [File not signed]
Task: {979E2088-5124-48CE-9FE5-BEFD4F6E0EAD} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A3F814F3-6C62-4BFD-8EE5-6324CF350C6D} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe
Task: {A7853793-6991-4BB0-A423-4AEE6729A5D2} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [608384 2019-10-14] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {EB3CB31D-D02A-4A69-9B7B-0D41910186F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18458752 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{0bf7a325-c941-4528-8368-700194cb8264}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{8a9bf6ab-39a1-4974-abbd-bf2eb4e85a86}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Edge:
======
Edge DefaultProfile: Default
Edge Profile: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-13]
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-10-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-03-16] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-11-12]
CHR Extension: (Prezentace) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-12-22]
CHR Extension: (Dokumenty) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-12-22]
CHR Extension: (Disk Google) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-12-22]
CHR Extension: (Avira Password Manager) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2020-11-11]
CHR Extension: (Avira Safe Shopping) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-10-28]
CHR Extension: (Tabulky) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-12-22]
CHR Extension: (Dokumenty Google offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-23]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-10-29]
CHR Extension: (MetaMask) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2020-11-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-22]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-23]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-16]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
Opera:
=======
OPR Extension: (Rich Hints Agent) - C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-10-25]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1046904 2020-03-04] (Autodesk, Inc. -> Autodesk Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [820280 2020-03-16] (Adobe Inc. -> Adobe Inc.)
R2 AdskLicensingService; C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe [16930616 2019-12-18] (Autodesk, Inc. -> Autodesk)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-06-04] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 CAMService; C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\native\target\release\service.exe [545800 2020-08-14] (NZXT, Inc. -> )
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [4452456 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [File not signed]
S3 Rockstar Service; D:\Games\Nová složka\Launcher\RockstarService.exe [1453184 2020-08-05] (Rockstar Games, Inc. -> Rockstar Games)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2001.10-0\NisSrv.exe [3285864 2020-03-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 AntiVirMailService; "C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe" [X]
S2 AntivirProtectedService; "C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe" [X]
S2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\Antivirus\sched.exe" [X]
S2 AntiVirService; "C:\Program Files (x86)\Avira\Antivirus\avguard.exe" [X]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe" [X]
S2 Avira.ServiceHost; "C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe" [X]
S2 AviraPhantomVPN; "C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe" [X]
S2 AviraSecurity; "C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe" [X]
S2 AviraUpdaterService; "C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [58216 2018-03-23] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [208024 2020-06-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [140280 2020-06-01] (ADAPP SASU -> Dokan Project)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [42256 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [59360 2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
R1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 gdrv; C:\Windows\gdrv.sys [25640 2020-01-12] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 gdrv2; C:\Windows\gdrv2.sys [32600 2020-01-12] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 GVCIDrv; C:\Program Files (x86)\GIGABYTE\RGBFusion\GVCIDrv64.sys [16712 2019-01-15] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
R3 phantomtap; C:\Windows\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 SaiHFF32; C:\Windows\system32\DRIVERS\SaiHFF32.sys [177536 2007-09-13] (Saitek -> Saitek)
S3 SaiIFF32; C:\Windows\system32\DRIVERS\SaiIFF32.sys [20864 2007-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Saitek)
S3 Secdrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [14368 1968-04-08] () [File not signed]
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [45960 2020-03-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [376544 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [53984 2020-03-02] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz148; \??\C:\Windows\temp\cpuz148\cpuz148_x64.sys [X]
S3 cpuz149; \??\C:\Windows\temp\cpuz149\cpuz149_x64.sys [X]
S3 cpuz150; \??\C:\Windows\temp\cpuz150\cpuz150_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-12 12:24 - 2020-11-12 12:32 - 000022830 _____ C:\Users\user\Desktop\FRST.txt
2020-11-12 12:23 - 2020-11-12 12:23 - 000000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2020-11-12 12:21 - 2020-11-12 12:21 - 000000000 ____D C:\Users\user\Desktop\devirovani_listopad20
2020-11-12 12:04 - 2020-11-12 12:05 - 074042675 _____ C:\Users\user\Downloads\Nahled6.mp4
2020-11-05 14:08 - 2020-11-05 14:08 - 000000000 ____D C:\usr
2020-11-05 14:08 - 2020-11-05 14:05 - 000160672 _____ (KONICA MINOLTA, INC.) C:\Windows\KOBDrvAPIW64.EXE
2020-11-05 14:08 - 2020-11-05 14:05 - 000112032 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOBDrvAPIIF.DLL
2020-11-05 14:08 - 2020-11-05 14:05 - 000104352 _____ (KONICA MINOLTA, INC.) C:\Windows\SysWOW64\KOBDrvAPIIF.DLL
2020-11-05 14:05 - 2020-11-05 14:05 - 014863535 _____ C:\Users\user\Downloads\GEIT6PCL6Winx64_21130CS.zip
2020-11-05 14:05 - 2020-11-05 14:05 - 000000000 ____D C:\Install
2020-11-05 14:01 - 2020-11-05 14:01 - 072588025 _____ C:\Users\user\Downloads\GEIT6DSETWin_21130CS.zip
2020-11-05 14:01 - 2020-11-05 14:01 - 000000000 ____D C:\Users\user\Downloads\GEIT6DSETWin_21130CS
2020-10-30 16:38 - 2020-10-30 16:38 - 000000000 ____D C:\Users\user\Downloads\ur
2020-10-30 16:34 - 2020-10-30 16:37 - 1661255063 _____ C:\Users\user\Downloads\ur.zip
2020-10-19 10:45 - 2020-10-19 10:45 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses2.2020.wav
2020-10-19 10:45 - 2020-10-19 10:45 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses1.2020 (1).wav
2020-10-19 10:35 - 2020-10-19 10:35 - 036995270 _____ C:\Users\user\Downloads\TedLimpert.PinupHouses1.2020.wav
2020-10-16 13:00 - 2020-11-04 14:12 - 000000000 ____D C:\Users\user\Desktop\sedacka_prodej_crafter
2020-10-16 12:05 - 2020-10-16 12:05 - 008447152 _____ (Malwarebytes) C:\Users\user\Desktop\adwcleaner_8.0.8.exe
2020-10-15 17:30 - 2020-10-15 17:30 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2020-10-15 17:15 - 2020-10-15 17:15 - 000003472 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-15 17:15 - 2020-10-15 17:15 - 000003348 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-14 09:10 - 2020-10-14 09:10 - 000029173 _____ C:\Users\user\Downloads\levseidl-2020-0013.pdf
2020-10-14 09:10 - 2020-10-14 09:10 - 000029173 _____ C:\Users\user\Downloads\levseidl-2020-0013 (1).pdf
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-11-12 12:31 - 2020-05-04 11:34 - 000000000 ____D C:\FRST
2020-11-12 12:30 - 2020-06-10 09:17 - 000003584 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-12 12:30 - 2020-06-10 09:17 - 000003460 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-12 12:23 - 2020-05-04 11:01 - 002298368 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-11-12 12:23 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-11-12 11:27 - 2020-02-27 20:59 - 000000000 ____D C:\ProgramData\boost_interprocess
2020-11-12 10:03 - 2020-05-08 09:20 - 000004202 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1588926009
2020-11-12 10:03 - 2020-05-08 09:20 - 000001386 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Prohlížeč Opera.lnk
2020-11-12 10:02 - 2019-12-12 14:55 - 001606106 _____ C:\Windows\system32\PerfStringBackup.INI
2020-11-12 10:02 - 2019-03-19 12:55 - 000682526 _____ C:\Windows\system32\perfh005.dat
2020-11-12 10:02 - 2019-03-19 12:55 - 000137244 _____ C:\Windows\system32\perfc005.dat
2020-11-12 10:02 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2020-11-12 09:58 - 2020-09-15 07:51 - 000003358 _____ C:\Windows\system32\Tasks\nv4drv
2020-11-12 09:58 - 2020-09-01 20:48 - 000003392 _____ C:\Windows\system32\Tasks\WindowsTaskCoreUpdate
2020-11-12 09:58 - 2019-12-10 14:32 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-11-11 17:02 - 2019-03-19 05:37 - 000524288 _____ C:\Windows\system32\config\BBI
2020-11-11 15:14 - 2020-03-18 01:10 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2020-11-11 13:36 - 2019-12-10 14:32 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-11-11 12:11 - 2019-12-22 20:12 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-11 12:11 - 2019-12-22 20:12 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-11-11 12:10 - 2020-05-22 20:00 - 000004454 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1590174025
2020-11-11 12:10 - 2019-12-22 20:58 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-11-05 14:06 - 2020-02-19 11:11 - 000000445 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2020-11-05 14:05 - 2020-06-11 22:36 - 000025504 _____ (KONICA MINOLTA, INC.) C:\Windows\system32\KOAXJJAL.dll
2020-11-05 11:24 - 2020-04-11 10:16 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-10-30 14:31 - 2020-06-10 09:17 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-30 14:31 - 2020-06-10 09:17 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-30 12:23 - 2019-12-10 15:06 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1742551912-4009820896-394807726-1001
2020-10-30 12:23 - 2019-12-10 15:06 - 000000000 ___RD C:\Users\user\OneDrive
2020-10-30 12:23 - 2019-12-10 15:04 - 000002358 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-22 11:36 - 2020-07-03 13:58 - 000000036 _____ C:\Windows\system32\perfdish001.dat
2020-10-15 17:31 - 2019-12-25 18:25 - 000000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2020-10-15 17:13 - 2019-12-25 18:25 - 000000000 ____D C:\Users\user\AppData\Local\BitTorrentHelper
2020-10-14 08:50 - 2019-12-26 15:43 - 000000000 ____D C:\Users\user\AppData\Roaming\vlc
==================== Files in the root of some directories ========
2020-01-06 18:40 - 2020-01-06 18:40 - 000000028 _____ () C:\Users\user\AppData\Roaming\kulerdata.json
2019-12-22 20:57 - 2019-12-22 20:57 - 000000410 _____ () C:\Users\user\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-11-2020
Ran by user (12-11-2020 12:32:15)
Running from C:\Users\user\Desktop
Windows 10 Home Version 1909 18363.900 (X64) (2019-12-10 14:04:03)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1742551912-4009820896-394807726-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1742551912-4009820896-394807726-503 - Limited - Disabled)
Guest (S-1-5-21-1742551912-4009820896-394807726-501 - Limited - Disabled)
LveeFix (S-1-5-21-1742551912-4009820896-394807726-1002 - Administrator - Enabled) => C:\Users\LveeFix
user (S-1-5-21-1742551912-4009820896-394807726-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-1742551912-4009820896-394807726-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\uTorrent) (Version: 3.5.5.45790 - BitTorrent Inc.)
