Jan49 Opublikowano 28 Października 2013 Zgłoś Udostępnij Opublikowano 28 Października 2013 W dniu 2013.10.18 na komputerze z Windows 7 Profesional załapało “Antyvirus security Pro” Na pulpicie pojawił się link do programu “C:\ProgramData\DpdpngDX\DpdpngDX.exe” oraz strony: hxxp://techprotectorltd.com/?. Użyto Kaspersky Rescue Disk 10.0, wykrył ale nie usunął – z wbudowanego tam edytora rejestru usunięto klucz: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="\"C:\\Users\\Rej\\AppData\\Local\\Google\\Desktop\\Install\\{855c3967-086f-3046-d588-ae24035dd676}\\<dziwne znaki-psują resztę posta> \\{855c3967-086f-3046-d588-ae24035dd676}\\GoogleUpdate.exe\" >" "AS2014"="C:\\ProgramData\\DpdpngDX\\DpdpngDX.exe" Użyto także Windows defender offline, Rkill i Kaspersky Virus Removal Tool. Był rootkit ZEROACCESS. klika trojanów. System wydaje się czysty, ale zapora Windows też jest czysta – nie ma w niej żadnych reguł, także tych domyślnych, instalowanych wraz z systemem. Dla potrzeby udostępniania wyłączono zaporę. Pliki są dostępne w sieci, ale próba udostępniania drukarki kończy się komunikatem: “Nie można zapisać ustawień drukarki. Nie można ukończyć operacji (błąd 0x000006d9)” Przy włączonej zaporze komunikat różni się jedynie: (błąd 0x00000001)” . Na tym komputerze była udostępniana drukarka HP LaserJet Professional P1102, usunięto ją i zainstalowano ponownie. Po instalacji pojawiły się w panelu sterowania dwie drukarki opócz tej jak wyżej także HP LaserJet 1100 Series z żółtym wykrzyknikiem i bez pozycji Właściwości Drukarki w menu. Powraca za każdą próbą jej usunięcia po restarcjie systemu. HP LaserJet Professional P1102 jest domyśną i lokalnie drukuje. W katalogu virusa był plik wsadowy –serv.bat, wydaje się, że potrzebne usługi dla udostępniania drukarki są włączone. Jak naprawić system dla udostępniania drukarki i przywrócić domyślne reguły zapory? Logi OTL i FRST po walce z wirusami. Addition.txt Extras.Txt FRST.txt OTL.Txt Odnośnik do komentarza
jessica Opublikowano 28 Października 2013 Zgłoś Udostępnij Opublikowano 28 Października 2013 Źle trafiłeś, bo @Picasso nie ma teraz możliwości zbyt dużo czasu poświęcać na pomaganie (kłopoty osobiste). Zanim tu zajrzy, to możesz zrobić to: 1. Otwórz Notatnik i wklej w nim: HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{855c3967-086f-3046-d588-ae24035dd676}\ \...\???\{855c3967-086f-3046-d588-ae24035dd676}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) S3 gfiark; system32\drivers\gfiark.sys [x] S2 sbapifs; system32\DRIVERS\sbapifs.sys [x] C:\Program Files\Google\Desktop\Install C:\Users\Rej\AppData\Local\Google\Desktop\Install C:\Users\Rej\AppData\Local\Temp\siinst.exe C:\Users\Rej\AppData\Local\Temp\siuninst.exe C:\Users\Rej\AppData\Local\Temp\strings.dll Task: {8362C96B-D02A-46E4-AA83-B5CD6BB41714} - \WPD\SqmUpload_S-1-5-21-2890126291-69562741-2740643167-500 No Task File Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie plik fixlog.txt. Daj ten raport. 2. Na wszelki wypadek (choć raczej już nie będzie ZeroAccesa) użyj RogueKiller. Kliknij w nim SCAN, a po wyszukaniu szkodliwych rzeczy kliknij DELETE. Pokaż oba raporty z niego. 3. Zrób log z Farbar Service Scanner (do skanowania zaznacz wszystko). 4. Zrób aktualne logi z FRST. jessi Odnośnik do komentarza
Jan49 Opublikowano 28 Października 2013 Autor Zgłoś Udostępnij Opublikowano 28 Października 2013 Coś jednak było w rejestrze po ZeroAcces. Po wykonaniu instrukcji dalej jak poprzednio brak możliwości udostępniania drukarki. Poczekamy na Picasso, a jak się nie doczekamy to najwyżej zakupię serwer druku. Przykro, że ma kłopoty... FRST.txt FSS.txt RKreport0_D_10282013_122320.txt RKreport0_S_10282013_122251.txt Odnośnik do komentarza
jessica Opublikowano 28 Października 2013 Zgłoś Udostępnij Opublikowano 28 Października 2013 Jeśli przez 2-3 dni @Picasso tu nie pomoże, to zrobisz to: Do Notatnika wklej: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}] "AutoStart"="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent] "DisplayName"="@%SystemRoot%\\System32\\polstore.dll,-5010" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\ 00,69,00,63,00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,\ 73,00,74,00,72,00,69,00,63,00,74,00,65,00,64,00,00,00 "Description"="@%SystemRoot%\\system32\\polstore.dll,-5011" "ObjectName"="NT Authority\\NetworkService" "ErrorControl"=dword:00000001 "Start"=dword:00000003 "Type"=dword:00000020 "DependOnService"=hex(7):54,00,63,00,70,00,69,00,70,00,00,00,62,00,66,00,65,00,\ 00,00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,\ 00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,\ 61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,\ 00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,\ 61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,\ 00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,\ 72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,\ 00,65,00,67,00,65,00,00,00,00,00 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent\Parameters] "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 69,00,70,00,73,00,65,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,\ 00 "ServiceDllUnloadOnStop"=dword:00000001 "ServiceMain"="SpdServiceMain" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent\TriggerInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent\TriggerInfo\0] "Type"=dword:00000004 "Action"=dword:00000001 "GUID"=hex:07,9e,56,b7,21,84,e0,4e,ad,10,86,91,5a,fd,ad,09 "Data0"=hex:52,00,50,00,43,00,00,00,54,00,43,00,50,00,00,00,25,00,77,00,69,00,\ 6e,00,64,00,69,00,72,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,\ 00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,\ 65,00,00,00,70,00,6f,00,6c,00,69,00,63,00,79,00,61,00,67,00,65,00,6e,00,74,\ 00,00,00,00,00 "DataType0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess] "DisplayName"="@%Systemroot%\\system32\\mprdim.dll,-200" "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "Description"="@%Systemroot%\\system32\\mprdim.dll,-201" "ObjectName"="localSystem" "ErrorControl"=dword:00000001 "Start"=dword:00000004 "Type"=dword:00000020 "DependOnGroup"=hex(7):4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,\ 6f,00,75,00,70,00,00,00,00,00 "DependOnService"=hex(7):52,00,70,00,63,00,53,00,53,00,00,00,42,00,66,00,65,00,\ 00,00,52,00,61,00,73,00,4d,00,61,00,6e,00,00,00,48,00,74,00,74,00,70,00,00,\ 00,00,00 "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,00,69,00,76,\ 00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\ 53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,\ 00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\ 41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,\ 00,65,00,00,00,00,00 "FailureActions"=hex:84,03,00,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 "ConfigurationFlags"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting] "AccountSessionIdStart"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting\Providers] "ActiveProvider"="{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}] "ConfigClsid"="{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}" "DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-202" "VendorName"="Microsoft" "ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Accounting\Providers\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}] "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\ 70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00 "ConfigClsid"="" "DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-203" "ProviderTypeGUID"="{76560D81-2BFD-11d2-9539-3078302C2030}" "VendorName"="Microsoft" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication\Providers] "ActiveProvider"="{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}] "ConfigClsid"="{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}" "DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-201" "VendorName"="Microsoft" "ProviderTypeGUID"="{76560D00-2BFD-11d2-9539-3078302C2030}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Authentication\Providers\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}] "Path"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\ 00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\ 70,00,72,00,64,00,64,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00 "ConfigClsid"="" "DisplayName"="@%Systemroot%\\system32\\mprddm.dll,-200" "VendorName"="Microsoft" "ProviderTypeGUID"="{76560D01-2BFD-11d2-9539-3078302C2030}" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\DemandDialManager] "DllPath"="%SystemRoot%\\System32\\mprddm.dll" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces] "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\0] "InterfaceName"="Loopback" "Type"=dword:00000005 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\0\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\0\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\1] "InterfaceName"="Internal" "Type"=dword:00000004 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\1\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\1\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\2] "InterfaceName"="{B19FFBDD-2DE4-4C89-9F2C-FF5C2D8D0738}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\2\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\2\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\3] "InterfaceName"="{B478FC25-3362-46FA-B72C-544C7BA9D67A}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\3\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\3\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\4] "InterfaceName"="{0AFFAC03-E9FA-405A-A377-004F0A1883CE}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\4\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\4\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\5] "InterfaceName"="{C25CA7FB-D708-4E29-9BDC-02FFB2C1B9CF}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\5\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\5\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\6] "InterfaceName"="{5DBCA5BB-25FF-48A6-BBB0-DFC74866B9ED}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\6\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\6\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\7] "InterfaceName"="{4D94550A-CD2C-417A-B885-2F7F9FECAA16}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\7\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\7\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\8] "InterfaceName"="{8F550093-CC2D-4998-9EFE-2E9884E96AD7}" "Type"=dword:00000003 "Enabled"=dword:00000001 "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\8\Ip] "ProtocolId"=dword:00000021 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Interfaces\8\Ipv6] "ProtocolId"=dword:00000057 "InterfaceInfo"=hex:01,00,00,00,68,00,00,00,03,00,00,00,05,00,ff,ff,48,00,00,\ 00,00,00,00,00,40,00,00,00,04,00,ff,ff,04,00,00,00,01,00,00,00,40,00,00,00,\ 07,00,ff,ff,10,00,00,00,01,00,00,00,48,00,00,00,00,00,00,00,01,00,00,00,00,\ 00,00,00,58,02,c2,01,08,07,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters] "ServiceDLL"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 6d,00,70,00,72,00,64,00,69,00,6d,00,2e,00,64,00,6c,00,6c,00,00,00 "QuarantineInstalled"=dword:00000001 "LoggingFlags"=dword:00000002 "ServerFlags"=dword:00802602 "ServiceDllUnloadOnStop"=dword:00000001 "Stamp"=dword:00000000 "UsersConfigured"=dword:00000000 "RouterType"=dword:00000007 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\AccountLockout] "MaxDenials"=dword:00000000 "ResetTime (mins)"=dword:00000b40 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\IKEV2] "idleTimeout"=dword:0000012c "networkBlackoutTime"=dword:00000708 "saLifeTime"=dword:00007080 "saDataSize"=dword:00019000 "ConfigOptions"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\Ip] "AllowClientIpAddresses"=dword:00000000 "AllowNetworkAccess"=dword:00000001 "EnableIn"=dword:00000001 "EnableRoute"=dword:00000001 "IpAddress"="0.0.0.0" "IpMask"="0.0.0.0" "UseDhcpAddressing"=dword:00000001 "EnableNetbtBcastFwd"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\Ipv6] "AdvertiseDefaultRoute"=dword:00000001 "AllowNetworkAccess"=dword:00000001 "EnableIn"=dword:00000000 "EnableRoute"=dword:00000001 "UseDhcpAddressing"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Parameters\Nbf] "AllowNetworkAccess"=dword:00000001 "EnableIn"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Performance] "Library"="rasctrs.dll" "Open"="OpenRasPerformanceData" "Close"="CloseRasPerformanceData" "Collect"="CollectRasPerformanceData" "InstallType"=dword:00000001 "PerfIniFile"="rasctrs.ini" "First Counter"=dword:000007fe "Last Counter"=dword:00000824 "First Help"=dword:000007ff "Last Help"=dword:00000825 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy] "Allow LM Authentication"=dword:00000000 "ProductDir"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 49,00,41,00,53,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\01] @="IAS.ProxyPolicyEnforcer" "Requests"="0 1 2" "Responses"="0 1 2 3 4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\02] @="IAS.Realm" "Providers"="1" "Requests"="0 1" "Responses"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\03] @="IAS.Realm" "Requests"="0 1" "Responses"="0" "Providers"="0 2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\04] @="IAS.NTSamNames" "Providers"="1" "Responses"="0" "Requests"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\05] @="IAS.CRPBasedEAP" "Providers"="1" "Requests"="0 