VirusTotal: C:\Program Files (x86)\Razer\Razer Services\GMS\SteamCmd\steamcmd.exe.old
VirusTotal: C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe 
VirusTotal: C:\Program Files\SteelSeries\GG\SteelSeriesPrismSync.exe
VirusTotal: C:\Program Files\Tobii\Tobii EyeX\Tobii.EyeX.Interaction.exe
VirusTotal: C:\Windows\System32\drivers\RivetNetworks\Killer\KSPS.exe
VirusTotal: C:\Users\olyti\AppData\Roaming\streamlink-twitch-gui\streamlink-twitch-gui.exe
VirusTotal: C:\Windows\ThunderboltService.exe
VirusTotal: C:\Windows\System32\NahimicSvc64.exe
VirusTotal: C:\Users\olyti\AppData\Roaming\Entertainment\Entertainment.exe
VirusTotal: C:\Users\olyti\Documents\temp\OneDC_Updater\OneDC_Updater.exe 
VirusTotal: C:\WINDOWS\SysWOW64\GameMon.des 
VirusTotal: C:\WINDOWS\system32\drivers\fdrawcmd.sys
VirusTotal: C:\WINDOWS\system32\drivers\ksophon_x64.sys
VirusTotal: C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys
VirusTotal: C:\WINDOWS\System32\drivers\RoutePolicy.sys
VirusTotal: C:\Program Files\WindowsApps\9426MICRO-STARINTERNATION.DragonCenter_2.0.121.0_x64__kzh8wxbdkxb8p\DCv2\SQLite.Interop.dll
CMD: sc config LightKeeperService start=disabled
HKU\S-1-5-21-3139933802-399766682-36797096-1001\...\Run: [Norton Download Manager{NS-22211151-SHPD-FSD5250006}] => C:\Users\Public\Downloads\Norton\{NS-22211151-SHPD-FSD5250006}\FSDUI_Custom.exe /m /WIN10_UPGRADE "C:\Users\olyti\AppData\Local\Temp\{ACB18532-3DE2-46CE-A1B8-C0316BEC9FBE}\Upgrade.exe" /m (No File) <==== ATTENTION
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.47\Installer\setup.exe [3350952 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3139933802-399766682-36797096-1001\...\Run: [Norton Download Manager{NS-22211151-SHPD-FSD5250006}] => C:\Users\Public\Downloads\Norton\{NS-22211151-SHPD-FSD5250006}\FSDUI_Custom.exe /m /WIN10_UPGRADE "C:\Users\olyti\AppData\Local\Temp\{ACB18532-3DE2-46CE-A1B8-C0316BEC9FBE}\Upgrade.exe" /m (No File) <==== ATTENTION
HKU\S-1-5-21-3139933802-399766682-36797096-1001\...\Run: [MicrosoftEdgeAutoLaunch_D30A67E0D8865ABC16D6E6E5594A3C48] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852200 2022-10-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {332C2166-38E7-4D16-A828-28B1818915FA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe Display (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (No File)
Task: {D4497137-A762-4AF4-9D49-51E270D48401} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {DFFE6C06-8C5A-4DDF-B2CB-59A3FF912E85} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (No File)
S2 cphs; %SystemRoot%\System32\IntelCpHeciSvc.exe [X]
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} =>  -> No File
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} =>  -> No File
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} =>  -> No File
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} =>  -> No File
FirewallRules: [UDP Query User{1E3510CC-FE8B-4A40-BB66-328FAF856DBD}C:\xboxgames\sins of a solar empire- rebellion\content\xboxshim.exe] => (Allow) C:\xboxgames\sins of a solar empire- rebellion\content\xboxshim.exe => No File
FirewallRules: [TCP Query User{2D419849-A46B-4575-B8D6-0C0B3DB4B635}C:\xboxgames\sins of a solar empire- rebellion\content\xboxshim.exe] => (Allow) C:\xboxgames\sins of a solar empire- rebellion\content\xboxshim.exe => No File
FirewallRules: [{E22F4414-256C-4998-B4D1-573FF6748E39}] => (Allow) C:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{64EC9F32-7EA6-401A-8BF5-4E7E04239D92}] => (Allow) C:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{A93DAED4-6E92-4FC8-B887-A3AB79B66122}] => (Allow) C:\Users\olyti\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{FE3CAC21-17E0-4D3E-B542-7A2B1D72607B}] => (Allow) C:\Users\olyti\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{78134CEA-5724-4234-9307-E51EE300994F}C:\program files\modifiablewindowsapps\darkestdungeonpc\_windowsgamepass\darkest.exe] => (Allow) C:\program files\modifiablewindowsapps\darkestdungeonpc\_windowsgamepass\darkest.exe => No File
FirewallRules: [UDP Query User{877B41C7-50E0-415C-88B7-1F20380DEB4E}C:\program files\modifiablewindowsapps\darkestdungeonpc\_windowsgamepass\darkest.exe] => (Allow) C:\program files\modifiablewindowsapps\darkestdungeonpc\_windowsgamepass\darkest.exe => No File
FirewallRules: [{CDDFDAD7-1E8F-408F-BF30-92143E6AB201}] => (Allow) C:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [{EB97ECB9-FF53-42DB-9C6A-A7E2B4778BA4}] => (Allow) C:\Steam\steamapps\common\Total War WARHAMMER\launcher\launcher.exe => No File
FirewallRules: [TCP Query User{628BD29F-5298-4FCA-8501-11817BBB91BC}C:\steam\steamapps\common\absolute tactics demo\atbtt_4_18_b\binaries\win64\atbtt_4_18_b-win64-shipping.exe] => (Allow) C:\steam\steamapps\common\absolute tactics demo\atbtt_4_18_b\binaries\win64\atbtt_4_18_b-win64-shipping.exe => No File
FirewallRules: [UDP Query User{C375FFED-EC6D-4212-A48B-A250FF654B37}C:\steam\steamapps\common\absolute tactics demo\atbtt_4_18_b\binaries\win64\atbtt_4_18_b-win64-shipping.exe] => (Allow) C:\steam\steamapps\common\absolute tactics demo\atbtt_4_18_b\binaries\win64\atbtt_4_18_b-win64-shipping.exe => No File
FirewallRules: [TCP Query User{2EAE4178-6800-493A-BD37-D3B7CCD305B8}C:\steam\steamapps\common\potionomics demo\potionomics\binaries\win64\potionomics-win64-shipping.exe] => (Allow) C:\steam\steamapps\common\potionomics demo\potionomics\binaries\win64\potionomics-win64-shipping.exe => No File
FirewallRules: [UDP Query User{FD060547-F5F6-405D-A7FA-1F4EB84C7658}C:\steam\steamapps\common\potionomics demo\potionomics\binaries\win64\potionomics-win64-shipping.exe] => (Allow) C:\steam\steamapps\common\potionomics demo\potionomics\binaries\win64\potionomics-win64-shipping.exe => No File
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: