При запуске отрываеться браузер [not-a-virus:AdWare.BAT.Clicker.af ]

**bagsy72** · 14.08.2018, 08:00

При запуске Windows 7 открывается браузер Internet Explorer. Ранее на компьютере использовался бесплатный антивирус. Сейчас стоит TrendMicro Maximum Security. Также в лечении использовали AdwCleaner v7.2.2 результата не дало. Прошу помощи

Надоело быть жертвой? Стань профи по информационной безопасности, получай самую свежую информацию об угрозах и средствах защиты от ведущего российского аналитического центра Anti-Malware.ru:

**Info_bot** · 14.08.2018, 08:01

Уважаемый(ая) bagsy72, спасибо за обращение на наш форум!

Помощь в лечении комьютера на VirusInfo.Info оказывается абсолютно бесплатно. Хелперы в самое ближайшее время ответят на Ваш запрос. Для оказания помощи необходимо предоставить логи сканирования утилитой Autologger, подробнее можно прочитать в правилах оформления запроса о помощи.

Информация

Если вы хотите получить персональную гарантированную помощь в приоритетном режиме, то воспользуйтесь платным сервисом Помогите+.

Если наш сайт окажется полезен Вам и у Вас будет такая возможность - пожалуйста поддержите проект.

SQ · 15.08.2018, 03:40

Здравствуйте,

Удалите Driver Booster через установку и удаления программ в панели управления.

HiJackThis (из каталога autologger)профиксить

Код:

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3C} [URL,SuggestionsURL,SuggestionsURLFallback] = http://spacesearch.ru/?ri=1&rsid=89301d6ac9aaf7e733e4afc9215772fd&q={searchTerms} - GetSearch
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3D} [URL,SuggestionsURL,SuggestionsURLFallback] = http://spacesearch.ru/?ri=1&rsid=89301d6ac9aaf7e733e4afc9215772fd&q= - GetSearch
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A06ED961-D98F-4CF9-A89B-80AB11DB149C} [URL] = http://go-search.ru/search?q={searchTerms} - GoSearch
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O4 - MSConfig\startupreg: KRB Updater Utility [command] = C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe /S (file missing) (HKLM) (2015/09/08)
O4 - MSConfig\startupreg: Kinoroom Browser [command] = (no file) (HKLM) (2015/09/08)
O9 - Button: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49} - Send to OneNote - (no file)
O9 - Button: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - OneNote Lin&ked Notes - (no file)
O9 - Tools menu item: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49} - Se&nd to OneNote - (no file)
O9 - Tools menu item: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - OneNote Lin&ked Notes - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},timer - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},network - (no file)
O22 - Task: ASC8_PerformanceMonitor - C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe /Task (file missing)
O22 - Task: Driver Booster Scan - C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe /scan (file missing)
O22 - Task: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe /auto (file missing)
O22 - Task: RegOrganizerQuickLaunch - C:\Program Files (x86)\Reg Organizer\RegOrganizer.exe -RegistryEditor -ForceForeground -NoSplash
O22 - Task: SafeBrowser - C:\Users\user\AppData\Local\Microsoft\Extensions\extsetup.exe /S --safebrowser (file missing)
O22 - Task: \Microsoft\Windows\A5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3 - C:\Program Files (x86)\Common Files\AppDownloads\A5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3.exe /S (file missing)
O22 - Task: \Microsoft\Windows\AA5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3 - C:\Program Files (x86)\Common Files\AppDownloads\A5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3.exe /S (file missing)
O22 - Task: \Microsoft\Windows\AF7D73419-56BA-4BAD-ACEF-9E262E4E2548 - C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\CAB34C18-C26E-443E-A112-81F7AE8E5B33.exe --getupdate-ppapi-plugin (file missing)
O22 - Task: \Microsoft\Windows\AppID\EDP Policy Manager - {DECA92E0-AF85-439E-9204-86679978DA08},EdpPolicyManager - (no file)
O22 - Task: \Microsoft\Windows\AppID\SmartScreenSpecific - {9F2B0085-9218-42A1-88B0-9F0E65851666},U - (no file)
O22 - Task: \Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask - {47E30D54-DAC1-473A-AFF7-2355BF78881F},AIKCertEnroll - (no file)
O22 - Task: \Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask - {47E30D54-DAC1-473A-AFF7-2355BF78881F},CryptoPolicy - (no file)
O22 - Task: \Microsoft\Windows\CertificateServicesClient\KeyPreGenTask - {47E30D54-DAC1-473A-AFF7-2355BF78881F},NGCKeyPregen - (no file)
O22 - Task: \Microsoft\Windows\F7D73419-56BA-4BAD-ACEF-9E262E4E2548 - C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\CAB34C18-C26E-443E-A112-81F7AE8E5B33.exe --getupdate-ppapi-plugin (file missing)
O22 - Task: \Microsoft\Windows\KRBUUS\KRB Updater Utility Service - C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe /S (file missing)
O22 - Task: \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents - {8168E74A-B39F-46D8-ADCD-7BED477B80A3},Event - (no file)
O22 - Task: \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic - {8168E74A-B39F-46D8-ADCD-7BED477B80A3},Time - (no file)
O22 - Task: \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - {927EA2AF-1C54-43D5-825E-0074CE028EEE} - (no file)
O22 - Task: \Microsoft\Windows\Shell\CreateObjectTask - {990A9F8F-301F-45F7-8D0E-68C5952DBA43} - (no file)
O22 - Task: \Microsoft\Windows\Shell\FamilySafetyRefresh - {EBF00FCB-0769-4B81-9BEC-6C05514111AA},$(Arg0) - (no file)
O22 - Task: \Microsoft\Windows\Shell\IndexerAutomaticMaintenance - {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} - (no file)
O22 - Task: \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},logon - (no file)
O22 - Task: \Microsoft\Windows\Time Synchronization\ForceSynchronizeTime - {A31AD6C2-FF4C-43D4-8E90-7101023096F9},TimeSyncTask - (no file)
O22 - Task: extsetup - C:\Users\user\AppData\Local\Microsoft\Extensions\extsetup.exe /S --setresetup (file missing)
O22 - Task: wGrtYoeexUy - C:\Users\user\AppData\Local\xDLirExElIOy.exe /i http://soflourd.com/ywxpgzuimnrx.szp /q

AVZ выполнить следующий скрипт.
Важно на ОС: Windows Vista/7/8/8.1 AVZ запускайте через контекстное меню проводника от имени Администратора.