2" "Responses"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\06] @="IAS.Realm" "Providers"="1" "Requests"="0" "Responses"="0" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\07] @="IAS.NTSamNames" "Providers"="1" "Requests"="0" "Responses"="0" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\08] @="IAS.MachineNameMapper" "Providers"="1" "Requests"="0" "Responses"="0" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\09] @="IAS.BaseCampHost" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\10] @="IAS.RadiusProxy" "Providers"="2" "Responses"="0" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\11] @="IAS.ExternalAuthNames" "Providers"="2" "Requests"="0" "Responses"="1" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\12] @="IAS.NTSamAuthentication" "Requests"="0" "Responses"="0 1 2" "Providers"="1" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\13] @="IAS.UserAccountValidation" "Providers"="1 3" "Requests"="0" "Replays"="0" "Responses"="0 1" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\14] @="IAS.MachineAccountValidation" "Providers"="1" "Requests"="0" "Responses"="0 1" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\15] @="IAS.EAPIdentity" "Providers"="1" "Requests"="0" "Replays"="0" "Responses"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\16] @="IAS.QuarantineEvaluator" "Providers"="1" "Requests"="0" "Replays"="0" "Responses"="0 1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\17] @="IAS.PolicyEnforcer" "Providers"="1 3" "Requests"="0" "Replays"="0" "Responses"="0 1" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\18] @="IAS.NTSamPerUser" "Providers"="1 3" "Requests"="0" "Replays"="0" "Responses"="0 1" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\19] @="IAS.URHandler" "Providers"="1 3" "Requests"="0" "Replays"="0" "Responses"="0 1" "Reasons"="33" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\20] @="IAS.RAPBasedEAP" "Providers"="1" "Requests"="0 2" "Replays"="0" "Responses"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\21] @="IAS.PostEapRestrictions" "Providers"="0 1 3" "Requests"="0" "Replays"="0" "Responses"="0 1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\22] @="IAS.PostQuarantineEvaluator" "Providers"="1" "Requests"="0" "Replays"="0" "Responses"="1 2 5" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\23] @="IAS.ChangePassword" "Providers"="1" "Requests"="0" "Replays"="0" "Responses"="1" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\24] @="IAS.AuthorizationHost" "Replays"="0" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\25] @="IAS.EAPTerminator" "Providers"="0 1" "Requests"="0 2" "Replays"="0" "Responses"="1 2 3 5" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\26] @="IAS.DatabaseAccounting" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\27] @="IAS.Accounting" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Policy\Pipeline\28] @="IAS.MSChapErrorReporter" "Providers"="0 1 3" "Requests"="0" "Replays"="0" "Responses"="2" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RouterManagers] "Stamp"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RouterManagers\Ip] "ProtocolId"=dword:00000021 "GlobalInfo"=hex:01,00,00,00,78,00,00,00,02,00,00,00,03,00,ff,ff,08,00,00,00,\ 01,00,00,00,30,00,00,00,06,00,ff,ff,34,00,00,00,01,00,00,00,38,00,00,00,00,\ 00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,00,01,00,00,00,03,00,\ 00,00,0a,00,00,00,16,27,00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,\ 00,07,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "DLLPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\ 00,70,00,72,00,74,00,72,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RouterManagers\Ipv6] "ProtocolId"=dword:00000057 "GlobalInfo"=hex:01,00,00,00,78,00,00,00,02,00,00,00,0f,00,ff,ff,08,00,00,00,\ 01,00,00,00,30,00,00,00,06,00,ff,ff,34,00,00,00,01,00,00,00,38,00,00,00,00,\ 00,00,00,00,00,00,00,01,00,00,00,06,00,00,00,02,00,00,00,01,00,00,00,16,27,\ 00,00,03,00,00,00,17,27,00,00,05,00,00,00,12,27,00,00,07,00,00,00,03,00,00,\ 00,0a,00,00,00,08,00,00,00,78,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "DLLPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,69,\ 00,70,00,72,00,74,00,72,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager\Instance 00000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00002] "AddressSize"=dword:00000004 "MaxChangeNotifyRegistrations"=dword:00000010 "MaxHandlesReturnedInEnum"=dword:00000019 "MaxNextHopsInRoute"=dword:00000003 "MaxOpaqueInfoPointers"=dword:00000005 "ViewsSupported"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00023] "AddressSize"=dword:00000010 "MaxChangeNotifyRegistrations"=dword:00000010 "MaxHandlesReturnedInEnum"=dword:00000019 "MaxNextHopsInRoute"=dword:00000003 "MaxOpaqueInfoPointers"=dword:00000005 "ViewsSupported"=dword:00000003 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess\Security] "Security"=hex:01,00,04,80,5c,00,00,00,68,00,00,00,00,00,00,00,14,00,00,00,02,\ 00,48,00,03,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,\ 00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,\ 00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,01,01,00,00,\ 00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>z prawokliku na plik Scal i potwierdź import do rejestru.2. Potem:Pobierz narzędzie SetACL, (SetACL.3.06 z folderu Commandline version wypakuj wersję dopasowaną do systemu (x86 = 32-bit, x64 = 64-bit) i umieść w katalogu C:\Windows.W Notatniku wklej poniższą treść i zapisz plik pod nazwą fix.txt. Plik umieść bezpośrednio na C:\. "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters\Cache",4,"O:BAD:PAI(A;OICI;CCDCLCSWRPRC;;;S-1-5-80-3044542841-3639452079-4096941652-1606687743-1256249853)" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\TriggerInfo",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\PolicyAgent\TriggerInfo\0",4,"O:BA" START > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:SetACL -on "HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent" -ot reg -actn restore -bckp C:\fix.txtW Notatniku wklej poniższą treść i zapisz plik pod nazwą fix.txt. Plik umieść bezpośrednio na C:\. "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F840-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Accounting\Providers\{1AA7F846-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F83F-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Authentication\Providers\{1AA7F841-C7F5-11D0-A376-00C04FC9DA04}",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\DemandDialManager",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\0\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\1\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\2\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\3",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\3\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\4",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\4\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\4\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\5",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\5\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\5\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\6\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\6\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\7",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\7\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\7\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\8",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\8\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Interfaces\8\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\AccountLockout",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\IKEV2",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ip",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Ipv6",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters\Nbf",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Performance",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\01",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\02",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\03",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\04",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\05",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\06",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\07",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\08",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\09",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\10",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\11",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\12",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\13",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\14",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\15",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\16",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\17",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\18",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\19",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\20",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\21",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\22",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\23",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\24",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\25",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\26",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\27",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipeline\28",4,"O:S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464D:PAI(A;;KA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;CIIO;GA;;;S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464)(A;;KR;;;SY)(A;CIIO;GR;;;SY)(A;;KR;;;BA)(A;CIIO;GR;;;BA)(A;;KR;;;BU)(A;CIIO;GR;;;BU)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ipv6",4,"O:SY" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000",4,"O:BAD:PAI(A;;KR;;;LS)(A;OICIIO;GR;;;LS)(A;;KR;;;NO)(A;OICIIO;GR;;;NO)(A;;KR;;;NS)(A;OICIIO;GR;;;NS)(A;;KA;;;SY)(A;OICIIO;GA;;;SY)(A;;KR;;;BU)(A;OICIIO;GR;;;BU)(A;;KA;;;BA)(A;OICIIO;GA;;;BA)" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00002",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\RoutingTableManager\Instance 00000\AddressFamily 00023",4,"O:BA" "machine\SYSTEM\CurrentControlSet\Services\RemoteAccess\Security",4,"O:BA" START > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:SetACL -on "HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess" -ot reg -actn restore -bckp C:\fix.txt (więcej nie dało się zmieścić w tym poście - przejdź do następnego) jessi Odnośnik do komentarza
jessica Opublikowano 28 Października 2013 Zgłoś Udostępnij Opublikowano 28 Października 2013 ciąg dalszy, bo w poprzednim poście nie zmieściło się. Do Notatnika wklej: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "SSTP-IN-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=443|App=System|Name=@sstpsvc.dll,-35002|Desc=@sstpsvc.dll,-35003|EmbedCtxt=@sstpsvc.dll,-35001|" "Netlogon-NamedPipe-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|" "SNMPTRAP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=162|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|" "SNMPTRAP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=162|App=%SystemRoot%\\system32\\snmptrap.exe|Svc=SNMPTRAP|Name=@snmptrap.exe,-7|Desc=@snmptrap.exe,-8|EmbedCtxt=@snmptrap.exe,-3|" "WMP-In-UDP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles(x86)%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31023|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|" "WMP-Out-UDP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles(x86)%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31024|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|" "WMP-Out-TCP-x86"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles(x86)%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31025|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|" "WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31003|Desc=@FirewallAPI.dll,-31006|EmbedCtxt=@FirewallAPI.dll,-31002|" "WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31007|Desc=@FirewallAPI.dll,-31010|EmbedCtxt=@FirewallAPI.dll,-31002|" "WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%ProgramFiles%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31011|Desc=@FirewallAPI.dll,-31014|EmbedCtxt=@FirewallAPI.dll,-31002|" "WMPNSS-QWave-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-QWave-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-QWave-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-QWave-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=2177|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-HTTPSTR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=10243|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-HTTPSTR-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=10243|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-WMP-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-WMP-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-WMP-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-QWave-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31253|Desc=@FirewallAPI.dll,-31256|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-QWave-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31257|Desc=@FirewallAPI.dll,-31260|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-QWave-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31261|Desc=@FirewallAPI.dll,-31264|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-QWave-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=2177|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Qwave|Name=@FirewallAPI.dll,-31265|Desc=@FirewallAPI.dll,-31268|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31269|Desc=@FirewallAPI.dll,-31272|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ssdpsrv|Name=@FirewallAPI.dll,-31273