ACA & MEP 2021 Object Enabler (HKLM\...\{28B89EEF-4104-0000-5102-CF3F3A09B77D}) (Version: 8.3.51.0 - Autodesk) Hidden
ACAD Private (HKLM\...\{28B89EEF-4101-0000-3102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.013.20064 - Adobe Systems Incorporated)
Adobe After Effects 2020 (HKLM-x32\...\AEFT_17_0_2) (Version: 17.0.2 - Adobe Inc.)
Adobe Audition 2020 (HKLM-x32\...\AUDT_13_0_3) (Version: 13.0.3 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.1.0.407 - Adobe Systems Incorporated)
Adobe Illustrator 2020 (HKLM-x32\...\ILST_24_1_2) (Version: 24.1.2 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_9_1) (Version: 9.1 - Adobe Inc.)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_8_2_1) (Version: 8.2.1 - Adobe Inc.)
Adobe Media Encoder 2020 (HKLM-x32\...\AME_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Inc.)
Adobe Premiere Pro 2020 (HKLM-x32\...\PPRO_14_0_1) (Version: 14.0.1 - Adobe Inc.)
Age of Empires II Definitive Edition (HKLM-x32\...\Age of Empires II Definitive Edition_is1) (Version: - )
APP Center (HKLM-x32\...\{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE) Hidden
APP Center (HKLM-x32\...\InstallShield_{D50BEE9A-0EC6-4A58-BF90-35BDC6D6495D}) (Version: 3.19.0704.1 - GIGABYTE)
Audacity 2.3.3 (HKLM-x32\...\Audacity_is1) (Version: 2.3.3 - Audacity Team)
AutoCAD 2021 – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-2102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 (HKLM\...\{28B89EEF-4101-0000-0102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
AutoCAD 2021 Language Pack – Čeština (Czech) (HKLM\...\{28B89EEF-4101-0405-1102-CF3F3A09B77D}) (Version: 24.0.47.0 - Autodesk) Hidden
Autodesk App Manager 2020-2021 (HKLM-x32\...\{DB92FEA7-F78C-469E-B138-E2303220F0C4}) (Version: 3.1.0 - Autodesk)
Autodesk AutoCAD 2021 – Čeština (Czech) (HKLM\...\AutoCAD 2021 – Čeština (Czech)) (Version: 24.0.47.0 - Autodesk)
Autodesk Genuine Service (HKLM-x32\...\{54A00624-3EF9-49A2-92A9-7244EADD0212}) (Version: 3.2.18 - Autodesk)
Autodesk Material Library 2021 (HKLM-x32\...\{6774FD60-7D4B-4D57-BE56-2702A07C9701}) (Version: 19.1.22.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2021 (HKLM-x32\...\{6EFAD582-86C1-4AB2-97C5-2070D0B90E08}) (Version: 19.1.22.0 - Autodesk)
Autodesk Single Sign On Component (HKLM\...\{951BB060-1350-4C93-BD83-D966C51D4005}) (Version: 11.2.0.1802 - Autodesk)
Avira (HKLM-x32\...\{4BC31208-EC3B-453B-8819-6B81AE3EC153}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{caade1ea-26aa-4e8f-a4f0-59cf0c0e91a5}) (Version: 1.2.146.25871 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2006.1902 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.33.5.26382 - Avira Operations GmbH & Co. KG)
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.30.9723 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{BBD09B2A-FCDB-4CDE-8614-8C608EA68E94}) (Version: 2.0.6.34011 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.5.0.10950 - Avira Operations GmbH & Co. KG)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.75.1088 - AB Team, d.o.o.)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.1001 - Disc Soft Ltd)
DiRT Rally 2 0 (HKLM-x32\...\DiRT Rally 2 0_is1) (Version: - )
Dokan Library 1.4.0.1000 (x64) (HKLM\...\{65A3A964-3DC3-0104-0000-200601191219}) (Version: 1.4.0.1000 - Dokany Project) Hidden
Dokan Library 1.4.0.1000 Bundle (HKLM-x32\...\{97cfdb6c-2faa-43ba-afbc-469e01845e99}) (Version: 1.4.0.1000 - Dokany Project)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
F1 2018 (HKLM-x32\...\F1 2018_is1) (Version: - )
FileZilla Client 3.49.1 (HKLM-x32\...\FileZilla Client) (Version: 3.49.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.193 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
Horizon: Zero Down CE (HKLM-x32\...\Horizon: Zero Down CE_is1) (Version: - )
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
LAV Filters 0.74.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.74.1 - Hendrik Leppkes)
Ledger Live 2.10.0 (HKLM\...\c62032b2-0bca-5abc-b458-fd67cfc9e49b) (Version: 2.10.0 - Ledger Live Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
LRTimelapse 4.2 (HKLM-x32\...\{3B86296C-F4C8-4FE7-8561-CC5F444098D4}}_is1) (Version: 4.2 - Gunther Wegner)
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version: - )
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.58 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.93 - )
Microsoft OneDrive (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016 (HKLM-x32\...\{40d3fee2-b257-46c2-bdc0-cb1088d97327}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Mobirise4 (HKLM-x32\...\Mobirise4_is1) (Version: - Mobirise.com)
MSI Afterburner 4.6.2 (HKLM-x32\...\Afterburner) (Version: 4.6.2 - MSI Co., LTD)
NVIDIA Ovladač HD audia 1.3.38.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.34 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 452.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.06 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
NVIDIA USBC Driver 1.45.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.45.831.832 - NVIDIA Corporation)
NZXT CAM 4.10.1 (HKLM\...\ac0666ae-ee66-5310-ac01-9d6348133b2d) (Version: 4.10.1 - NZXT, Inc.)
