start::
closeprocesses:
createrestorepoint:
AS: McAfee VirusScan (Enabled - Up to date) {4DE344F8-6897-65B4-CED0-82B3AF2591B4}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
HKLM\...\StartupApproved\Run: => "WindowsDefender"
FirewallRules: [UDP Query User{0FDD1C2E-67FB-4F00-906D-5454CAAB5EE9}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [TCP Query User{A0A6BB55-5D27-4B7D-9314-2E6584E05A66}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [UDP Query User{A02D6894-13D5-4422-911C-025BE9AA44B7}C:\program files\java\jre1.8.0_231\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\java.exe
FirewallRules: [TCP Query User{40337AB9-7F20-4480-BCDC-B48133357A11}C:\program files\java\jre1.8.0_231\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\java.exe
FirewallRules: [TCP Query User{C2CC45C5-CE23-47CF-8BFB-B248C7FD8D0D}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [UDP Query User{D0A94726-B503-41ED-B6CE-DF2B6611AED7}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-1548933072-3680593169-4137516567-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [24552064 2019-10-14] (Piriform Software Ltd -> Piriform Ltd)
Task: {0150E0C5-4906-4729-A1FC-CCCF03EFFB0B} - System32\Tasks\Microsoft\Windows\WDI\SrvHost => rundll32.exe winscomrssrv.dll,SrvMainHost <==== ATTENTION
Task: {516DDC2D-3792-4C3D-89FA-B98E240BF952} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_414_Plugin.exe [1475640 2020-08-11] (Adobe Inc. -> Adobe)
Task: {9711B0CA-E092-4F80-9265-FD42FFAF225D} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\winrmsrv => winrmsrv.exe <==== ATTENTION
Task: {C28ED1F8-7377-4151-BACF-880642C1D1CF} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {BFC1FDA5-AA82-4AF1-B5FF-0B63A0C8DB91} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [660688 2020-10-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {DA71AA37-8EAC-4806-9EC1-E6698017D2C4} - System32\Tasks\Microsoft\Windows\Wininet\Winlogui => winlogui.exe <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_414.dll [2020-08-11] (Adobe Inc. -> )
FF Plugin: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-26] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_414.dll [2020-08-11] (Adobe Inc. -> )
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
S3 xhunter1; C:\WINDOWS\xhunter1.sys [2719256 2020-05-08] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S3 MpKslb1d688e9; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A024477B-F3E4-40F5-B83D-1187EBA5AC0A}\MpKslDrv.sys [X]
S3 VBAudioVMAUXVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmauxvaio64_win10.sys [X]
S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X]
C:\WINDOWS\system32\winrmsrv.exe
C:\WINDOWS\system32\winlogui.exe
emptytemp:
end::