|Desc=@FirewallAPI.dll,-31276|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31277|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31281|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-HTTPSTR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31285|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-HTTPSTR-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-31289|Desc=@FirewallAPI.dll,-31292|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-WMP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31293|Desc=@FirewallAPI.dll,-31296|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-WMP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31297|Desc=@FirewallAPI.dll,-31300|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-WMP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmplayer.exe|Name=@FirewallAPI.dll,-31301|Desc=@FirewallAPI.dll,-31304|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31305|Desc=@FirewallAPI.dll,-31308|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31309|Desc=@FirewallAPI.dll,-31312|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31313|Desc=@FirewallAPI.dll,-31316|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe|Name=@FirewallAPI.dll,-31317|Desc=@FirewallAPI.dll,-31320|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-31321|Desc=@FirewallAPI.dll,-31322|EmbedCtxt=@FirewallAPI.dll,-31252|" "WMPNSS-RME-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=10245|App=System|Name=@FirewallAPI.dll,-31501|Desc=@FirewallAPI.dll,-31502|EmbedCtxt=@FirewallAPI.dll,-31500|Edge=TRUE|Defer=App|" "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-200|Desc=@%systemroot%\\system32\\provsvc.dll,-201|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|" "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|RPort=3587|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=p2psvc|Name=@%systemroot%\\system32\\provsvc.dll,-203|Desc=@%systemroot%\\system32\\provsvc.dll,-204|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|" "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-205|Desc=@%systemroot%\\system32\\provsvc.dll,-206|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|" "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|RPort=3540|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@%systemroot%\\system32\\provsvc.dll,-207|Desc=@%systemroot%\\system32\\provsvc.dll,-208|EmbedCtxt=@%systemroot%\\system32\\provsvc.dll,-202|" "PNRPMNRS-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34003|Desc=@FirewallAPI.dll,-34004|EmbedCtxt=@FirewallAPI.dll,-34002|Edge=TRUE|Defer=App|" "PNRPMNRS-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-34005|Desc=@FirewallAPI.dll,-34006|EmbedCtxt=@FirewallAPI.dll,-34002|" "PNRPMNRS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34007|Desc=@FirewallAPI.dll,-34008|EmbedCtxt=@FirewallAPI.dll,-34002|" "PNRPMNRS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-34009|Desc=@FirewallAPI.dll,-34010|EmbedCtxt=@FirewallAPI.dll,-34002|" "RVM-VDS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|" "RVM-VDSLDR-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\vdsldr.exe|Name=@FirewallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|" "RVM-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|" "RVM-VDS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vds.exe|Svc=vds|Name=@FirewallAPI.dll,-34502|Desc=@FirewallAPI.dll,-34503|EmbedCtxt=@FirewallAPI.dll,-34501|" "RVM-VDSLDR-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\vdsldr.exe|Name=@FirewallAPI.dll,-34504|Desc=@FirewallAPI.dll,-34505|EmbedCtxt=@FirewallAPI.dll,-34501|" "RVM-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-34506|Desc=@FirewallAPI.dll,-34507|EmbedCtxt=@FirewallAPI.dll,-34501|" "Collab-P2PHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32003|Desc=@FirewallAPI.dll,-32006|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|" "Collab-P2PHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32007|Desc=@FirewallAPI.dll,-32010|EmbedCtxt=@FirewallAPI.dll,-32002|" "Collab-P2PHost-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32011|Desc=@FirewallAPI.dll,-32014|EmbedCtxt=@FirewallAPI.dll,-32002|" "Collab-P2PHost-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\p2phost.exe|Name=@FirewallAPI.dll,-32015|Desc=@FirewallAPI.dll,-32018|EmbedCtxt=@FirewallAPI.dll,-32002|" "Collab-PNRP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32019|Desc=@FirewallAPI.dll,-32022|EmbedCtxt=@FirewallAPI.dll,-32002|Edge=TRUE|Defer=App|" "Collab-PNRP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3540|App=%SystemRoot%\\system32\\svchost.exe|Svc=PNRPSvc|Name=@FirewallAPI.dll,-32023|Desc=@FirewallAPI.dll,-32026|EmbedCtxt=@FirewallAPI.dll,-32002|" "Collab-PNRP-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32027|Desc=@FirewallAPI.dll,-32030|EmbedCtxt=@FirewallAPI.dll,-32002|" "Collab-PNRP-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32031|Desc=@FirewallAPI.dll,-32034|EmbedCtxt=@FirewallAPI.dll,-32002|" "FPS-NB_Session-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Session-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-SMB-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-SMB-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-SpoolSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP4-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP4-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP6-ERQ-In-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP6-ERQ-Out-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Session-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Session-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-SMB-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-SMB-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-SpoolSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP4-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP4-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP6-ERQ-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-ICMP6-ERQ-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502|" "FPS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502|" "CoreNet-ICMP6-DU-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|" "CoreNet-ICMP6-PTB-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|" "CoreNet-ICMP6-PTB-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=2:*|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-TE-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|" "CoreNet-ICMP6-TE-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=3:*|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-PP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|" "CoreNet-ICMP6-PP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=4:*|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-NDS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|" "CoreNet-ICMP6-NDS