Код:

begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFile('C:\Users\user\AppData\Local\xDLirExElIOy.exe','');
 QuarantineFile('C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\CAB34C18-C26E-443E-A112-81F7AE8E5B33.exe','');
 QuarantineFile('C:\Program Files (x86)\Common Files\AppDownloads\A5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3.exe','');
 QuarantineFile('C:\Users\user\AppData\Local\Microsoft\Extensions\extsetup.exe','');
 QuarantineFileF('c:\users\user\appdata\local\microsoft\extensions', '*', true, '', 0 ,0);
 QuarantineFileF('c:\programdata\krb updater utility', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0 ,0);
 QuarantineFile('C:\Users\user\AppData\Local\Microsoft\Extensions\extsetup.exe', '');
 QuarantineFile('C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe', '');
 QuarantineFile('C:\Users\user\AppData\Local\kometa.bat','');
 DeleteFile('C:\Users\user\AppData\Local\kometa.bat','32');
 ExecuteFile('schtasks.exe', '/delete /TN "ASC8_PerformanceMonitor" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "Driver Booster Update" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "Driver Booster Scan" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "wGrtYoeexUy" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "SafeBrowser" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "extsetup" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "RegOrganizerQuickLaunch" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "KRB Updater Utility" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\KRBUUS\KRB Updater Utility Service" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\A5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\AA5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3" /F', 0, 15000, true);
 ExecuteFile('schtasks.exe', '/delete /TN "Microsoft\Windows\F7D73419-56BA-4BAD-ACEF-9E262E4E2548" /F', 0, 15000, true);
 DeleteFile('C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Коmеtа.lnk', '32');
 DeleteFile('C:\Users\user\AppData\Local\Microsoft\Extensions\extsetup.exe', '32');
 DeleteFile('C:\ProgramData\KRB Updater Utility\krbupdater-utility.exe', '32');
 DeleteFileMask('c:\users\user\appdata\local\microsoft\extensions', '*', true);
 DeleteFileMask('c:\programdata\krb updater utility', '*', true);
 DeleteDirectory('c:\programdata\krb updater utility');
 DeleteFile('C:\Users\user\AppData\Local\xDLirExElIOy.exe','32');
 DeleteFile('C:\Program Files (x86)\Common Files\AppDownloads\A5EFD5FE-0E9A-4726-82C3-DF985EE4EEC3.exe','32');
 DeleteFile('C:\Program Files (x86)\Common Files\Adobe\OOBA\PDApp\PPAPI\CAB34C18-C26E-443E-A112-81F7AE8E5B33.exe','32');
ExecuteSysClean;
 ExecuteWizard('SCU', 2, 3, true);
 CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.

После выполнения скрипта компьютер перезагрузится.

Файл quarantine.zip из папки AVZ загрузите по ссылке "Прислать запрошенный карантин" вверху темы.

Скачайте ClearLNK и сохраните архив с утилитой на рабочем столе.
Распакуйте архив с утилитой в отдельную папку.
Перенесите Check_Browsers_LNK.log на ClearLNK как показано на рисунке
Отчет о работе ClearLNK-<Дата>.log будет сохранен в папке LOG.
Прикрепите этот отчет к своему следующему сообщению.

- Подготовьте лог AdwCleaner и приложите его в теме.

**bagsy72** · 15.08.2018, 13:46

Все вроде сделал

SQ · 15.08.2018, 15:34

- Скачайте Farbar Recovery Scan Tool

и сохраните на Рабочем столе.

Примечание: необходимо выбрать версию, совместимую с Вашей операционной системой. Если Вы не уверены, какая версия подойдет для Вашей системы, скачайте обе и попробуйте запустить. Только одна из них запустится на Вашей системе.

Запустите программу двойным щелчком. Когда программа запустится, нажмите Yes для соглашения с предупреждением.
Убедитесь, что в окне Optional Scan отмечены "List BCD" и "Driver MD5".
Нажмите кнопку Scan.
После окончания сканирования будет создан отчет (FRST.txt) в той же папке, откуда была запущена программа. Пожалуйста, прикрепите отчет в следующем сообщении.
Если программа была запущена в первый раз, будет создан отчет (Addition.txt). Пожалуйста, прикрепите его в следующем сообщении.

**bagsy72** · 15.08.2018, 17:24

Проверил, загрузил

SQ · 15.08.2018, 21:21

Удалите следующие приложения через установку и удаления программ в панели управления:

Код:

Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.20 - IObit)

Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:

Код:

CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Toolbar: HKU\S-1-5-21-2665165893-1524468040-2239639438-1000 -> No Name - {91397D20-1446-11D4-8AF4-0040CA1127B6} -  No File
FF Extension: (Advanced SystemCare Surfing Protection) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\[email protected] [2015-11-02] [Legacy] [not signed]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
R2 PfFilter; C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [39104 2015-03-10] (IObit Information Technology)
Folder: C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}
Folder: C:\Users\user\AppData\Local\WIX Toolset 11.2
Folder: C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}
Folder: C:\Users\user\AppData\Local\web server extensions
Folder: C:\Users\user\AppData\Local\NET.Framework SDK
2018-08-15 16:33 - 2015-11-22 05:32 - 000000000 ____D C:\Program Files (x86)\IObit
2018-08-15 16:33 - 2015-07-13 18:58 - 000000000 ____D C:\Users\Все пользователи\ProductData
2018-08-15 16:33 - 2015-07-13 18:58 - 000000000 ____D C:\Users\Все пользователи\IObit
2018-08-15 16:33 - 2015-07-13 18:58 - 000000000 ____D C:\Users\user\AppData\Roaming\IObit
2018-08-15 16:33 - 2015-07-13 18:58 - 000000000 ____D C:\ProgramData\ProductData
2018-08-15 16:33 - 2015-07-13 18:58 - 000000000 ____D C:\ProgramData\IObit
2018-08-13 11:50 - 2015-07-13 18:58 - 000000000 ____D C:\Users\user\AppData\LocalLow\IObit
Folder: C:\Users\user\AppData\Local\Feedback Reports
Folder: C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2
2017-12-26 14:52 - 2009-07-14 08:14 - 000001192 _____ () C:\Program Files (x86)\NujYuUeMBk
2009-07-14 08:14 - 2009-07-14 08:14 - 000001192 _____ () C:\Program Files (x86)\NujYuUeMBk.bat
2017-12-26 14:52 - 2009-07-14 08:14 - 000000055 _____ () C:\Users\user\AppData\Roaming\bUktAciCVA
2009-07-14 08:14 - 2009-07-14 08:14 - 000000055 _____ () C:\Users\user\AppData\Roaming\bUktAciCVA.bat
2015-07-29 00:19 - 2015-11-22 05:29 - 000000000 _____ () C:\Users\user\AppData\Roaming\smw_inst
File: C:\Users\user\AppData\Local\web server extensions\msiexec64.exe
File: C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
File: C:\Program Files (x86)\Common Files\NTServices\msiexec64.exe
File: C:\Program Files (x86)\Common Files\NTServices\msiexec64.exe
File: C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
Zip: C:\Users\user\AppData\Local\web server extensions\msiexec64.exe;C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe;C:\Program Files (x86)\Common Files\NTServices\msiexec64.exe;C:\Program Files (x86)\Common Files\NTServices\msiexec64.exe;C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
Folder: C:\Users\user\AppData\Local\web server extensions
Folder: C:\Program Files (x86)\Common Files\NTServices
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers1: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2015-03-10] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers4: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2015-03-10] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2015-11-12] (IObit)
ContextMenuHandlers6: [PfMenu] -> {2F844462-7CB8-489C-828C-32A6422506AF} => C:\Program Files (x86)\IObit\Protected Folder\PfShellExtension.dll [2015-03-10] (IObit)
Task: {0432F9FA-3A9D-4858-8747-7A45C3253C60} - System32\Tasks\bltopncomhohoj => "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" bltopn.com/hohoj <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {7C5459CF-AED8-49C0-AD96-76B8BA6E6A37} - System32\Tasks\Driver Booster SkipUAC (user)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {B18A86AD-568B-4A25-B269-E3500CDCD9A7} - System32\Tasks\Uninstaller_SkipUac_user => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-11-18] (IObit)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
FirewallRules: [{369E0D71-C60C-4151-B85E-17B45206D333}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{96FFD925-3546-4242-AB82-3B3CC34674B8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{77325AB5-15E1-4392-B8FF-3D620B8AEDB2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6A9EA67B-7C46-4DCB-AE7E-D9E59277DBA9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C1BB49FC-1824-4A8E-8158-686C13DBF8B5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A6B16AAA-D9B1-439E-9FF6-C5B9ABC69291}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{97B6E1DD-4FFF-4846-B0E2-6985716A34DF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4A0A583F-EB06-4321-B6B7-9775F7B83845}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{83EB7DF4-370C-43ED-BAC1-3CEF13399B1E}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{9D282D4D-15CB-4498-ADF5-A3798ACD810E}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{8FB93B16-5836-4098-BFEC-BA5CF24E8BF6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{19E7C2ED-5182-4B28-8FA2-42C063A63190}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C98B7716-E31C-465F-BB39-97990F4278C5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B90B520C-BA71-432A-9D9A-13FC51311014}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{FF660AA8-EBB4-4635-9E27-1C16DFAF6E56}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{65F1B0D9-2531-4CE2-92C0-3014EA297ABE}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{72373A13-4795-4600-9D10-60FF98454BFC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{489A9991-FA71-4BFF-9E8E-8129910F7260}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{D5C06FD5-B8EC-4250-A6CA-E8B0F980AB3E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CE5F0DA7-0FEE-4F3E-930A-CFB006831274}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1E5B8880-63A2-46B0-A9D6-56A5D2D677B6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{318FA4A2-F582-43AD-AE21-F76D2F2BB0A2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2896E0BE-25F2-4149-AB86-7FB17C66FDC1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C41DB3C2-B7E7-4674-AFBB-02BC30928A89}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E8D1764A-454B-4BA6-AAAB-E3FCE47277A6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0401053D-F0AB-4848-B6CD-EB67E85B7379}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{ADD8EE2B-F640-402D-AF7F-9407BD6A31FA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{226DB07F-4CB5-4C7C-95A6-EE4957AEB605}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{66C3058B-1A6E-42DE-8F6A-82D0BFA6EA08}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A6E24814-D498-4296-B470-9C60DA72125F}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{0E9B9807-F38A-45D5-8E91-B791223A4A78}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DABC38B3-3D49-416C-A2CF-F7198AC3DACE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{65F06CA8-3E55-4B02-A5EE-7D1B27D062A9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4DFB80E3-C2AE-4FA3-8708-3F63C5F4469C}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{018FE312-E701-4C6A-92F8-5AB6AF8BFFA0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DB3F86D8-D5C4-4805-AF0C-D69AE6C4402A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{004D9DF3-D2E6-4CE8-9FDC-B41E20608AF2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{32197CB8-B7DF-432F-8F13-BE7801830739}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{8D050D0B-A884-4532-80C7-31D0F24B42F9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{21936F09-D1CD-4E78-888E-A2002579886D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{8364CED9-73B0-400C-AE3C-1131905FBB56}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{33C92012-3E1F-4AE4-B7AE-9593DD50AB11}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{88247381-6EF0-47F5-9366-BAA11A6098D6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FF6F7305-1CAB-4B73-925D-6BE7B36B46D3}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{0A165BFC-B20A-4B23-95D0-CCE99DF252CD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{786B9329-1AE8-4AEC-9D08-9DB7BC03F825}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{78CA07F1-33C4-46ED-BDC0-2AEA1E2E7F0D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{74DA18D9-3530-4DA4-ADE4-E1095692CE29}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C7581730-0027-43E0-A37E-D5A1FDE5D1B6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D1F19F60-11BF-412C-84D5-162D61C9178B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F0A0B133-C803-48E6-9CD8-8A075C2990C1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{02B9F103-41AA-44F2-8BF2-0FDF46925D4A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C10F70E6-09CE-47D4-BB7D-27F3E313B049}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AD03AE0B-84D6-4916-AEEE-DBD9BA63ED63}