CreateRestorePoint:
CloseProcesses:
SystemRestore: On
HKLM-x32\...\Winlogon: [Shell] C:\Windows\explorer.exe, c:\windows\system\explorer.exe <=== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: E - "E:\setup.exe"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {04675fe5-8f95-11ea-9632-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {0467607c-8f95-11ea-9632-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {0a018ea2-a58f-11ea-963e-303a646305d7} - "E:\Setup.exe"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {20570c4f-9006-11ea-9633-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {20570c68-9006-11ea-9633-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {31188bd4-90c1-11ea-9639-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {3118915f-90c1-11ea-9639-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {3118a628-90c1-11ea-9639-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {49495576-ea70-11ea-9657-303a646305d7} - "E:\Setup.exe" /s
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {5d240248-9008-11ea-9635-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {dae80e59-9008-11ea-9636-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {dae8137a-9008-11ea-9636-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {dae81388-9008-11ea-9636-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {f391a2ce-8e90-11ea-9631-303a646305d7} - "E:\Setup.exe"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {f391a3bf-8e90-11ea-9631-303a646305d7} - "E:\Setup.exe"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {f8b47352-9006-11ea-9634-303a646305d7} - "E:\AUTORUN.EXE"
HKU\S-1-5-21-2072670142-406431142-2887710763-1002\...\MountPoints2: {f8b47426-9006-11ea-9634-303a646305d7} - "E:\AUTORUN.EXE"
IFEO\dismHost.exe: [Debugger] *
IFEO\EOSNOTIFY.EXE: [Debugger] *
IFEO\InstallAgent.exe: [Debugger] *
IFEO\MusNotification.exe: [Debugger] *
IFEO\MUSNOTIFICATIONUX.EXE: [Debugger] *
IFEO\remsh.exe: [Debugger] *
IFEO\SIHClient.exe: [Debugger] *
IFEO\UpdateAssistant.exe: [Debugger] *
IFEO\UPFC.EXE: [Debugger] *
IFEO\UsoClient.exe: [Debugger] *
IFEO\WaaSMedic.exe: [Debugger] *
IFEO\WaasMedicAgent.exe: [Debugger] *
IFEO\Windows10Upgrade.exe: [Debugger] *
IFEO\WINDOWS10UPGRADERAPP.EXE: [Debugger] *
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Policies: C:\Users\LENOVO\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {07534BCD-8BCC-49C8-97CC-BE9972CEDEBA} - System32\Tasks\Firefox Default Browser Agent BC707C16990B6B28 => C:\Users\LENOVO\AppData\Roaming\hgstehh.exe (No File) <==== ATTENTION
Task: {075722EC-A495-4D52-8100-DA79DCE02315} - System32\Tasks\kBqZwNWVQe => C:\Users\LENOVO\AppData\Roaming\kBqZwNWVQe\svcupdater.exe (No File) <==== ATTENTION
Task: {14B78CB5-8E60-4B1D-A375-60C2464A2675} - System32\Tasks\ipNnOYSRDI => C:\Users\LENOVO\AppData\Roaming\ipNnOYSRDI\svcupdater.exe (No File) <==== ATTENTION
Task: {189C0665-1BB3-4CF2-AF78-4A60E91050C6} - System32\Tasks\DXrRoIsfWaQAmr => rundll32 "C:\Program Files (x86)\QekUtfXqduZU2\MFjFJypbDuLuZ.dll",#1 <==== ATTENTION
Task: {315A9406-ECC2-4BFC-B2E2-A73A18425B75} - System32\Tasks\yrfaizCONzwDuLR2 => rundll32 "C:\Program Files (x86)\CRnqoTwWU\TZReKN.dll",#1 <==== ATTENTION
Task: {554BB060-0F58-4B89-8A8F-7E38CF97958F} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\SystemInfo => C:\Users\LENOVO\AppData\Roaming\\systemdiag\\sysinfo.exe -st -tu 0 (No File)