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=135:*|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-NDA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=136:*|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|" "CoreNet-ICMP6-NDA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=136:*|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-RA-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=134:*|RA6=fe80::/64|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-RA-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=134:*|LA6=fe80::/64|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::1|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-RS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=133:*|App=System|Name=@FirewallAPI.dll,-25009|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-RS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=133:*|RA6=LocalSubnet|RA6=fe80::/64|RA6=ff02::2|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LQ-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LQ-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=130:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LR-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LR-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LR2-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LR2-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LD-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP6-LD-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=132:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-ICMP4-DUFRAG-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-IGMP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=2|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-IGMP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-DHCP-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-DHCP-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=68|RPort=67|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-DHCPV6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25304|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-DHCPV6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=546|RPort=547|App=%SystemRoot%\\system32\\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25305|Desc=@FirewallAPI.dll,-25306|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-Teredo-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=Teredo|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25332|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-Teredo-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-IPHTTPS-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort2_10=IPTLSIn|LPort2_10=IPHTTPSIn|App=System|Name=@FirewallAPI.dll,-25426|Desc=@FirewallAPI.dll,-25428|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-IPHTTPS-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\\system32\\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-IPv6-In"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=41|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25357|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-IPv6-Out"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-GP-NP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-GP-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-DNS-Out-UDP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=53|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|" "CoreNet-GP-LSASS-Out-TCP"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|" "PerfLogsAlerts-PLASrv-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\plasrv.exe|Name=@FirewallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|" "PerfLogsAlerts-DCOM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|" "PerfLogsAlerts-PLASrv-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\plasrv.exe|Name=@FirewallAPI.dll,-34753|Desc=@FirewallAPI.dll,-34754|EmbedCtxt=@FirewallAPI.dll,-34752|" "PerfLogsAlerts-DCOM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%systemroot%\\system32\\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34755|Desc=@FirewallAPI.dll,-34756|EmbedCtxt=@FirewallAPI.dll,-34752|" "MsiScsi-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|" "MsiScsi-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|" "MsiScsi-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29003|Desc=@FirewallAPI.dll,-29006|EmbedCtxt=@FirewallAPI.dll,-29002|" "MsiScsi-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Msiscsi|Name=@FirewallAPI.dll,-29007|Desc=@FirewallAPI.dll,-29010|EmbedCtxt=@FirewallAPI.dll,-29002|" "WMI-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|" "WMI-WINMGMT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|" "WMI-WINMGMT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|" "WMI-ASYNC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\\system32\\wbem\\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|" "WMI-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-34252|Desc=@FirewallAPI.dll,-34253|EmbedCtxt=@FirewallAPI.dll,-34251|" "WMI-WINMGMT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34254|Desc=@FirewallAPI.dll,-34255|EmbedCtxt=@FirewallAPI.dll,-34251|" "WMI-WINMGMT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=winmgmt|Name=@FirewallAPI.dll,-34258|Desc=@FirewallAPI.dll,-34259|EmbedCtxt=@FirewallAPI.dll,-34251|" "WMI-ASYNC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\\system32\\wbem\\unsecapp.exe|Name=@FirewallAPI.dll,-34256|Desc=@FirewallAPI.dll,-34257|EmbedCtxt=@FirewallAPI.dll,-34251|" "RRAS-GRE-In"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=47|App=System|Name=@FirewallAPI.dll,-33769|Desc=@FirewallAPI.dll,-33772|EmbedCtxt=@FirewallAPI.dll,-33752|" "RRAS-GRE-Out"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=47|App=System|Name=@FirewallAPI.dll,-33773|Desc=@FirewallAPI.dll,-33776|EmbedCtxt=@FirewallAPI.dll,-33752|" "RRAS-L2TP-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=1701|App=System|Name=@FirewallAPI.dll,-33753|Desc=@FirewallAPI.dll,-33756|EmbedCtxt=@FirewallAPI.dll,-33752|" "RRAS-L2TP-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=1701|App=System|Name=@FirewallAPI.dll,-33757|Desc=@FirewallAPI.dll,-33760|EmbedCtxt=@FirewallAPI.dll,-33752|" "RRAS-PPTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=1723|App=System|Name=@FirewallAPI.dll,-33765|Desc=@FirewallAPI.dll,-33768|EmbedCtxt=@FirewallAPI.dll,-33752|" "RRAS-PPTP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|RPort=1723|App=System|Name=@FirewallAPI.dll,-33761|Desc=@FirewallAPI.dll,-33764|EmbedCtxt=@FirewallAPI.dll,-33752|" "NETDIS-UPnPHost-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-UPnPHost-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Name-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Name-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Datagram-In-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Datagram-Out-UDP