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7AC9529F-2EFB-4622-8D48-A2E7675EA751}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1A50C364-AE66-4CF1-95B4-E6B04E3FDB86}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B085F708-90F5-4215-9FDC-0D326B18B741}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8EE9C0A5-BB7F-49A1-A4A6-0E663ED1B4E0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{95B49DF7-E974-4A90-9E52-1211AD09C755}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{575195ED-A9EE-4974-A3C6-865AD3A2D007}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{62B06905-5B97-4B1F-A9B8-8C0F7AE10676}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FB39264C-3402-41B6-8F74-17B65A61418E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{80520893-7DC1-48AE-AE64-38A99BC4A886}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3031B222-C7C2-46D5-9323-07606F7D1FC0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{0F06940E-20E4-44BE-B216-C9F064E8900C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C31C7398-3CB7-4478-866C-BA656CA74F84}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2A90DCA1-9012-46FC-B6C3-2DBB102DFF20}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AE2CAB53-EBF1-4B5A-9631-8A00F1793BA5}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{96DA069C-7811-4C6B-BAED-ED8390FBA69E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{35FB6674-A27B-4FC0-A0A1-04DF958EA5A0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2EC7EBD3-624D-45DE-A18C-7427914083FF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EF25CE83-BFAA-4473-BE82-5566703BD880}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{EB532A64-B803-4C59-937C-197B3DEA864A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{709F1639-8318-4D86-948F-405BCE712B0A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2FCB4978-ED04-4B2C-A5C4-01966856FBFA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{153B08DB-69B1-4703-B941-058069BF179A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2A23941F-376A-438D-A29D-252B0746D533}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{588577AC-4F8B-43CF-85C0-11A2295F69E3}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{79986840-794A-4B6D-8ED8-B42E6F8D4A8D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{702D2444-21CF-4611-B83C-FA2C1FAF62B6}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C81AAD5B-1816-4A48-9A32-24C306CD654F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1101DC03-2587-4AB8-ABB6-DE681CD0403D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3D587ED6-ACAE-47AD-AE64-336611B80CA8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B7114EDA-C3C5-446D-98BD-E68128FAA08D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{547B4A9A-CE43-4372-892B-0FDD2F0B5276}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D52D5DC3-BBC4-4314-9980-CD4354B96782}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1DDED43D-C149-40FA-BC75-4FB18F671567}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E21D6BA1-77A6-4958-94B5-013031BE3EC3}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{55C4CA8A-C0BF-4198-9E49-B221288556BA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D3DF214B-2EA3-47A5-B1DC-9779781473DB}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{FA272A16-7E15-4027-9DB3-AA72DEFAA501}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{43EB7281-2EAC-49D7-ABE8-3CC150B4DCAC}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{08204EEA-8759-408C-9413-910DEB63150D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{36429D6D-D6A6-4119-B63F-CA19CB2F3891}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{BED76DF0-A4F2-4F76-8204-6451E4DDE4A9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C5B8858D-B7A5-477D-A906-8CB51B9E0A26}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{97CA2F51-BE53-4BFD-B7EF-D8EFBE6EB004}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4DE02DB0-C8E2-41A0-A732-6E768C7A821F}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4C5F0AD0-FB5E-483B-AD09-D4923AF9E427}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{19016D19-F398-4E6A-B46D-630877CBE3D2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F3F4A742-C2E9-43F6-8F0C-EC9F94616679}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CEA25FD7-0635-43BA-9249-03236B62DEE6}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{677A88EA-F08C-4132-A1C0-6D5A9411DAEB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F2C8D478-4BE4-4DAB-A6A7-EAA1D172D22F}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{54BED17F-DC2E-4FEA-9792-1AA3BEA8A0FB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3430BFAF-F262-48AF-A4BF-E9DB92379E3A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{A94B9F11-ED5F-4B18-9446-ED6BF485BAFA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{02918CB5-8F32-4EB1-9F40-E27120BB44EF}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{73584E6C-A991-40A2-9631-06454A153158}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C7FA173C-AB05-4D33-85BF-CCA766DE0AB4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1E8439A9-9C81-40E9-A8F1-26D287572F3D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{ADFBFD6F-12E0-46C8-8262-108A5CE20A05}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F1DDBE8B-5965-4DAA-93B7-6E2FAFCC8EEA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3590F974-C9BC-4D3E-AC4E-6C9A95106BB4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{735CEE2E-90FC-4E85-BF65-EFEDDD37C59F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{84DD7752-0118-4143-A5E2-0D3C61AB9049}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{95CC941E-C720-4A6F-A534-63635200D24A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{22A98D7C-6F56-4901-ABE8-7775633ABECE}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{20A875D6-A376-41BF-AB62-9320063AC25D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5FF20A1A-2F26-485F-87E9-23AA068BF5D0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A7D441D7-5CB2-404E-A2E9-493B86E4B140}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3FE915F8-5661-4D3A-9D7C-695D9B731BA8}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{DB26B2C6-5CD7-490E-AE6D-7B8DFF259C4A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{681B8AE6-41BD-4132-AF30-BE9C0EDFFBAC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6EB23293-FF27-4F7A-8320-76B1E7028B71}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4C45B830-5D45-4876-945E-FC14B54C552C}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5CA647CC-C8BB-4359-BFFC-3CFB0A8EE7AD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BD57F201-6B74-4921-9A76-B823B7DC925D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{75B1B238-95B3-4BE3-BC3E-12395E35E1DF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3D5BF79D-C26C-4C81-95C1-0BD10CAAA749}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{0395F849-E4CE-4748-8F70-EF9BDB97C360}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BE7E6B3C-933A-4B7D-96AA-B58073073ABA}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{6FB0A996-5CD4-4C9E-BC81-85B8F03916B4}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C11FA700-CD4B-4F4D-A5BD-7C57CAAE347A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{EE04AB56-875D-4749-9115-3BF011431A31}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E9DAB9BB-3FED-4DE2-B7CF-D68DCE1AF0E5}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{36C63969-F6EE-464D-AA3D-26F3A9103F75}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DE3C3FA4-A79D-4F17-AABD-41B7CA8BB532}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{9BD1265D-8722-4670-9E0C-9854F342E44A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C2B88E2D-9792-427F-8294-E0B1ECA1155B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F24BE68A-8FF3-459E-B0BD-C77A3C74DE61}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9326F64C-DC9B-4320-8C63-0F4A7120B74A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{64B7AFA7-A0DA-4C80-9048-0E46EE81BFAC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{18AAB1D9-00FA-4132-BD10-AAF2F9F73E01}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F78E5514-7B5E-491A-A4B8-A27045FF6C38}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3F4F9B6C-C57D-4E9D-87F7-A5B867434617}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4D1032AC-ADF0-48FA-B8E4-52D5D1429FBF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{207658CB-1BB7-4D02-B032-AE356363C997}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{DA1372FE-18FC-48ED-9E4B-F4F1079E94B2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