Opera Stable 72.0.3815.320 (HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\Opera 72.0.3815.320) (Version: 72.0.3815.320 - Opera Software)
Patriot Viper M2 SSD RGB (HKLM\...\{0886A906-0625-4A43-930D-AA92F6665AF4}) (Version: 1.00.00 - Patriot Memory) Hidden
Patriot Viper M2 SSD RGB (HKLM-x32\...\{0edb50a3-501b-40f9-b197-0d143fdef576}) (Version: 1.00.00 - Patriot Memory)
Počítačová aplikace Autodesk (HKLM-x32\...\Autodesk Desktop App) (Version: 8.0.0.46 - Autodesk)
PSPad editor (HKLM-x32\...\PSPad editor_is1) (Version: 5.0.3.377 - Jan Fiala)
RGB Fusion (HKLM-x32\...\{FFA8F1FA-3C2C-4A94-AC0B-0DF47272C25F}) (Version: 3.19.1030.1 - GIGABYTE)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 0.0.0.0 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.0.6.5 - Rockstar Games)
SketchUp 2019 (HKLM\...\{E16DD37C-6FBC-F51F-702E-DD6E92D6ED68}) (Version: 19.1.174.20409 - Trimble, Inc.)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
Speciální aplikace Autodesk 2020-2021 (HKLM-x32\...\{2CBD494D-0A3E-4CB3-AFB3-8CE1734613B0}) (Version: 3.1.0 - Autodesk)
Star Wars Jedi Fallen Order (HKLM-x32\...\Star Wars Jedi Fallen Order_is1) (Version: - )
Uložit do služby Autodesk Web and Mobile (HKLM\...\{A9005AC0-4AD8-4E84-B1F7-EE38BB6BCC2D}) (Version: 3.0.26 - Autodesk)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Voobly Game Data (HKLM-x32\...\Voobly_is1) (Version: Voobly Game Datas - Voobly)
WinRAR 5.71 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.71.0 - win.rar GmbH)
WRC 8 FIA World Rally Championship (HKLM-x32\...\WRC 8 FIA World Rally Championship_is1) (Version: - )
WRC7 (HKLM-x32\...\{BC92798D-2F38-49F9-92F0-68BA1F49D64B}_is1) (Version: - Kylotonn Racing Games)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc [2019-12-22] (Adobe Systems Incorporated)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.10.5.0_x86__kgqvnymyfvs32 [2020-06-18] (king.com)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.39.4.0_x86__kgqvnymyfvs32 [2020-06-28] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-23] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.5012.0_x64__8wekyb3d8bbwe [2020-05-08] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.96.725.0_x64__mcm4njqhnhss8 [2020-04-10] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.958.0_x64__56jybvy8sckqj [2020-06-23] (NVIDIA Corp.)
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c [2020-02-06] (Skype)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0 [2020-06-23] (Spotify AB) [Startup Task]
Xbox 360 SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxCompanion_1.4.3.0_x64__8wekyb3d8bbwe [2020-05-04] (Microsoft Corporation) [MS Ad]
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A53DA100DCA5} -> [Creative Cloud Files] => C:\Users\user\Creative Cloud Files [2019-12-22 21:00]
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2021\acad.exe (Autodesk, Inc. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2021\cs-CZ\acadficn.dll (Autodesk Asia Pte. Ltd. -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1742551912-4009820896-394807726-1001_Classes\CLSID\{ED90173A-3B4C-4E7E-B9CF-79714425D4B5}\InprocServer32 -> C:\Program Files (x86)\PSPad editor\pspshellx64.dll () [File not signed]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2020-01-22] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2020-01-22] (Autodesk, Inc. -> Autodesk)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-12-25] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ba8c9c14f3d320cb\nvshext.dll [2020-08-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2020-01-07] (Adobe Inc. -> )
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-04-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-1742551912-4009820896-394807726-1001: [EditWithPSPad] -> {ED90173A-3B4C-4E7E-B9CF-79714425D4B5} => C:\Program Files (x86)\PSPad editor\pspshellx64.dll [2014-11-02] () [File not signed]
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [vidc.iv50] => C:\Windows\SysWOW64\ir50_32original.dll [746496 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [msacm.iac2] => C:\Windows\SysWOW64\iac25_32.ax [197632 2019-03-19] (Microsoft Windows -> Intel Corporation)
HKLM\...\Drivers32: [VIDC.IV41] => C:\Windows\SysWOW64\IR41_32.AX [9216 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default
==================== Loaded Modules (Whitelisted) =============
2020-08-24 15:50 - 2014-11-02 17:45 - 000029184 _____ () [File not signed] C:\Program Files (x86)\PSPad editor\pspshellx64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1"
==================== Internet Explorer (Whitelisted) ==========
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll [2020-01-10] (Oracle America, Inc. -> Oracle Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2019-03-19 05:49 - 2020-09-26 17:28 - 000001904 _____ C:\Windows\system32\drivers\etc\hosts
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70
www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70
www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70
www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70
www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 *.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70
www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70
www.fitgirlpack.site # Fake FitGirl site
2020-02-19 11:11 - 2020-11-05 14:06 - 000000445 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 DESKTOP-5CNBDP2.mshome.net # 2025 11 2 4 13 6 7 91
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Downloads\nebula-stars-universe-galaxy-space-4k-kx-2560x1440.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "Start WingMan Profiler"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKLM\...\StartupApproved\Run32: => "Autodesk Genuine Service "
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-1742551912-4009820896-394807726-1001\...\StartupApproved\Run: => "Voobly"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{9BD1688D-F015-4BFF-B69B-724F9F8E254B}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{744E7215-70B1-4E3B-B104-4B103618F9C0}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{A9C7CC83-3045-4013-AFDD-6A96C9781B02}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\ApCent.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{83AD6374-B204-4C43-AC64-65B7B766F2FE}] => (Allow) C:\Program Files (x86)\GIGABYTE\AppCenter\gcupd.exe (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
FirewallRules: [{14D241B6-2C3A-4401-9A41-BA3E6798638E}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0F142F97-D1CD-462F-94B1-60FF56B8277C}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B8CA292B-7112-4E0A-A8E5-1817BCD71D66}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{512D5D3D-72C1-4233-8A68-012479E8BA99}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{E6B548A3-85EA-4467-B9BB-9F379CFAB05F}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{2F94D793-BFA7-4291-8732-EF973D864407}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{915649FE-0A80-48CB-B7E5-10FD225F28E6}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => No File
FirewallRules: [{29A39C55-CBED-4300-B456-FF6215D3A6C9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6D8CDB9F-F5C8-4FED-AD0E-F3E62108392E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E6E5B978-7F6D-493A-A9BF-F08951D5E717}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{649B2B89-0708-4A63-A498-6282B156BAD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{39302AD9-C980-463E-9136-CB594F225BC4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A0556009-B2E6-4DF7-BF21-3FFF8C706300}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{28F7B461-6AD5-4565-ABCE-B8D4240398AD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{420D6374-ED4E-492C-8A08-B1D6889F1935}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.135.458.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{EAB62F56-B95D-47A2-8BE7-240DD674A1F8}] => (Allow) LPort=57209
FirewallRules: [{0D78786E-4AD7-4E94-B04A-CE594A70B726}] => (Allow) LPort=57209
FirewallRules: [{05C17314-70C5-49D0-B5CB-26F3F80418BC}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{CCB96B1B-6E6D-420B-9390-A73340F9646A}] => (Allow) C:\Windows\SysWOW64\wscript.exe
FirewallRules: [{E8060679-1F6A-4902-9CF8-939579C9A817}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CE3D9500-519A-4855-BA4E-D6687459B430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA872217-B7BB-402B-BC6C-07DAE7B0313B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{99F38A12-9869-4E07-817D-7C0023AC0876}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A7A38650-67CA-40D3-8BA0-B47D240E21F4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3EEB1BA-D570-4A89-B1F6-846ED96F480D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2E98697-86D0-48B7-89B3-7C29F3EF91FB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C15BCD6-DF59-431D-B5CB-A563A022D700}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6693D73A-BC85-4B18-B3C9-F5437B5EE8D8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90686CE2-468D-4D26-ADAE-56F8D024FFDD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{85B96675-7A22-4A52-928D-B476326CFA64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD00405-6209-4148-9700-2FD6A8DCBF83}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FA57B887-43DA-49C3-8604-67DF4B499C5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12026078-FE39-4991-9FEE-780B3F8EAFEF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1FBB77D5-49C7-4B6F-B2F7-496E3E0CCA18}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1C0E3C5A-58DC-4C92-B129-CA4FD095FC1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E3D0B39-A317-4FA1-A438-8443246ACD9E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5CA7A743-1F98-400E-940A-1171230F7BDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{55F6DD0E-B26D-46B1-A489-34BCB480C8D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F7C34A2-BEE3-49F6-A88A-42B2BF8F172D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35A6B95E-01CB-4097-8273-4BAE99E1C5A9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4177679-C37F-4F32-A759-563ED3C91239}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F649F3B1-889B-4815-95AF-EACEAB649D04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{79C13A3A-B284-41DA-AC27-605B7A30028A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A2D36B-2DB3-4974-80C2-66F0B9E4ACCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{579925F4-098C-4147-9F42-78D488875BBB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E01663A0-F656-4EA5-A0BE-2EF42A77EF3C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0A98C4A5-BC2A-4B72-8E5F-78DFA8DE47BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{08FF7ACE-1F9D-4865-BB9F-20314C6EC19A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