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNTS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5358|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNTS-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5358|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNT-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5357|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNT-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|RPort=5357|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-UPnPHost-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-UPnPHost-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-UPnP-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Name-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Name-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Datagram-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Datagram-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDPHOST-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDPHOST-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-LLMNR-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-LLMNR-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDRESPUB-WSD-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDRESPUB-WSD-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNTS-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNTS-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNT-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNT-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-SSDPSrv-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-SSDPSrv-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-UPnP-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-UPnPHost-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-UPnPHost-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Name-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Name-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Datagram-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-NB_Datagram-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDPHOST-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDPHOST-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-LLMNR-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-LLMNR-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDRESPUB-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Domain|Profile=Public|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-FDRESPUB-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Domain|Profile=Public|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNTS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNTS-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5358|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNT-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|LPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752|" "NETDIS-WSDEVNT-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|RPort=5357|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752|" "RemoteSvcAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" "RemoteSvcAdmin-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|" "RemoteSvcAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|" "RemoteSvcAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\services.exe|Name=@FirewallAPI.dll,-29503|Desc=@FirewallAPI.dll,-29506|EmbedCtxt=@FirewallAPI.dll,-29502|" "RemoteSvcAdmin-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-29507|Desc=@FirewallAPI.dll,-29510|EmbedCtxt=@FirewallAPI.dll,-29502|" "RemoteSvcAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29515|Desc=@FirewallAPI.dll,-29518|EmbedCtxt=@FirewallAPI.dll,-29502|" "RemoteTask-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|" "RemoteTask-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|" "RemoteTask-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=schedule|Name=@FirewallAPI.dll,-33253|Desc=@FirewallAPI.dll,-33256|EmbedCtxt=@FirewallAPI.dll,-33252|" "RemoteTask-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33257|Desc=@FirewallAPI.dll,-33260|EmbedCtxt=@FirewallAPI.dll,-33252|" "MSDTC-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|Name=@FirewallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|" "MSDTC-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\msdtc.exe|Name=@FirewallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|" "MSDTC-KTMRM-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|" "MSDTC-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|" "MSDTC-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|Name=@FirewallAPI.dll,-33503|Desc=@FirewallAPI.dll,-33506|EmbedCtxt=@FirewallAPI.dll,-33502|" "MSDTC-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\msdtc.exe|Name=@FirewallAPI.dll,-33507|Desc=@FirewallAPI.dll,-33510|EmbedCtxt=@FirewallAPI.dll,-33502|" "MSDTC-KTMRM-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=ktmrm|Name=@FirewallAPI.dll,-33511|Desc=@FirewallAPI.dll,-33512|EmbedCtxt=@FirewallAPI.dll,-33502|" "MSDTC-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-33513|Desc=@FirewallAPI.dll,-33514|EmbedCtxt=@FirewallAPI.dll,-33502|" "RemoteEventLogSvc-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|" "RemoteEventLogSvc-NP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|" "RemoteEventLogSvc-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|" "RemoteEventLogSvc-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Eventlog|Name=@FirewallAPI.dll,-29253|Desc=@FirewallAPI.dll,-29256|EmbedCtxt=@FirewallAPI.dll,-29252|" "RemoteEventLogSvc-NP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-29257|Desc=@FirewallAPI.dll,-29260|EmbedCtxt=@FirewallAPI.dll,-29252|" "RemoteEventLogSvc-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-29265|Desc=@FirewallAPI.dll,-29268|EmbedCtxt=@FirewallAPI.dll,-29252|" "WINRM-HTTP-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=5985|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|" "WINRM-HTTP-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=5985|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-30253|Desc=@FirewallAPI.dll,-30256|EmbedCtxt=@FirewallAPI.dll,-30252|" "WINRM-HTTP-Compat-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=80|App=System|Name=@FirewallAPI.dll,-35001|Desc=@FirewallAPI.dll,-35002|EmbedCtxt=@FirewallAPI.dll,-30252|" "WINRM-HTTP-Compat-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=80|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-35001|Desc=@FirewallAPI.dll,-35002|EmbedCtxt=@FirewallAPI.dll,-30252|" "RemoteFwAdmin-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|" "RemoteFwAdmin-RPCSS-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|" "RemoteFwAdmin-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=policyagent|Name=@FirewallAPI.dll,-30003|Desc=@FirewallAPI.dll,-30006|EmbedCtxt=@FirewallAPI.dll,-30002|" "RemoteFwAdmin-RPCSS-