DD5CD3D9-27FE-4460-9741-0A7B98AB92FB}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{9589C28D-1F2F-43F1-8B09-F1C70B4FF77B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5ABFD2A8-1AC3-4570-AD30-0237992A4ADD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6ECD45D3-400E-4F8C-94D5-412B630CCAF9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EFD279BA-32FD-42DA-BAD5-B585C259D522}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{11115D40-56EF-45F4-8491-314E32CB9C9B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{407584A4-817E-4532-A6DB-102938F98312}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{67A28F47-CD20-4792-99BC-7274B9CE528D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{19FB49D2-15DA-46A8-96F1-8B89B9FE432A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3E4D41FA-7302-4155-96C5-E2ABC6CE645D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{22CA8714-74D6-4972-9B7B-B5E211044F42}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1A0938B8-2576-4217-8A13-965CD705747F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4CE196C2-5FA2-4BB8-B70E-2E431F79D7E0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{02A8FFEE-4BC5-4A85-969B-428A9FE15043}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{12FEBEF5-E8A4-4876-907A-DB083A248932}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{CC02A43A-EEEE-4356-95A4-88D8C91A3918}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DC19A03D-6CCC-4E14-B746-79D4B39AFF0E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7326CF88-ABC8-44E5-B89A-CD51D521B903}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{3607D52D-34EF-421C-B110-1E441D447559}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5CCDD703-AAC4-4542-A3C7-5485C212887D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{43724AAC-5896-4141-9BB4-C366E1313716}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5FE6C83E-DE58-46B8-B70A-385DE4FCB387}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{42DD3807-1314-41D6-8760-98CBE8BB9804}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{136F46FF-4975-46F6-B134-81CC2BDAAA0F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D84D0182-D706-47BC-BEA1-7CEB340D6469}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B8A5ED7F-2255-4C27-B255-D4DA04E45DF1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F33A08AC-B12F-4975-848B-C540B19CAB73}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{C240613E-427E-4F5A-A354-10C3AD70026D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{33A6041E-C387-4654-8AA8-3CB703BDA155}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5AF7D529-206C-4050-B80F-580FA9546D9E}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{ACC0C6DF-56BC-4CE4-B517-0F804EBBCF25}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{FF86B7C5-0FAF-42AE-BFE1-9CFE92752CD5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{870E1FF0-B50A-4A4F-B282-6EF4D5237310}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B2453848-5694-49C6-8362-E33FEBB64346}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{EEA8A7A7-6159-4AB2-8F0F-F47F657D34E3}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{6C658F57-0F0B-49F4-B9FF-FA80A1AD9531}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C8FD3635-5FAE-4195-8B1C-B88226BD833F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{80BBCC47-C6B1-4C67-B6F1-39E435202F4E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C376CFE9-96F7-4E3B-982F-6EBB807ABFB3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{76357807-29ED-4CC1-BBBD-68D57C989C80}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{FD898D4E-F8F2-464B-9C92-376D0775421E}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{09B48B40-1173-47CF-B555-8290B4927BD6}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E36C0DA8-2BDB-4FAC-BF67-0E6781A8ADD9}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{6E1B4B5A-36FA-4E3C-AA43-02FA18CEC9F0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{431FBBDC-0524-4C58-87E2-CF0373AB661D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8F469638-F61C-4E87-932B-21AB92FA584F}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{F5BAF086-FE89-4622-B10B-923DA492D248}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C3D4365E-2683-4A26-97AC-A90AB5B3DF3B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C1349D79-4F46-4C25-BAC3-29B5840585D7}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{AA93EAAF-9027-4EED-82C2-9AAFA62BF608}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{57034D10-A68B-4712-B020-E23793099537}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{882A46EB-68D3-40AE-B1FC-138187AA7CC7}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{3C9D3C6D-4116-4FA3-B494-725A56CA1CEC}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7CD5E0ED-1AAE-44B5-8A17-BFC343A59334}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BFAC4791-B129-4CB1-8E62-E0FD9DAEAD1B}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{3B7E3DF6-7B8F-44E9-A20D-44451A1A10EA}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3D1B1C1B-1245-440D-8A90-CFFDE1B240D2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6F208ABF-1047-413D-9E32-F8308B32C428}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{3E0EB119-690A-4938-A59E-2D45EE5717D6}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{6A1CEA7B-857C-4BB9-AE5F-3D928942F71C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{395DFF08-C249-425F-BB2A-2BE97D7A2886}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{8A8B1721-0146-4241-9708-EB5485F6BA3C}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{89BCF683-8055-45D6-8A26-BBDC23C65A4C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F8A9C0EC-6CD6-4D24-BF80-AAD036BE8CDB}] => (Allow) C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2\msiexec64.exe
FirewallRules: [{9E8F5BC6-184D-4A58-B80D-C7D908585CED}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E061649A-C8FD-4936-ACC6-3B8F4F63FC20}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{28070B75-EFB2-48CD-B521-8C88F1C87933}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{0E44F921-77A3-4B02-9C23-44C4FEAF4595}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{22519A9F-E114-4943-96C6-4F68B22A02A0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E693D0D4-9A81-400E-A208-1E5C234D047D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FFE33AA1-7BAF-467E-9BC1-725AF7C36BA4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{A80CD59C-0136-4732-9C3F-2A356A32407F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{130700B1-ADAC-4E88-A06F-55A18C6FA03F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6E8E8BE3-AF95-41D2-846A-407B0309E0FA}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9F1E1883-77F2-4FBE-9F4D-2B5CE43A0769}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1616E4D5-6553-41F3-A1A6-EBB924C08F53}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E8513175-C377-4C7D-A758-E3291DD61721}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{B64C496F-6833-4F47-A3D1-35A24EA6ECA2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{6FFEF0CC-6130-4202-913C-08BE2DA434CB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{17200C91-F111-4848-ADA2-7D08A7965CFD}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{ADE39F9C-E19B-402A-8314-6DE6CDC84A09}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{25EBA9FC-FE91-43DC-A504-E8EBA797A088}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9CF5090F-AB42-4691-935F-93912321AB2F}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{A6CCB1F7-C08B-43DE-9D47-A6B113D2DA21}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{27D950BC-CE25-4866-B811-7610D8A5E2A3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9C03825D-700B-4B11-B087-496B223DD13E}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{3DD76EA7-B3EE-4C5E-85BD-748FC7EA15A4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{81FF4DBE-146B-4D99-82DF-AAB193897153}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{82E363C3-A8A7-4A93-B70A-422B924D061A}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{1B4E8A5C-1178-4B10-AD7F-F05EEF5A2443}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2DA86153-D32D-4B81-B43E-626FF12BFD8E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{32A07E5A-6608-4ADC-9B33-1CBB9724442B}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{A24150DD-85D4-40FC-91B7-D1E8A2B5A713}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1D595CC0-68F8-420F-88B8-D9CF07D20637}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BC752BBA-FC63-43BF-87C9-DCFFC3F3E330}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{8681C4C2-2525-49E6-A777-C785386974D0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B45FCCC3-2F21-4196-95A1-EDC25236E433}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0A8ADF90-A2C7-4BBC-AB53-EB552F719F45}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{5ACCD5DC-0A74-4357-90A2-D7CACF7B37AB}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{194585DD-988D-4D0F-AC93-1D1F8F7014AC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{673CFEFB-5CD4-477E-B94F-82FD7467E854}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{50A69B4D-B588-4B69-AA25-84CAB2191ADE}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7EEB4187-0252-4B11-85A0-83332B7D75DD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{716E2761-A61C-4145-B66C-6C7EB08932BD}] => (Allow) C:\Users\user\AppData\Local\Feedback Reports\msiexec64.exe