Task: {56AA47A9-C73C-434C-8F71-00A72EFBACC4} - System32\Tasks\Opera scheduled Autoupdate 1624420198 => C:\Users\LENOVO\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {57F1AAEE-158C-4544-B303-D4E1D13348F0} - System32\Tasks\PQqFDPLCLmrLpsGmx2 => rundll32 "C:\Program Files (x86)\ihYgQXqEhsipSPoabZR\nPQNkoD.dll",#1 <==== ATTENTION
Task: {5C106490-A480-4CB4-B3D3-70DCC90CB17F} - System32\Tasks\AVPTQBAEW => C:\ProgramData\WindowsMail\AVPTQBAEW.exe (No File) <==== ATTENTION
Task: {6DFC6F03-03B1-48C2-B475-B1EAF3C0BF42} - System32\Tasks\rovwer.exe => C:\Users\LENOVO\AppData\Local\Temp\f03fb0fdc0\rovwer.exe (No File) <==== ATTENTION
Task: {95707F77-D176-42E3-AF35-0DC805F75950} - System32\Tasks\bquFfReWhhWLJOIRyV => C:\Users\LENOVO\AppData\Local\Temp\CVTQjzJZXkCdJjhmQ\RzKNQoQaFAVnVEf\JBRiEef.exe h2 /site_id 525403 /S (No File) <==== ATTENTION
Task: {B0CA701E-4A6E-4E0A-B837-7C1BA8C02F9C} - System32\Tasks\Firefox Default Browser Agent EFB1F3F0DF54D862 => C:\Users\LENOVO\AppData\Roaming\hastehh.exe (No File) <==== ATTENTION
Task: {BBEF78C6-083E-402A-9D12-F02D3A890E4D} - System32\Tasks\tXFqztOxNynyTU => rundll32 "C:\Program Files (x86)\IxrKRxdKPWVU2\ATgZQRpeSKmNF.dll",#1 <==== ATTENTION
Task: {E0F839DD-78F4-49F7-B5F8-FBA5DF5395A6} - System32\Tasks\chKWchUlpcKwSrJXRVD2 => rundll32 "C:\Program Files (x86)\aRYMsWEIvcvCC\RnzpgxJ.dll",#1 <==== ATTENTION
Task: {ED5ED211-79CA-4C47-A088-BED1B61C8953} - System32\Tasks\UkrQNERaBj => C:\Users\LENOVO\AppData\Roaming\UkrQNERaBj\svcupdater.exe (No File) <==== ATTENTION
Task: C:\Windows\Tasks\bquFfReWhhWLJOIRyV.job => C:\Users\LENOVO\AppData\Local\Temp\CVTQjzJZXkCdJjhmQ\RzKNQoQaFAVnVEf\JBRiEef.exe <==== ATTENTION
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
S3 rsDwf; \SystemRoot\system32\DRIVERS\rsDwf.sys [X]
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{041F9391-C79D-44EE-AA4E-AF4E029C4B47}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.112\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{69545769-8D02-4B07-A481-AD374CD8D5D1}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.132\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{75399D28-E622-4973-8752-BC0F7DC47AF3}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.122\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{8B480070-D37D-4090-A063-7A429F849652}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.92\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{BE5C2E39-090F-46A2-AFAA-47540743B4FE}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.102\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{CA8FA699-91CD-412F-9D13-9B1222F4370E}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.82\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{CA919489-0396-4164-A6E7-94CDED45A707}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.52\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2072670142-406431142-2887710763-1002_Classes\CLSID\{DEDF773D-E27B-485E-8E7D-85C5B0EB5A67}\InprocServer32 -> C:\Users\LENOVO\AppData\Local\Google\Update\1.3.36.72\psuser_64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
FirewallRules: [TCP Query User{A9AAEA06-D796-4387-BA1D-6565639933CA}C:\users\lenovo\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lenovo\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [UDP Query User{9A86EA77-EC51-4AEC-B305-57E7B57675CA}C:\users\lenovo\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\lenovo\appdata\local\google\chrome\application\chrome.exe => No File