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=RPCSS|Name=@FirewallAPI.dll,-30007|Desc=@FirewallAPI.dll,-30010|EmbedCtxt=@FirewallAPI.dll,-30002|" "RemoteAssistance-In-TCP-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|" "RemoteAssistance-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Public|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Public|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|" "RemoteAssistance-PnrpSvc-UDP-OUT"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|Profile=Public|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-DCOM-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\\system32\\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-In-TCP-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|" "RemoteAssistance-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-SSDPSrv-In-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-SSDPSrv-Out-UDP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-SSDPSrv-In-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-SSDPSrv-Out-TCP-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|" "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3540|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33039|Desc=@FirewallAPI.dll,-33040|EmbedCtxt=@FirewallAPI.dll,-33002|Edge=TRUE|Defer=App|" "RemoteAssistance-PnrpSvc-UDP-OUT-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=%systemroot%\\system32\\svchost.exe|Svc=pnrpsvc|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|" Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>plik uruchom (dwuklik i OK).Zrestartuj komputer.Zrób nowy log z FSS jessi Odnośnik do komentarza
Jan49 Opublikowano 28 Października 2013 Autor Zgłoś Udostępnij Opublikowano 28 Października 2013 Wykonałem zgodnie z powyższymi instrukcjami. Nie przyniosło to zmian. Dalej ten sam błąd przy próbie udostępniania drukarki, reguły zapory nie powróciły. FRST.txt Odnośnik do komentarza
muzyk75 Opublikowano 28 Października 2013 Zgłoś Udostępnij Opublikowano 28 Października 2013 Akcesoria-->Wiersz poleceń ( uruchom jako administrator ) i wpisz: "netsh firewall reset" następnie zresetuj komputer. Ta komenda resetuje systemowy firewall. Odnośnik do komentarza
picasso Opublikowano 29 Października 2013 Zgłoś Udostępnij Opublikowano 29 Października 2013 jessika By uniknąć takich monstrualnych wklejek, proszę kieruj do tematu gdzie są gotowe załączniki PolicyAgent i RemoteAccess dla systemów Vista +: KLIK. muzyk75 Jest tu Windows 7, więc komenda "netsh firewall reset" to stara komenda, która wprawdzie się uruchamia, ale ma mniejszy zakres funkcji. Do resetu służy nowa komenda netsh advfirewall reset. Więcej: KB947709. Ponadto, tu brakuje reguł domyślnych: Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist. Komenda nie odtworzy klucza FirewallRules. Jan49 Nie dostarczyłeś pliku fixlog.txt. Wszystkie operacje przetwarzane przez FRST muszą być sprawdzone. Na dodatek ja tu widzę jakieś dziwne rzeczy sugerujące przeinaczenie instrukcji: została zadana konkretna kolejność działań: skrypt do FRST i pokazanie pliku fixlog.txt, a potem dopiero RogueKiller. Skrypt powinien usunąć ZeroAccess, a log z RogueKiller wykazuje usuwanie obiektów, które miały być już usunięte. Co Ty właściwie robiłeś? Cytat zapora Windows też jest czysta – nie ma w niej żadnych reguł, także tych domyślnych, instalowanych wraz z systemem. (...) Wykonałem zgodnie z powyższymi instrukcjami. Nie przyniosło to zmian. Dalej ten sam błąd przy próbie udostępniania drukarki, reguły zapory nie powróciły. Przyczyną jest brak powyższego klucza, ale właściwie w ogóle nie jest znana cała postać klucza SharedAccess oraz jego uprawnienia. FSS to ograniczony skan. A po zdekompletowaniu klucza SharedAccess nasuwa się podejrzenie, że ta usługa może być niepoprawna także w innych częściach. ZeroAccess kasuje cały klucz SharedAccess, a skoro tu jest on tylko niepełny, to wygląda na jakieś skutki nieprawidłowych napraw... Proponuję odtworzyć klucz SharedAccess od zera: 1. Najpierw skasuj aktualny klucz. Uruchom regedit i usuń cały: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess 2. Następnie odtwórz cały klucz SharedAccess na podstawie instrukcji: KLIK. Czyli: import pliku REG dla SharedAccess + nałożenie uprawnień SharedAccess via SetACL. 3. Zresetuj system. Odnośnik do komentarza
Jan49 Opublikowano 29 Października 2013 Autor Zgłoś Udostępnij Opublikowano 29 Października 2013 C:\Users\Rej>netsh firewall reset WAŻNE: Polecenie "netsh firewall" jest wycofywane; zamiast niego należy używać polecenia "netsh advfirewall firewall". Aby uzyskać więcej informacji o używaniu polecenia "netsh advfirewall firewall" zamiast "netsh firewall", zobacz artykuł Bazy wiedzy nr 947709 pod adresem http://go.microsoft.com/fwlink/?linkid=121488. Odmowa dostępu. C:\Users\Rej>netsh advfirewall reset Odmowa dostępu. A było uruchom jako administrator Odnośnik do komentarza
picasso Opublikowano 29 Października 2013 Zgłoś Udostępnij Opublikowano 29 Października 2013 Jan49, czy przeczytałeś mój post? Przecież napisałam, że ta komenda to staroć. I podałam w ogóle inne instrukcje. Dla formalności skomentuję: Cytat Odmowa dostępu. C:\Users\Rej>netsh advfirewall reset Odmowa dostępu. A było uruchom jako administrator - Zarówno błąd ("Odmowa dostępu"), jak i ścieżka (C:\Users\Rej) sugerują jednak CMD uruchomione w kontekście konta użytkownika bez podniesieia uprawnień. Czy na pewno mówimy o tym samym "Uruchom jako Administrator" (prawoklik na cmd)? - Inna możliwość: ustawienia całej Zapory są nieprawidłowe, brak uprawnień do kluczy relatywnych. Pytanie: co robiłeś przed napisaniem tu posta, jakie kroki tyczące Zapory i usług BFE, MpsSvc, SharedAccess? Odnośnik do komentarza
Jan49 Opublikowano 30 Października 2013 Autor Zgłoś Udostępnij Opublikowano 30 Października 2013 Picasso – wielkie dzięki, wykonanie Twojej instrukcji rozwiązało problem, drukarka już dostępna w sieci. - Nasze poprzednie posty się minęły – 1 minuta w czasie edycji. - Ścieżka chyba nie świadczy o kontekście użytkownika. CMD uruchomiałem z ikony w Start ( często używana, to tam się pojawiła) – prawoklik na niej i "Uruchom jako Administrator". Zastanowiło mnie to, i po Twoim poście dałem "Uruchom jako Administrator" z wyszukaj po wpisaniu CMD: Microsoft Windows [Wersja 6.1.7601] Copyright © 2009 Microsoft Corporation. Wszelkie prawa zastrzeżone. C:\Windows\system32>netsh advfirewall reset Odmowa dostępu. C:\Windows\system32> - A na Twoje pytanie “Co Ty właściwie robiłeś?”, to w swoim 65 roku życia mam pamięć bardzo dobrą, ale i bardzo krótką. Byłem świadomy potrzeby zachowania kolejności podanej przez jessika, i z pewnością ją zachowałem. Przeszukanie dysku na którym to robiłem dowiodło, że jest na nim plik (dołączam) fixlog.txt - czas 2013-10-28 12:20:38 a więc wcześniejszy od użycia RogueKiller (też z logu). Fixlog.txt Odnośnik do komentarza
Rekomendowane odpowiedzi