8CFFDE96-4BE6-4F6E-974C-EE74755B1DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3C6A3D61-2AD5-42DA-B1E3-B6BE37D86AD0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37424D89-F2BD-480D-A1D0-1EBB34FBC3D5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B40FE188-250A-4CE7-BF95-D564F3B67955}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FC92B4D3-3E5C-47E7-A0BB-DECAA18A16BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FAE2B80-9FB8-40A0-9210-BA4D9808B435}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4885BF58-D6D5-4598-8231-FCDC67758587}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AD11AEA3-298C-4809-9499-A5D64E6106E4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3143BF1B-44E2-4C64-BD00-26AE3C907B9D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{878A6058-75DA-4E0E-8165-E3D242C9E457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C88E5328-F6A8-4BD6-A651-C6A5873583C7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDC9F9F5-2E02-4680-AFC1-AC21D3A85D37}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{720C8B70-76CE-4E58-8655-D30FAC87A9A3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B8635EC3-1EF2-45E5-A5E5-2BD0771D92F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6A05C3F9-D01B-47A0-B8C8-B21081E6C2BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CC681-9E8B-4172-BF39-82BF9076B5EC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D8B90BF1-B6B6-472E-9230-CE9461E08FCB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FE724A51-78D4-4713-8C4F-4F0C418E5740}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FD04E17-1820-49A3-991A-4DB12345676A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{901480C4-8085-4F2E-9E1C-4354A5AE7824}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BADFF8A8-6BE3-4F5C-9010-45D8BC257E10}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{435EB0B2-078C-4242-8C45-365838C295D6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{E6BFEE88-4E50-4831-857D-1713385B0A91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{54C62852-3866-425A-8974-DD137C016709}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D25DEC4F-8B28-4E58-AF45-71A10B62A108}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2F49045A-D98F-4B13-99C5-33BED226F5A0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{110CCA89-2824-4E02-AC36-0B1525CA8EA0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{442DB915-2F22-464D-B411-94588626CC64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9B721A11-27FD-43BD-9407-2B387F36D38E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{41D54D88-C6FE-4007-BB42-976E772293EA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{9308E758-D670-4261-8A0D-16780D06379A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{F84A4198-EB82-466C-A168-CAE66956871F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CF097CA1-A952-49B9-A2B0-ADA6287F5054}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A7EA8353-EA93-43B2-92B1-CAD88CA79551}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{036BA130-3519-4F73-8DBC-B3AACD8DB888}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B38E7EF2-4424-4C4C-901A-AA2324793AC1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C915A67A-082E-41F5-9633-1A9B4B29239C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{E3201ACF-472A-4FB6-A9BB-B81749C1FEB6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F360A133-33B9-4193-9459-113B350C70F4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{061C4CFB-C53C-4BE6-97C2-B5C7F547C820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34431212-2BD5-4680-B03B-0957B8D5B8BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE85DDFA-2A81-4F61-B800-41476B128CD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BCAC6C39-6F93-4616-B77F-2AB8A20BA323}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BE635F4C-458A-4F83-A3C9-E8EE6B9C465D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{A4C8568D-14C2-4371-8AA7-879CD4581990}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{770AEF79-5AFE-475B-9B81-4C4DC68BEAD2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{18167C02-E63F-4B45-8912-8EBCCE3E65EA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4172828C-7B89-47A8-A348-EC2C102F2CC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD9FAD53-21AF-4736-98F2-8C983E43136E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3C724C0A-7E1A-4A9C-A466-1669E54FA3FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{A68D7AF8-9544-4EFF-A750-0A5206B41DDE}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{18986D83-2697-4897-8E09-5660B48F3B6C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8E41F5F8-7DEF-4755-A344-34474E7E9F55}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C28FF491-EF2F-42B6-9ADB-F34DBD534A68}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AA771E77-C1F1-401F-88FA-A300A3037ACF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6C96DBCB-2237-48A7-A5C0-15769D0B07E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{276C5790-37E7-4FDC-9FE1-FC21E45AA976}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{562D4FA2-8A09-4F15-B990-F815F8BBFE27}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{42A9531D-7297-486E-A2BB-3DD4843A952D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{00B4B467-33A5-49C1-8AC8-B007CCE3F877}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9372497E-611B-42B4-B8DF-D87982AA1404}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D3FCD9C5-72D4-4A7E-BF4C-B0445A72277E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DE01608F-6143-4D89-A6D7-950B0DE9D8E2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0F644069-662A-41EC-BA3A-8D1ED56D4389}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9509B8B6-014E-4ED3-88F6-609DCC2DBDC6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C17DEE94-6E9F-440D-9E33-732742B4C75C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{FB433A5C-4FF2-4F46-B9E8-04E5C72095A3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{350AF2A6-EE4C-4D7D-B742-98F15BF644C5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CDE5A90E-8E78-4F3F-9081-91DDCC7266B6}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B4F0D6B0-5D6A-4069-AE9D-B6E904C85167}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{34181C25-5524-4AF6-8A0D-75C51ED31EC1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7231E36-308A-456B-A7F5-28B2857362AB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2AE92CAE-7119-4E0B-A01D-D58D8459AE7D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3B90BCC7-9B9D-458A-B745-3D4685EA5185}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{77896F8E-961A-4FB1-BB82-627A10EB368E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C0B2F339-A60F-41BC-AA5A-EA05EAEF824B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{89BB97F7-B40D-4119-B03B-F48B8830E146}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9E4AF474-E0F3-4262-9EF8-C9B34DE229B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96567DA6-A1BE-4E6F-95A8-C38CF15469B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A824C622-5AD5-4975-8A3B-F58311B63BB2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FDCF5B8C-F7AC-4528-9263-ABA123D223FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{24367EAA-EFA4-4671-977B-DE9F1294E4D5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{36ACFCF5-532E-4ED6-AB0A-EA10F05C8767}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{D2A876B5-0199-4CFD-8D13-CB522E79CC96}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{38E2BEAF-0EFB-432D-8CAC-FC80938DD72A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{40346FEA-D925-41DA-B3E9-C4E71D120B97}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{35E9A5DB-D2F8-4F57-B819-2D73175A04BF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8AC27493-5861-447D-B901-2BD5D8EECB20}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F787A928-C8D5-4E9C-B588-41F19D688312}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2B75502-BF7C-41FE-A450-270E1E139F31}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{362EC624-DD87-45C2-A2DC-F1A7A938C8B0}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{4185F2F7-DBFC-48D5-8C7F-1ADBFA016BCC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{520D5D23-256A-4471-8CB0-11969EFD1135}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8EA5CCB8-8D6A-4E38-9FED-F956D59020CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4C7A07F7-BF48-4BD9-8A1B-7015ADCFBDEB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{773200FB-460F-4069-A99F-664D94B24469}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2CEA6A60-7D10-414F-B101-751C8C83E465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F40CB124-E6DD-4CD6-9DFD-1FA645E09E8D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C502558C-5F33-4BE6-A639-E2733DD68722}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{125AC86D-02F0-45E2-A97E-8409EC7674B9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6C6926D0-E30B-44E0-B8D5-3EB724EADED0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D133B3A0-981B-4678-A113-2EF20FBC0457}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FFEBF088-8CEB-4A9A-AF37-2688A5E9E11A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D611E184-FC32-4304-8C91-7501BD8908BD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7BE8A83F-F7A5-4C61-902F-4010B6023158}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81B22084-16EE-4F02-B10E-C2819DE45A0B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{473A4F9E-DB29-42A7-B01E-6277729B4E75}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{C5CD4C48-C4DA-47A4-BEC9-071FDF75FF6B}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{24B5433A-FED8-4E3C-97BA-D9C180A64768}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{734A6860-3EE6-4906-842D-143E9887CEE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F2EA9B-9E3C-4102-AC7F-FD1C1795CDFE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F37FFEC-0B13-43A2-84C4-4B646D9EF176}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E5CC67FA-19E6-4F83-948A-D009C8A18B88}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D11F81D4-9E01-49A1-A392-5E597280DAF7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{E647F3DE-40E2-456C-9133-21F65BC62296}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{4BDDD8D2-42AB-428E-BCEC-4C01B3D4B0CC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3BA1451B-AA13-4B43-B392-E92E36626125}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8C313259-58C8-49FF-947C-F4D80A751215}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{318448A1-3C83-429A-9F3B-021BA33A43EE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C4739447-D306-4DBB-998A-78CB0577EF90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81A840CB-0318-4D7D-B4D8-E75E88A9ABCD