FirewallRules: [{EFC5D24E-7C1D-4602-AFCE-2FA2DC255960}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{FE8D2B46-B374-4497-8E0B-67466F604875}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{B8432CFA-49B6-424B-8CA3-4ED475F6B5DB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D12214FA-271D-4446-96E5-1A57EFE24EBC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{729D3B1C-F925-4ADA-95E8-99B12A95BCA2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{465700BC-107F-4C6E-A5EC-2FCD418A9728}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{04EB3230-C034-4F38-A273-A1E1976C3194}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{883EFAB0-F8D6-45D7-BC60-F6B1AA5A642A}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{19DE685F-FC53-4F52-9053-983AA60B1F5E}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{DECF5CE0-501F-4CFC-9A07-5CA0209FE521}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{731A5277-B2C2-4C6D-9FCC-A75C45A5149D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4B8C5B70-EEB4-49E6-8BBA-46C753AF1079}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{732A1EA2-9A0A-43E4-870B-17CD5E825084}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{696082B7-A590-4751-87BA-DDF861BE3864}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{48E919B0-2DB0-4D1B-A279-7ADDE0E689D2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{D19D4725-F30B-4DCE-A8C0-87BE760859A8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FD649698-1E0F-4286-B2FF-A2DB850A9DA2}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{58809877-3482-42FF-96F9-B4CB4577D33B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E05754A9-15B2-412A-959E-1BD46EF94466}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F3AC8A7F-C918-4FBA-B107-B83A39A922DE}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{145B59F2-B658-446D-AB41-BD261E2577A7}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{9921227F-538A-48F7-BC81-C781DA3EF559}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{65942B73-D888-42A4-B81F-81E5A679F698}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{72A2E5C4-E8AC-40BC-86E0-56D981F235AF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D4225430-B45C-42C8-B05E-72FD19B639FD}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B2F8F0A4-749B-49EE-AB1B-17854CFA949F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AB898C6D-F903-4A40-9D9C-EF78E9AFC172}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{9051D1C6-797F-4F89-B331-F11603F1A609}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A9F9F5EF-802B-40B4-A53D-E6A7973E876B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{1AA33A68-692A-4FF7-891E-641F14C1E844}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5AF7156F-1BB5-4FE8-932B-9031FB691B86}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{EEB8F5AE-621A-4A2E-8A7C-B47802BAB538}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0DB778CA-A96B-4215-8D43-DF676E0DAC6E}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{3D295707-5BBA-4E41-9E1C-70BFFEBB0679}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C3FBB3E4-9FFF-47BD-ABA8-B3F92AF82AC4}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{95C90BCF-CB35-4EC4-9945-8D4A343EE4D5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{20D1148F-4BD8-4D20-8115-1761697FE907}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{DE50322C-EC61-4D49-AE65-6C4FBAFCCDA1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A3CBB18B-D19F-428D-BB9F-45EDA2B5B9B1}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5F840851-1BD0-4C22-AAE7-C1BC1C32AB75}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{56BB8FF0-4F45-463B-9F22-382127E50942}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5D03E472-5803-4FD2-859B-D2A9AB27F3A0}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F4F7AAC5-400B-4BBC-8FB0-87661FACB66A}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C8F3C809-4187-4C09-A75E-F88AF6A96BCB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{13CF75B0-2376-408E-BE9F-22763C52089C}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2CEE3722-66FB-48E7-AC73-BEF57DC68624}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CA1BA2D1-B602-43F2-9AF9-2DEA0C09EDBB}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E885E314-9235-4D7A-8FC7-7F83B40D42BD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{F64662B8-0B04-4B0F-A236-8E89B8173D27}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4F91822B-6842-4645-B255-741CF9D0CD49}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2D08A753-C287-4099-BAE8-30AAAD2D557B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{034485EF-C447-4546-96C9-F2DF825CC186}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{21664485-D178-4DC7-9FC8-B910C2DF6AE0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{15E67289-A561-418F-BFEC-89AB1CE873CF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{2290D916-BC6F-48FC-87C3-DC5718852B31}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{CC6A0CAA-601F-4256-8668-19494B6EAA2D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{302FC6AB-A252-45D0-8510-70AF9B85ADB1}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7BB8D86D-8D0A-4AEB-B496-BD8F3EB1CFAB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A6A2B001-7693-41F5-B198-D012A3231F93}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{D5A5AE64-6BFB-43A7-810E-43F4C9949D4F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AEED914C-76DA-4DFE-9A46-03A9BD86A56D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F25863B6-DFDF-4732-B063-00468BC5B4AF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{11D988AA-315B-4979-B90B-996075B1BF60}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{DB60576B-2E76-4271-B41D-4D20CE25EB8B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C00B56D9-733C-4F00-A303-3ECEC25261C0}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B6AA2D2A-F07F-4BE1-BD8D-04DF03EFD73E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E1BDDB13-BDCD-46B9-989E-F9FA4A66EB54}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{9BA07532-46A0-409D-B15D-6801E886FD99}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8004B36D-3FC3-4794-AEED-B1E5AB157756}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B88B3905-BC3E-4D78-A472-61773FAB2A71}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A056F99E-BC42-414B-A31E-D2841464A091}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4E04C361-2458-4720-A6A8-CAC088387CBB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8ACC064E-FE8D-4476-9B71-AFBB3B6B5623}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{274E3C05-AC9E-48C8-95AB-7BE94410821D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{49FD63D7-08DE-43CB-A6A1-EC7253B2DE43}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{6517E753-7471-4551-BB98-03A6E7E5C857}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FAD7E685-CB56-4FE0-AAA3-D62E123C15EE}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{A3D6EB74-FC61-475A-B345-69544A4531FC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DA1FE293-A601-4CF1-973F-303464A4DF71}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{E129DEAF-40B1-4742-B311-7FEE0AA19CF9}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{51C59FC5-BCD7-4C43-92A6-C0DD2F9B2219}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B3428EDC-5CBF-4C4C-A02D-2B14D600E4C3}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{21926437-811B-4B2A-BA87-D0A5799583F6}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{95BCA072-146A-408C-A57B-A4B5D514E437}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{A53A1B76-329E-4661-9C37-8F8534586E41}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{86775999-D658-4273-B096-A8741AD335E2