FirewallRules: [{49F26470-6603-4EB3-A2A3-AA27BB95C23E}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{14D590A6-B03C-434C-BA24-B8572181743A}] => (Allow) C:\Users\LENOVO\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{7A3CCCD6-8FB8-4A7C-BF60-B45341E4D10B}] => (Allow) C:\Users\LENOVO\AppData\Local\Programs\Opera\76.0.4017.123\opera.exe => No File
FirewallRules: [{750FCC0E-C149-41FA-8D8C-42B43BC299F4}] => (Allow) C:\Users\LENOVO\AppData\Local\Programs\Opera\85.0.4341.75\opera.exe => No File
FirewallRules: [{D832FD1A-60CB-4A2A-8C4F-04DA04481403}] => (Allow) C:\Users\LENOVO\AppData\Local\Programs\Opera\90.0.4480.84\opera.exe => No File
FirewallRules: [{421C115E-8F6E-4528-AC86-FEE7955BCD0C}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe => No File
FirewallRules: [{A76F6A00-6E5C-440F-8F2C-456D578FBC62}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe => No File
FirewallRules: [TCP Query User{5FC92336-5B05-42FF-A95D-E793AA75C2A7}D:\counter-strike\hl.exe] => (Allow) D:\counter-strike\hl.exe => No File
FirewallRules: [UDP Query User{147EE689-A358-4C8D-AE61-00EDE1EAD982}D:\counter-strike\hl.exe] => (Allow) D:\counter-strike\hl.exe => No File
FirewallRules: [TCP Query User{8AC8DB23-4F8F-4912-9307-4256744F9EDF}F:\games\warcraft iii\warcraft iii\war3.exe] => (Allow) F:\games\warcraft iii\warcraft iii\war3.exe => No File
FirewallRules: [UDP Query User{7B2A6EF5-7E1E-493C-B13A-6A467F666FFA}F:\games\warcraft iii\warcraft iii\war3.exe] => (Allow) F:\games\warcraft iii\warcraft iii\war3.exe => No File
FirewallRules: [TCP Query User{ED503027-2C83-422C-B55F-EDF03E80B24D}D:\counter-strike source\hl2.exe] => (Allow) D:\counter-strike source\hl2.exe => No File
FirewallRules: [UDP Query User{704C031D-78EC-4858-845E-F61F7FBB668C}D:\counter-strike source\hl2.exe] => (Allow) D:\counter-strike source\hl2.exe => No File
FirewallRules: [TCP Query User{0F452D44-B509-4568-952F-2BF7F292D203}D:\condition-zero deleted scenes\hlds.exe] => (Allow) D:\condition-zero deleted scenes\hlds.exe => No File
FirewallRules: [UDP Query User{E5051FF5-622D-4E7A-8803-2896474C015A}D:\condition-zero deleted scenes\hlds.exe] => (Allow) D:\condition-zero deleted scenes\hlds.exe => No File
FirewallRules: [{3ADA5955-15F5-4AB7-B6CC-D4C00A5190F4}] => (Allow) C:\Program Files\BlueStacks_bgp64\HD-Player.exe => No File
FirewallRules: [{857EA1C1-25B6-4818-93A0-292A8504954E}] => (Block) C:\Program Files\TypingMaster10\tmaster.exe => No File
FirewallRules: [{0BABB454-F00F-4A70-9F3C-615984214626}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{8B527B51-5F2D-4879-A39B-41347A079DF1}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{BC31ABC9-7A40-468A-BD19-FE643A5B8C31}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{5C281FAD-F60A-4647-B8CB-695C215A5CBD}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{686A3C75-A3AD-4944-8537-587B9FEBBA0B}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
FirewallRules: [{F0CC6EED-DAA7-44C1-86CB-0028CFFDB3A3}] => (Allow) C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe => No File
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
C:\Windows\System32\config\systemprofile\AppData\Local\*.tmp
Hosts:
EmptyTemp:
Reboot:
End::