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2EBD2588-FAF9-4E85-B4F0-BD9B79061846}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{A65ED66C-2928-4B2C-B093-3C9568C464BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2858D07F-BEAA-4EA7-9378-52444B5D99CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{31FA352A-F9E1-4B9E-B63D-744CF8BA7BE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6D3B0F8D-1401-4372-957E-09403998E79F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A17A8DE7-B422-47D7-B560-F7BDF081BA74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68D40B93-37EC-4159-B7DF-667B8F36EDF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FBAA1739-6B85-446F-8DFB-0940A90E6162}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F7C47502-1464-4B6E-B6DD-01505AE3DFB5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{051883C4-6D51-46C5-AE12-368BBCCD22FF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{0EB668E2-5341-4CDF-B897-46EBA2795F81}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A25E703-136D-48CB-B511-DFD4FDD16130}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BF601B49-FB4C-4810-B29E-EF866AD2F516}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5ACEE9E4-B8CE-4514-98E5-D6F399E89C3A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{815779EE-2F28-42A8-8B7D-C4209C1ADCD6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6776851-A029-47AF-B505-40F007F9AE77}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{45E760AF-9C8B-4EB1-B132-33E91028FE2B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{D00A14A1-339F-40D3-B688-B7F829A9CAAF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{64461CA7-447B-4AB9-B95D-6A343C3A0F15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{139D42A8-7461-44CB-832B-7CEFC70C93AC}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E91E0CB4-A551-41D6-B1A2-6E40EC94F2CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{46B0E176-66EF-4332-810A-C420CAF64BD3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C1B119D8-3286-49EF-8260-48390C4D4558}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0FEF8F77-00CD-4F10-AE53-7D1636B4E29F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{088CB9F3-2F69-4D3D-9F1B-72F7D04D999E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2E72C4EF-7AC7-4FF4-86B4-5F03711B1D42}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{64DF7967-D7BF-4DAD-A89D-A02C41CEE46D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{266F8A68-0C89-4447-B121-55FCE74067D2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C307E89B-35A6-41CB-B894-98404B583505}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5F4A39CB-88C6-451C-A7AA-3021BA476C42}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{02631513-EC74-4C46-B68B-65254F26E0A8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C32467B1-43CF-4645-AD76-354DD515C828}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1CBC1C0D-4A21-4617-B899-AA094120C31E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2777F7CC-5C73-416A-A2B6-A8751429002B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{F41711A9-7A50-4C4F-8C5A-8665E251ABF8}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E068E0A0-AC00-4F7D-B6D1-4D09723556AD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{84797E1C-2CD6-4371-A50C-5391913A886A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D807AF26-5F66-4223-8622-1F0EDD6E6940}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C553AE03-037E-442C-8A62-C1E04F29F5DB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF2D469D-BFFC-42A5-97CF-08170726E728}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{82B465AD-B19F-4CA7-ACE0-681A933A0D4D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{DC0DB863-AA4B-4697-8DF6-0B90DEA6A634}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{D8330800-6989-44C9-A109-93E242AE0BA1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA2D5F9F-972F-427B-AB97-0ECBF6358981}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{3C07E4B3-0B94-4021-AC18-EE09F7C85F94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44AB58B6-67DA-471E-B9F8-E5653D307918}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93B5E2D6-4F92-42A8-B118-1B4CBCA8EDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{70A1D573-CC3C-455D-9FF2-68D36C266467}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6647E09E-57DA-40FC-964A-D9B672337E55}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{3CE65442-1CA0-4A3D-93A7-8FEDC5A9BBF4}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{57F3E5F4-7917-4FD0-8B1D-CB1B14B9148D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{0A9346CD-495F-4A62-A804-DA2000FA069E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{59669864-A486-47C1-95FD-8986F0977865}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{084BCA98-28AA-4204-AC7C-EB80A3CDDA6F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{89F99DBC-FB51-48B3-B1F0-FE5391871425}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{073E9DFC-59C2-49BE-80A7-B6F791CA386B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F09F6180-0DA4-43EF-A6BB-91BC5C4CBF53}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{8F938DBB-A146-4DB2-8E7C-0B6B83DDBF21}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{7421FEDC-89F3-4A75-B2F9-76361368ED11}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4A7187A-3C77-4469-B5EB-3A7C75AD236D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2D975246-C996-40AC-B556-887A8E88B340}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7E7F0FF6-588A-4F98-8D73-51357AA357F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1C742B8-E559-4966-8CE4-D44B8D3394F1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{50988007-3A7E-4373-AE9A-90616BCB3BD1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FD23BE44-1F09-4D26-A661-6AFAAC7D87AA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{2149BDC1-0699-453D-B346-FAFC40FA4F0D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{EECAB14D-6712-46C7-92E0-DAC97BB5FEA5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E1DADEE7-C194-44D6-9939-2FA13DE4B10A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DD9FE108-BA7E-4A7C-9312-A2D1D46E758A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{975B82E6-5B0A-4FCC-BDC6-1002B163E24F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7F174BFD-2F67-47C1-8744-6D7C4E209040}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3AAC42BD-199D-43AC-9456-8E5C4DB2AB45}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{599AB384-E054-4CF8-94E9-D8E857A1C266}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{AE928459-4E3E-4D50-80AD-D5B474DA5754}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{5C3BB71B-7FD9-4BE4-BFED-97D86813C897}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EAF765AD-A50E-4D3B-83B9-A3AC1C624ED3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{90C95B4F-0E52-498D-B266-EA3041C00640}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2BC5CA36-8189-4470-8ED0-46E8B7470597}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BF56B21A-4053-4D37-8DE5-F165CB9F44D4}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56DE8B56-F72D-40A8-81E4-87E4B5CDE820}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CDD23847-3424-4CA7-9A03-E2854181AA72}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{CBC29BFE-7FAB-4866-A3B0-AC604B858D8E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{84304E27-EB46-4016-BCCC-F52924A38936}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BB00EF0F-8A54-4F39-B539-663403CE5065}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{389E90FE-C80C-40E2-B0A8-B98C644A8D94}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7181C2A7-796F-426C-9C29-108E0B06E39D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C69BA621-4D21-47FD-B07E-A11322054696}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8B7B05F8-CEA2-4128-9CCE-0EF70FF2AFBC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{87B6C84B-6F6B-4A18-9448-D904EF55D29E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{282ECF72-D30E-433E-AAB0-E09C534007B1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{76A33309-7B20-453A-9AF1-151FF04C4462}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{009BC8BB-A465-463B-B6FE-A92565DEF0CE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8B9D408C-EB3A-4DDE-8A19-B027FDD06057}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A70D8838-63A1-410B-A306-BBE08369C93E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A9EA6DB-CD92-430D-A939-1FC9472390FC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{0359D6F7-C06E-47BD-94CA-08D08EF749F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3300AA24-48EB-4D78-9470-85AB133D648F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{56CB5966-E2B4-4367-9376-6EB1E5F45968}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{8C05BA53-1037-472C-A95A-E832F8F6FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{07CEAFEC-3548-4A48-B2E5-3665DE033DCA}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{AB962CEC-780D-4982-9D26-CBC9BFE78D08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E204097D-B536-4F17-93D4-2C76E758A103}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{25D783BE-F365-4974-B4FF-5C43DBA864ED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1803AA-2395-45A1-8685-AEB8EB4DF959}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8A860FDD-038F-4719-B177-B54132C0D4AF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{1950D412-D51C-4A4C-B425-4F8353ED8339}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{95259B6A-8C20-4093-BF5F-F077AF9B5F42}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{7779A226-79BC-4383-B87C-7C98B26BF7AF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{CA8C45BE-8F96-41AD-AC5A-D4FF121E272A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3EF5AB21-1BBE-4F0D-AF39-C582A58509B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2D37C8CB-2EC8-4B94-88FD-29990CAD03C3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1109DC2B-4195-46D4-99FD-ADAD0FF180FD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6A562B13-27F1-4403-80F0-958C94E8B43C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{34CDA7F7-D965-41CB-B933-B2194BD2738D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\schost.exe () [File not signed]