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{46DB9545-7D7D-4449-BB1C-3FD956876F30}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{38F4700B-A131-48C2-9768-2A8FFED3BB10}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7E213ACE-3B28-4347-9093-2BE52237D608}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{8E9609CA-ED1D-4771-AAE1-73E344EC6592}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{36C9EACF-D94D-42AB-B966-61027154C686}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{355C1EF0-5E01-4CE9-8B78-5B98B9C6E9C1}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B5C52C33-C52B-4E59-ACE7-510EF003CAEB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{977789B5-6DDC-418C-A8D3-3072523E2FAF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{08D0D3C0-B2FC-491C-AEE3-8A19E7619291}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{238A25FB-3E7E-4CB3-9898-FB43E881E7B9}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{DE461F53-C158-4D24-9A7C-C9479D2DAA20}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F595A252-1263-40BB-9C9B-FABCF1EB622B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{BD1F795B-28C3-44E2-9FCE-5A80807CB392}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{319A79DC-098B-47BE-9D63-19CDDB9DAB7D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7C096A70-2B4B-461B-B995-7D57F7C5C32C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{14E19E81-9336-48E3-A892-FF443BA0879A}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{F8D10216-7B92-4CE6-A8C9-FCF2B2DDA400}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B6F6E206-1D6F-4A74-9E27-D1761F923911}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{6D649B7E-CCB4-445D-A858-744EA8347ABD}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{28FD70D4-B2E9-49DE-9999-836D2EAF9DBF}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{0D320CD1-F4C9-40EC-8568-20C3E7FAC433}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CA02AED7-2E62-4B94-BF70-446C6C4A6DA4}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{01A57514-141D-4276-A74B-7DE31BBAE275}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{07CA15F9-A18B-4C85-BA5A-8AB22C02F645}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{9DC883DC-B184-4E3F-9689-F30CFC62F72B}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{47BAF4B4-40D1-4DFB-8A19-CB7A033C53B5}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{FE596ADA-12AC-4B2B-9D96-C503FAFD2BBC}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{054187F7-C045-4BDB-BF3C-F35F0A5D0966}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{8326F998-3D93-4C80-901C-390CD59B5DD9}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2F18359D-90C0-4961-86A6-45AA4C6A74C1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{018D753D-4138-4698-8DA2-F02976058241}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{ED7E18E2-EB70-452E-B833-1B39DD62F63B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4EFCD412-550C-4D52-BA90-6A1D967BA373}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0619A28E-39FB-4ECA-BAA2-3AE0309D7ED8}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{E61ACCD7-34F8-45EE-938E-7B146660B2A7}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4AFAFDAE-5C45-4A81-9CB8-DB1524E8EBF1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0E2E92A3-7C55-4C83-9BD9-9EB3D85EBA30}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{B2EA9E11-D3B1-4D42-8E6B-61634CA00D1C}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{A232069F-5E50-4B21-BEC7-2D6DFC950FF8}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AA6FF27C-2904-4392-A155-9BD232462979}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{7BAA99FF-C470-4169-BFD3-6ED3372EC099}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{C025B85F-A3FD-49C8-8E87-6FAF752A68ED}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0A5E2452-5A37-40F1-96AA-CE3B600721D0}] => (Allow) C:\Users\user\AppData\Local\NET.Framework SDK\msiexec64.exe
FirewallRules: [{D86C227C-1397-4220-8D5E-FC5F3A333053}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{FA7309CD-3AFF-4569-8D90-33287FCDECCF}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{412B16B0-D211-43D0-891A-C49BFBB03C5E}] => (Allow) C:\Users\user\AppData\Local\web server extensions\msiexec64.exe
FirewallRules: [{623AECA6-E306-4EA4-97B1-A86BBA46EA87}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{5C558150-B08D-40C4-B16C-01652030153E}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{8EA315AB-B32D-4047-8884-C925D6A935CB}] => (Allow) C:\Users\user\AppData\Local\web server extensions\msiexec64.exe
FirewallRules: [{4ECC5E34-97D0-421F-AFC9-BF56036EC9F7}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{CBF243AD-9263-4F87-B96E-E141DF59CB6C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{50486CA5-BB55-4378-9DF3-7587EBA70873}] => (Allow) C:\Users\user\AppData\Local\web server extensions\msiexec64.exe
FirewallRules: [{47A14424-D3CD-49DA-A384-E082B993B82E}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{F4551B51-E129-4613-AB36-B82BD6075126}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{AF7BD5E5-DFB7-456F-BD22-8746C2495015}] => (Allow) C:\Users\user\AppData\Local\web server extensions\msiexec64.exe
FirewallRules: [{7578332C-10CE-42DE-97AF-5C544896F949}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{4078640D-4C0A-4B37-B700-1AE18AFD17BB}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{60711DD9-ABDB-4F3F-B01C-58940A2E10D4}] => (Allow) C:\Users\user\AppData\Local\web server extensions\msiexec64.exe
FirewallRules: [{B7954312-D154-4FEF-B8DA-0189002E2219}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{7B179622-CD5F-4B56-A1FC-0A44B1ECF32F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5EE6795A-A4EB-44D4-BD87-085D732F9F85}] => (Allow) C:\Users\user\AppData\Local\WIX Toolset 11.2\msiexec64.exe
FirewallRules: [{10D08D8B-0FD0-4DEC-99D4-3EE7CB9C747E}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{D51086BE-9981-428B-A444-01D1A748366B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{81B69E1A-8B23-483B-9766-153C72646276}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{5ED561BF-C9B3-46F1-AC5F-F70AF27676B2}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{E32611AE-7237-4697-B90B-9814A45A7AA0}] => (Allow) C:\Users\user\AppData\Local\WIX Toolset 11.2\msiexec64.exe
FirewallRules: [{DECB85CD-E7A6-4BF3-B9BB-ED0A43904363}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{84576DD5-8F5F-4FE2-9E29-E4AFDDE47838}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{56708A48-E7BC-4F4B-B817-394F749D1579}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CCEC98A3-9A3C-447C-A067-2F52B11E8D29}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{35E3DB0F-4D38-4601-9F7C-42E8719C4C5F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{DFD2D76A-A7AB-4342-9763-75C303C44F9F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{FABD5B0D-A6E0-4477-8B3E-7F00EDA9A10D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{79B207D0-A0C2-4C0F-943A-D2ECDA89D9AD}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{7FB3C578-7790-4C1E-B28D-D0F52562AB0F}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{CF6B1484-77DE-4319-B7F2-FEC25021BA3B}] => (Allow) C:\Windows\SysWOW64\tracert.exe
FirewallRules: [{7A49C737-72D3-4447-8AE4-EF2FE6133C78}] => (Allow) C:\Program Files (x86)\Common Files\NTServices\Winx64Legacy.exe
FirewallRules: [{C0184007-1D73-4222-BA3F-B96FFF5A068C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{0406DEA4-36DC-4A28-A5A7-0FD7615AA16B}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{88DEB5BB-6E12-4F08-9B33-3C3F23063655}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{91117EC8-2DA8-4C55-9400-096154C38B4B}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{77C91642-146B-4606-9F82-A4F14481953D}] => (Allow) C:\Program Files (x86)\Common Files\NTServices\msiexec64.exe
FirewallRules: [{96A0B1F8-B52B-4FC7-BD28-41550E360C87}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{1F29023A-9095-4741-9324-57EE1C7BB73D}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{2521AF9F-8FBF-4E7B-B253-B6EF870E7929}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{383B9DA1-421E-47A6-A430-68BD41F0DA9D}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{D882F317-F02A-4FDA-A671-10E4A32A9310}] => (Allow) C:\Windows\SysWOW64\rundll32.exe
FirewallRules: [{B362F1AC-9DC4-40FB-8609-C7DF7A9FDB3C}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{4D5E33CB-89F2-48CD-A266-7F6F0F0BEDE5}] => (Allow) C:\Windows\SysWOW64\svchost.exe
FirewallRules: [{C0F08BE7-CC8C-48B4-B4C4-913F76AD87E1}] => (Allow) C:\Windows\SysWOW64\svchost.exe
Reboot:

Запустите FRST и нажмите один раз на кнопку Fix и подождите.
Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
Обратите внимание, что компьютер будет перезагружен.

На рабочем столе образуется карантин вида <date>.zip загрузите по ссылке "Прислать запрошенный карантин" вверху темы.

**bagsy72** · 16.08.2018, 09:05

Сделал

SQ · 16.08.2018, 16:32

Сообщение от SQ

На рабочем столе образуется карантин вида <date>.zip загрузите по ссылке "Прислать запрошенный карантин" вверху темы.

Уточните пожалуйста где запрошенный карантин?

- - - - -Добавлено - - - - -

Скопируйте приведенный ниже текст в Блокнот и сохраните файл как fixlist.txt в ту же папку откуда была запущена утилита Farbar Recovery Scan Tool:

Код:

CreateRestorePoint:
CloseProcesses:
Folder: C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}\1370
Folder: C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}\15794
Folder: C:\Windows\{6CD4963C-603E-45BC-A07A-EB9A6137CC9A}\19683
Folder: C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}\14830
Folder: C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}\30770
Folder: C:\Windows\{9313CB30-7832-4851-AF74-A21456C4EF2A}\3880
C:\Users\user\AppData\Local\web server extensions
C:\Users\user\AppData\Local\NET.Framework SDK
C:\Users\user\AppData\Local\Feedback Reports
C:\Users\user\AppData\Local\1a8c3a8e-bf19-4ef3-adae-40e9f007b1b2
Reboot:

Запустите FRST и нажмите один раз на кнопку Fix и подождите.
Программа создаст лог-файл (Fixlog.txt). Пожалуйста, прикрепите его в следующем сообщении!
Обратите внимание, что компьютер будет перезагружен.

**bagsy72** · 16.08.2018, 20:30

При попытки загузить карантин, вот такая запись:
Результат загрузки

Ошибка загрузки. Данный файл уже был загружен

SQ · 17.08.2018, 07:38

Сообщите, что с проблемой?

**bagsy72** · 17.08.2018, 13:29

Спасибо, браузер не открывается при запуске

SQ · 18.08.2018, 00:18

Проблема решена?

**bagsy72** · 18.08.2018, 06:54

Ну, да. Я же сказал, спасибо.

SQ · 18.08.2018, 17:40

Я хотел уточнить.

В завершение:
1.

Пожалуйста, запустите adwcleaner.exe
В меню Настройки - Удалить AdwCleaner - выберите Удалить.
Подтвердите удаление, нажав кнопку: Да.

Переименуйте FRST.exe (или FRST64.exe) в uninstall.exe и запустите.
Компьютер перезагрузится.

Остальные утилиты лечения и папки можно просто удалить.

**CyberHelper** · 18.08.2018, 17:50

Статистика проведенного лечения:

Получено карантинов: 1
Обработано файлов: 3
В ходе лечения обнаружены вредоносные программы:
1. c:\users\user\appdata\local\kometa.bat - not-a-virus:AdWare.BAT.Clicker.af

При запуске отрываеться браузер [not-a-virus:AdWare.BAT.Clicker.af ] (заявка № 219919)

Опции темы