FirewallRules: [{3F469FA6-9F22-4D35-8CBB-C1613E522E75}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4BE6A8AF-7FA9-4FA7-B5CB-0C3A514B3CD1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BEB89631-E0B6-4B4B-BCD4-815F197168A2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{93880792-9F98-4834-BD4E-89EB01F0F977}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{69586EF3-278B-4F65-BFE8-B09EFD9D594C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0057568-4C53-4655-8AD2-EEFEC0BF85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C3AB9A61-A251-4F70-A389-9AB08DF17E4E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{361D4629-A693-42CE-9196-3FED53DF7874}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{B76BC34E-8E15-470C-B794-D8961EE8FE80}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9997AFE9-3611-4E27-B62A-E2C5F6C29A5D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E4AD3FE7-63E1-4EF4-BDAD-0A3CF5203C25}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FF88611D-8298-4D47-A246-3307C167FBCC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{75A3F86C-9721-4699-9196-3576216E177C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F9E1AC54-F3A2-4EF4-A369-108966CB944E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{52A3035D-0521-4FE4-B75B-744C2DE1CEE9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9C0E2022-71BE-4121-B5D8-E0FCE3989922}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB725E1A-5252-434B-B8B7-191597265C53}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{71F774CA-E850-45C0-83DE-0C9A4A63C886}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF29EC3D-766B-4745-AB6A-4B08837CF5FF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A2BD5333-1B71-4217-A62B-335964FE7628}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39B24053-8577-4EAD-94B0-22D3DC4ABAAA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C73413DD-E1B2-47C5-BCFC-DCC531B61222}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{723AAEFA-60D2-4BB2-8BFF-71DA488D9D33}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4074D0BB-B5CA-417B-9B3D-98A9AF5AAF5C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{803E7B71-B456-4A87-957D-49B190DC8A51}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C5053B5C-347F-45E6-B58C-AAE9CF5F344D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F25A49C4-200C-4C25-9051-DBE2C359DC27}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{39C15A3A-5A60-4C33-BD3A-22D77A422128}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6148DCC4-600C-47A0-94F8-5943F9AEAF66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E959DB2-48A4-49A3-9B30-C1BFAEC962AA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{141A7DFC-0C1F-4BD4-B4F6-F7988685685A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19DCA1F7-6D29-4D75-80E5-F44024D08BA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{19FC3ADA-4B75-4D07-AB13-F08362925836}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5C4791C4-E518-4230-A01F-C2414C63AE08}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81023AFA-E62E-43D5-97E9-B57E7A092462}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4E92F19E-9A0A-4A83-AF2C-3E2487B7A29A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37972A94-112D-44B2-9EEC-FD1A562F1D4E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{0A1E345E-3E71-4EE9-8331-EA2FCD89456E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{257C14F4-5B52-40A4-9C4E-1DF40490CAA2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{88B083F6-1D98-453B-960F-266A2F92465C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DF60D76F-0AA8-41F9-BD85-7B51023AC935}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E1FD8CE4-0C7F-4156-9F89-9B43A462C5BA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D53D265F-0CDB-4A8A-8254-224439981465}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6ED31868-E0D3-4316-A41F-F8FCF799A3CB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D7F33A0B-0226-4F95-8552-22951EA2C491}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C95CBF46-E75D-4BD8-9CD5-449C4BDFA357}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E3298CFD-0C0A-406D-BF18-31C193E4FD5F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FBBA51CA-DDB5-4CD8-8F22-7B7D3738EFE3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16EC3942-EBBA-4799-B01C-207AAD6CD1DC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D0FAD837-335E-4FF7-9BDE-9EC7ECB5DCC9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9AAD431D-CE35-4B42-85D1-A7E1077E5BA3}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7FBDB4A3-165D-4C59-9370-A2D7D74394D1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56C77ADC-201E-405A-BF3F-C9D1E8082946}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D253F002-9D3D-4750-A1C9-E0A2F0B22174}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4C698845-B2D4-447C-919B-6282047E7522}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C23FC826-1D12-4CE0-AB5A-5185CB63866A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D1A5571A-784B-465B-A136-7185F09A3DD5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1B5ECF0F-2BBE-48AB-BDEB-1BD9504DF6CF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{5233C978-0242-4969-963B-E3E7DC25F872}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27C49FC2-C98F-47D6-BF63-E9E69931BDC5}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF312D9C-2CEC-4773-B1E3-64CD666312DA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5E55EBD1-1164-4C94-98C7-F62B18CAA578}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC9FE827-EB93-415D-A337-D2ECA6DF61C4}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2422A04B-3960-4BB8-B974-4569331DC550}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5955A54B-EEE8-4AC0-931A-3B0C22977189}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B98EBAC-4AAE-4069-BBD1-35AB28ADE153}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{32E9A472-96F3-4FCA-A86D-F47F37068BBD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{746F4716-A8BD-48C4-A78C-B6352B1E9D56}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3DF93235-0D89-423D-BF16-F1140FB00C99}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{77F06FBA-C837-4F8B-B651-B97590F3A69D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{609945A4-8335-4C84-8415-65C6C5D3B70F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FB4954D7-528C-440A-85E5-AA5ED5223C15}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D40FE577-B2F7-416C-A3F6-33BF0F179E8C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{96456D34-1067-426D-891C-66817592CAE9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{64CBC813-AB0D-48FE-9574-F29DE39F7CF9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{ADEACD11-F389-42C6-A9A7-60F7610A33F9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9F872F10-4FE7-45DC-AE21-26162E036F0A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AAD3F11D-83C0-48A8-ABB4-DC470985BB6A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5C8BF79B-1B66-4E14-8BF9-672DCE0C932E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E812D21A-8D97-4E06-B3E9-66A3FB1A0159}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{EC44547E-B9D5-4EF9-B231-D04E6F7CCDC2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{651B963A-38F4-44F7-86DF-D6C2CDFED7CA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D1E15E1E-7628-4536-BEC3-40D27C85048C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F4645668-F876-4CDE-833C-D10134A8FF9F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4A7ADEEA-458F-4F04-9023-81FDE320E758}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A462D1E1-1C3B-4B24-87FF-73889FDA2C91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{EE30CF95-536C-4962-B750-B0A4BBFAADB9}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{91849CAE-18E4-493A-92D6-4536E0F45726}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4874916E-34BE-4FA0-A136-A9E6700E342A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{16D32B91-D9FB-4362-955C-9D024F4BF32F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{B2718225-2525-4356-A1DE-E7665A7B1C8B}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A694A77B-1F24-400F-BF56-C3B399BE93E7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E3666A9E-3DDB-4966-B014-D37BDD0262C7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6CD6DA3A-E6DF-4556-8D4A-FE84B675126D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B910521-AD7C-4B12-8904-3F009400C81F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5CBA1262-C4D3-4DC5-BCCB-6B4F2D9BF731}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F09AAEA6-564A-4F01-BC56-9256476D6144}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3F506A86-1BCD-427C-988B-5069F8A00110}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DB1F97C1-2833-46B5-A0FF-FD4BDC34AF48}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6AE9B749-DE0E-4EC8-B425-9591A70458B1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4096B082-1F76-40FB-8D6A-31D411B43E66}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E27FF460-D153-485D-8BF2-02BB20289EF9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C8CDD6E7-261C-470B-867C-2E0A305C081C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{56EDFFAD-7643-4300-AD15-8D0DF89B509D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{BDE4B3F0-AFCE-42B3-80E3-8A5D1E3DC545}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3523ACA9-6A88-4243-80FE-0BAEF7EC3AED}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F6F9B417-4F87-4A0D-990A-A417237974AD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{60C7F46C-86B7-435F-A7B4-3CC75CF312F7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7B3AE992-4209-40FC-9A97-59965AED1420}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4D7FD718-4C5C-4DE5-9A9A-3337FD7A87B6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{FD682FC4-77F5-4D7F-B096-36B86B48B661}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{073E09BB-E824-42CA-8C86-31FBA6BF6870}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{D4B1AADB-78A9-4CA3-8724-0C10207A7FA2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{03000EEB-9C0B-4616-B1C9-C4B95E27ACA9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{14B8C861-3323-4CCD-B033-807F07ABC68A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{52E04AB4-13EC-4829-8507-28EBCF36E97C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9D8F66D5-0F93-45D7-82DB-AC62140FC173}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{1B7896EB-8B29-460B-9E03-D2FFDD7D85BF}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{A5245F2F-00D3-49A1-9FE0-0706FA69A520}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82B6597E-25ED-4816-BF52-E01F28D24C0D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{99D7983F-8E02-4D0C-9DCB-B53673EBDA87}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BE2A5392-25B7-48BB-92CC-3BF605CDFEAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DF6438AC-9B0E-43A2-BB05-A65580E5EFAD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8DDB52EA-3303-43A1-9EDC-817297CB3593}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{675FE2CF-1F47-4BE9-B392-8F0B31FAD5E6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{3CBF9CCA-5F80-4E75-A9A0-295526FB0024}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{24788B50-A810-4FF7-99AB-A2844A149455}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{2FC56437-09A6-43F4-84D2-0D67860B0EBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1D391574-36D1-48FA-A8A2-6FA5FA3D5D0D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{68AB5D62-BB5D-4A7A-A2E4-2185B6F70715}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C92BEAD4-3475-42AD-B89C-8C8F8BCF48F0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BEF849B6-9E6E-4FE0-A255-5DDD4DC31BCA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DECC2FC6-4BDF-4A10-A0DD-2B01BA9D1F9E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{ABF23583-84C4-4195-9717-C3A754A4080C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{DC5BBDA3-A588-49E0-9A49-E19FB030F7D0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82DC9BA7-67A8-4CF3-8E66-AD4F645B9BD7}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A4713757-C8F4-4BB7-AA27-BE340650CBBF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{239D823A-F643-4ECC-B394-B09068D9A8C6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C3CD3FD0-64C7-4511-8FBD-76FF0FD66D32}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F2ADED2F-45B6-422D-862F-F68D7BD97980}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BA717979-DC63-46A6-A1AD-1B9B64BBE8F0}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4DCE49F3-0073-45B7-8461-D76677618657}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C2413AE8-D003-4572-9067-D6EE13877D27}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6B321238-2F61-47A4-AEBE-FB48275835A1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A5438A7C-51A7-499F-844B-96A81D5FA6AF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{81667A2E-E3F0-4243-9648-CEA95B853A3D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D8FE785-F51B-46E4-96E6-26D6ED316E1A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{E7ACB403-97E2-4D0F-91DE-AC15D02AD251}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6E25349A-4B56-4293-9C0A-D04702DDE989}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{03F9E784-9C27-4BF3-AEFB-C7BB36E7EDC5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{F0E28111-9CB1-4AF6-9DD0-AD89E5523515}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C4CBFF02-0D55-477E-BB97-F5E2ECD5F8C1}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6007E736-3FB7-4AC5-8DDA-55C5B56FD03E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{56CFF1CA-7157-453A-B843-04B36534BEB1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{54AE2208-02EC-4DE3-8D86-B363AADACDB0}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1D294E64-C01B-476D-B7DF-ACA34AC060BE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{4D845892-A583-419D-878A-3E195991DFC1}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{566D0F56-ABFE-4A36-B0D1-35A401B8103A}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{59E4BD35-84B3-4B09-864D-BCEDACE5E6E5}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{577EB62D-EB01-4216-BB8D-D8838AA865BE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{1121756E-15C6-4BF2-805E-8E4CE9B64569}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{FEDDF0C7-87D3-45E2-87F6-EBD00B7BF63F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE754F0C-A0CE-4DEB-BF69-BFBF3111E802}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{86C4C530-B837-4F9D-92A6-32759F502E04}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6896D75A-0444-4EE8-8C1B-DCCAE7E7F098}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2A3580EB-2695-46FE-9732-9905265834FB}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B85806F1-B486-4F61-8895-E9C8187CF088}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{DDFBACCA-6900-4407-BDCE-FC31C27F1556}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{16F4D5FD-01EC-4421-A669-63D2F5C77498}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{87D8DB73-BAA7-46EC-8A4A-3BEF9ECC1777}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1BD9A2D6-358E-407E-ACAF-2F5BF9936FDB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8E629903-E2B9-479E-BD3D-D732F2438C64}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{8D62C98A-150B-4F74-945B-B1A637B99B91}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B0B238E8-A51F-4C56-8274-84E171289191}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{5516882F-5FEB-4791-B8D7-10F9D546627D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{8CCAC162-DE65-4BC6-A17F-30BE34E0D74E}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5E36DD0C-D880-4ACC-9226-BC9C8BA375B2}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E5DCD26-9E3E-49A1-879F-977BFB030778}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{92F0525C-5AA4-4DF2-B96C-A45AC509304C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{DDD5698E-5A63-4775-A08D-81C9CE62190A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{024DFB98-03C7-40AD-9BA2-E9E9194E9E3C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{616E2CE4-941F-470F-9722-646ECEA80935}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{388380E2-E380-499E-BC16-C1BCE07CDF43}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{612D849E-C56B-4298-97B5-F2EDBD5FAD79}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F0B6C457-1AEF-4956-AA40-401FAFDFE3BC}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E864A38-979D-4EB2-B1E7-B850BB1EEB40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{409757AE-F7F3-4815-BC60-94F0157E6F0E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{155FE014-683D-4EA7-A93C-7B094D861EE1}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D1B89A-194E-4489-B133-EB057E711E22}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{8ABD21F9-2415-47BE-A4D4-9C6E9CB540D4}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{11F49C31-A45D-45AA-BD31-95FB186E8C52}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9A3F164D-6002-4D17-99A0-30441DE3A6E3}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{10080AEF-019B-43A6-BDA0-2BF3BCE369F8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9870AC12-796A-487F-9FDD-7DB0BD11BB33}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2634E034-DF42-4647-8CA0-255D70B55C4A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{2ABA316F-95F9-44DA-861C-B8BED415E6B7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D404EDC1-B880-403F-8FC9-E0CFF1723A46}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{9A2E80A0-1541-45CC-9761-61366B3F7187}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1630523-66F0-45E7-A943-DC3724760AFF}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{20C329B5-FE3C-4BB0-942D-E74E25CB2A1C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A63E5332-2470-41A9-8268-5F06C4F036CD}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A6385D6F-2C95-48AD-8D4C-6A7A4BD90B7E}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9CEBB5B8-90FE-4159-AE07-5DE5A06949E9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AC497F0A-867E-4D60-A664-A50E14FED4D6}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E452FF31-71CF-477B-A819-F275602F48F2}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{06D8F132-B4EE-4C72-ADB0-3BD4788444DB}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{9B9E1F82-36CD-446A-A052-EE8603D628DF}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BD466303-A69F-400B-AAE8-1B1DD1708BE8}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{80B3DC9B-8875-4633-9AE3-D3E723D0CB1C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9745B821-914C-4B9C-BDC2-E74570A4A5FA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{126538A9-EF8B-4B5F-A105-BCC838A2D77F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{44F5EA72-2B61-4131-8244-F5C312E0DE7C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{407D8712-F7CA-4217-85A5-6A976FECC06D}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E6DF2C0D-3E76-4C32-992B-16E1F5203C34}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{300286F5-174B-4948-BFB4-EF0C34C81F4F}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{10675BEB-3A8E-4025-9E3B-271B33F21DAB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BBE95EED-08B7-4DDD-B7C5-0D768253F9D7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EE72182E-4826-47FE-9508-C42B4440A868}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C2D62490-8010-414C-8C18-1F03C30115B2}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{396E43E5-DE02-451F-B256-DD574635CA38}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AB347484-2AA2-48E1-8B82-7C848FDA4915}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{82AD3F7B-B164-43CE-A629-275A13ABE9C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{388AED80-2F56-4098-8F6A-669A49930C74}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{3E490060-76CB-4931-93AB-FBA7C00782B9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{7A86E42A-BE42-423D-A3E5-D3252DC55524}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{6F3A854B-73A1-4B59-88D1-BB044587FA40}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{44020F35-B74E-43BC-9029-3A5BD73B61B7}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{39A19D55-3C21-4B75-9D22-786640A00F1B}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{009C2814-9608-435E-B73D-60C18BF54BBE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{4D16A462-5E7F-4644-A9DE-F6CBFB1E0428}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C64395DC-4F70-4487-B6A8-825F9CE35F06}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{AE2FDC7A-B454-4F29-AAEB-A8BECC10477A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{90D9CB1B-EB5F-4CDC-A5F8-B9B22752A584}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{37F31451-4220-4086-89DC-B58FAF55E859}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{A46049F8-9C79-42D0-84D1-A7410FBF0E12}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C7DA7110-1E98-42CF-93D9-895280050B28}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D4F69536-5C00-4B57-AF6C-B3A67E87ADFD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6AA9E4A2-D09F-4288-AC0B-B034F32086FD}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{FA765916-6593-4AA7-9449-B59EC422759D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{729F3F4B-F3C9-4CE4-A3D0-5C18A4A0BE5C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{9C3E0F65-24E4-4D8F-9B0D-DC45C363E4FE}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{614260BA-E91A-4586-B0FB-A43CDB9DDF81}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{946BE8CD-F780-4C12-B7E1-50EFFB323DE9}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6DD6537F-AB9D-4382-A9FE-1BBC6DCD705D}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{B4B21132-DFD6-4B45-85B1-88D2CC22125A}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{F1AFD4EA-91DD-4733-A660-4484C50549AE}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C93ECEE6-C1B1-4195-B036-2C84BDF4D476}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{982CD324-7841-4014-9061-4C61CAA84B41}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{97450C8F-202A-443C-8BB2-3E8C00316180}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{12FCE835-4E59-415D-8FD8-DF4DF53855BB}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CF2EDF1B-DB2E-4D2B-93FF-2E9BCE782AC3}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{C970DBC3-8B00-4644-BCA2-DAB874CBB923}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{E8BFFCEA-1C08-4EB1-9D26-4D58A7F1117F}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{E465ECBB-775D-429E-9B96-55529E550508}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{A402C1CC-4291-4C6C-B8B4-98E60ADEC9F6}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.186\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{5B1C41ED-3183-4AD3-A078-42DFD241A17D}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{73E87491-7F58-4B31-BC68-9D895F516430}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EAFD9316-0F72-4952-AF7D-C2C5E1C88DE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D6C042D8-BCD9-4683-B244-CE4E8645A2F6}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{27B4157E-65CE-4EBE-B910-888B69DB3F5E}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{2099E6D5-3318-4A46-BE2A-0BFC8064A552}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{7B860FE3-785B-4751-B8FD-9DF143593F02}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{5664C3C5-D48A-4084-B2C5-1AA8E583AE3C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{6387C489-EC66-4DB9-9E04-8CCB5B0F66E9}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{0C3E4428-7724-4C6C-9816-7EC95B29D9BC}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{42638945-DDF2-43AD-B502-45B851E94E06}] => (Allow) C:\Windows\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{2ABB9A40-F36C-494A-949E-4C75B5C6F353}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{347AF792-9D11-4DA3-94FC-5E4E8AE56443}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5EF0AC3-3AF8-4BC9-B1F9-14CB1D34F9D9}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{53BB179A-1FB6-4665-A969-2440FC1DC175}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{D955CA21-A1E2-4418-BCCF-9255AD57453C}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{4E3F5EBC-680B-4EF2-9EC3-4E7110F26F9F}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{94396FBB-22CE-4842-9E73-695103F85521}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{C919BE96-F587-4588-AED4-935E8FA6A0C0}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{AA718F2C-57FC-48C8-986B-58738F89A53C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{4F1D7D86-BAFC-460B-9C43-3576599F104A}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{EF7E039D-A68E-4E45-A349-36689BEE6774}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{1155DBED-0BA4-4D0E-A7FE-E1B3B68EEB0C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{719385F7-C431-4E17-AB19-2075DA235EE7}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{BB77705C-910B-4DB8-A446-1D866958AFF8}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{D1AB89C7-0298-4B9B-8DBD-BC28601EF3A5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{AF0D50D0-C945-43DD-9F98-86EFEEAF1A32}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{58A9291F-CDF8-461E-B092-9E2004F6B80C}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{75552F21-D1C2-440C-977E-07480CD45451}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C9A9BA6A-D91E-4D27-8A58-D188D0675C90}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{CBC1070F-1093-4FAD-92C7-711709080DEA}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{C78B4763-40FF-4E46-9D55-EE7A5C56331C}] => (Allow) C:\Windows\System32\WScript.exe
FirewallRules: [{F5F524D7-D387-40BC-A6D3-434C8B6AF3BA}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{6AAF572A-A5AD-4EE3-8481-B542B7BE46D5}] => (Allow) C:\Windows\TEMP\nfyc577A.tmp\svchost.exe () [File not signed]
FirewallRules: [{12104274-F03C-42D1-8998-D3CBA2562563}] => (Allow) C:\Windows\system32\winrmsrv.exe (Microsoft Corporation) [File not signed]
FirewallRules: [{451F4261-A951-442F-9326-0E0F75229971}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{399D0680-750E-4F88-BD29-68F44937FC17}] => (Allow) C:\Windows\TEMP\flt354IS.tmp\lsass.exe () [File not signed]
FirewallRules: [{986C6A7E-117E-41B0-AB79-1EC3F50797A0}] => (Allow) C:\Users\user\AppData\Local\Programs\Opera\72.0.3815.320\opera.exe (Opera Software AS -> Opera Software)
==================== Restore Points =========================
22-10-2020 12:31:15 Naplánovaný kontrolní bod
02-11-2020 10:39:16 Naplánovaný kontrolní bod
11-11-2020 13:22:52 Naplánovaný kontrolní bod
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/11/2020 03:14:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: javaw.exe, verze: 8.0.2310.11, časové razítko: 0x5d987068
Název chybujícího modulu: J7GB1548872857273787995.tmp, verze: 0.0.0.0, časové razítko: 0x5278cf66
Kód výjimky: 0xc000041d
Posun chyby: 0x00000000000089d2
ID chybujícího procesu: 0x368c
Čas spuštění chybující aplikace: 0x01d6b834e334ce99
Cesta k chybující aplikaci: C:\Program Files\Java\jre1.8.0_231\bin\javaw.exe
Cesta k chybujícímu modulu: C:\Users\user\AppData\Local\Temp\J7GB1548872857273787995.tmp
ID zprávy: 10ca0119-c922-4a20-a9a8-b34d7d7c4c0b
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (11/11/2020 03:14:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: javaw.exe, verze: 8.0.2310.11, časové razítko: 0x5d987068
Název chybujícího modulu: J7GB1548872857273787995.tmp, verze: 0.0.0.0, časové razítko: 0x5278cf66
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000089d2
ID chybujícího procesu: 0x368c
Čas spuštění chybující aplikace: 0x01d6b834e334ce99
Cesta k chybující aplikaci: C:\Program Files\Java\jre1.8.0_231\bin\javaw.exe
Cesta k chybujícímu modulu: C:\Users\user\AppData\Local\Temp\J7GB1548872857273787995.tmp
ID zprávy: b03a36d2-6317-4a69-a4d6-f0e14ddaf44e
Úplný název chybujícího balíčku:
ID aplikace související s chybujícím balíčkem:
Error: (10/26/2020 12:18:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (10/26/2020 12:18:14 AM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Chyba služby Stínová kopie svazků: Při volání rutiny CoCreateInstance došlo k neočekávané chybě. hr= 0x8007045b, Probíhá vypnutí systému.
.
Error: (10/16/2020 12:07:51 PM) (Source: VSS) (EventID: 13) (User: )
Description: Informace služby Stínová kopie svazku: Server COM s identifikátorem CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} a názvem CEventSystem nelze spustit. [0x8007045b, Probíhá vypnutí systému.
]
System errors:
=============
Error: (11/12/2020 12:31:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2020 12:31:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2020 12:29:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2020 12:29:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2020 12:27:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2020 12:27:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Error: (11/12/2020 12:25:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba wuauserv byla ukončena s následující chybou:
Systém nemůže nalézt uvedený soubor.
Error: (11/12/2020 12:25:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu neregistroval u služby DCOM.
Windows Defender:
===================================
Date: 2020-03-10 19:58:13.183
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {078A4708-937B-4A38-944F-8995F3777010}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-03-09 11:37:13.201
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {9F8AD6FA-51DA-443F-AEA6-1F99184B015A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-03-08 22:13:33.442
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B0C2DA71-3C9F-4818-9E58-16F19F2F1A86}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-03-06 09:55:54.648
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2C6C338E-C950-4942-88E6-19D1D93985AE}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-03-04 21:52:17.253
Description:
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {630B2D30-1C43-4513-8AA1-D3F615F19A38}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM
Date: 2020-02-21 11:03:45.553
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072f8f
Popis chyby: Došlo k chybě zabezpečení.
Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.
Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antispywarový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.
Date: 2020-02-21 10:57:48.864
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.
Date: 2020-02-21 10:56:52.865
Description:
Antivirová ochrana v programu Windows Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací:
Předchozí verze bezpečnostních informací: 1.309.456.0
Zdroj aktualizace: Centrum společnosti Microsoft pro ochranu před škodlivým softwarem
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\NETWORK SERVICE
Aktuální verze modulu:
Předchozí verze modulu: 1.1.16700.3
Kód chyby: 0x80072ee2
Popis chyby: Operace nebyla v požadované době dokončena.
CodeIntegrity:
===================================
Date: 2020-05-26 20:54:44.290
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume6\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-05-13 00:24:44.488
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-13 00:21:37.810
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-13 00:20:30.940
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-13 00:12:05.238
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-13 00:11:45.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-13 00:05:48.478
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-13 00:01:39.489
Description:
Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume6\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends Inc. F9 06/05/2019
Motherboard: Gigabyte Technology Co., Ltd. Z390 AORUS MASTER-CF
Processor: Intel(R) Core(TM) i9-9900KS CPU @ 4.00GHz
Percentage of memory in use: 10%
Total physical RAM: 32699.06 MB
Available physical RAM: 29253.5 MB
Total Virtual: 41915.06 MB
Available Virtual: 36429.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:476.31 GB) (Free:303.24 GB) NTFS
Drive d: (SSD_media) (Fixed) (Total:1907.71 GB) (Free:1223.8 GB) NTFS
Drive e: (HDD_media) (Fixed) (Total:7452.02 GB) (Free:1031.79 GB) NTFS
\\?\Volume{bc482910-1514-4415-a922-9631669f2a92}\ (Obnovení) (Fixed) (Total:0.52 GB) (Free:0.09 GB) NTFS
\\?\Volume{c847343e-84fa-4e77-aad1-a43962b7b6fc}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Protective MBR) (Size: 1907.7 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt =======================
Ne že bych netušil že to bude zavirovaný, přece jenom tam mám dost nastahovaného softwaru.
prip. vloz aktualne logy FRST