new frst scan:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2023
Ran by Administrator (administrator) on FRESHUK2 (23-09-2023 19:33:08)
Running from C:\Users\Administrator\Downloads\FRST64.exe
Loaded Profiles: yad2 & Administrator & PBIEgwService & SQLTELEMETRY & MSSQLSERVER
Platform: Microsoft Windows Server 2022 Standard Version 21H2 20348.1970 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\FastExecuteScript.exe
() [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\FastExecuteScript.exe
() [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SIDc696ea40\engine\mongod.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <7>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe <2>
(C:\Program Files\NVIDIA Corporation\nview\nviewMain64.exe ->) (NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\nview\nviewMain.exe
(C:\Program Files\Open Source\MeshCentral\winservice\daemon\meshcentral.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\nodejs\node.exe <3>
(cmd.exe ->) (Python Software Foundation -> Python Software Foundation) D:\downloads\ChatGPTTelegram\pydist\python.exe
(D:\downloads\ChatGPTTelegram\main.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\FastExecuteScript.exe ->) () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\Worker.exe
(D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\Worker.exe ->) (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\worker.exe <5>
(D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\FastExecuteScript.exe ->) () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\Worker.exe <3>
(D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\Worker.exe ->) (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\worker.exe <18>
(explorer.exe ->) () [File not signed] D:\downloads\ChatGPTTelegram\main.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.312\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.191.0912.0001\Microsoft.SharePoint.exe
(NVIDIA Corporation -> ) C:\Program Files\NVIDIA Corporation\nview\nviewMain64.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (CloudBees, Inc.) [File not signed] C:\Program Files\Open Source\MeshCentral\winservice\daemon\meshcentral.exe
(services.exe ->) (DEVSCOPE - SOLUÇÕES DE SISTEMAS E TECNOLOGIAS DE INFORMAÇÃO, S.A -> ) C:\Program Files\Devscope\PBIRobots\PBIRobots.Agent.ProcessStation.Service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Azure Recovery Services Agent\bin\cbengine.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Azure Recovery Services Agent\bin\OBRecoveryServicesManagementAgent.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Admin Center\sme.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlceip.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) D:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) D:\Program Files\On-premises data gateway\Microsoft.PowerBI.EnterpriseGateway.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\Display.NvContainer\NVDisplay.Container.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\NVWMI\nvWmi64.exe <2>
(services.exe ->) (PhaseFive Systems LLC -> Phase Five Systems) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe <3>
(services.exe ->) (Rainer Döpke -> Speed-Soft) C:\Program Files (x86)\Time-Sync\TimeSyncServiceClient.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rdpclip.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe <2>
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [126403424 2022-03-22] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [113784 2023-04-09] (VMware, Inc. -> VMware, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-09-20] (Adobe Inc. -> Adobe Inc.)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\tamar\AppData\Local\Microsoft\Teams\Update.exe [2588640 2023-09-15] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\yad2\AppData\Local\Microsoft\Teams\Update.exe [2587416 2022-12-17] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\Run: [com.squirrel.Teams.Teams] => C:\Users\benny\AppData\Local\Microsoft\Teams\Update.exe [2587368 2023-04-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-80-1835761534-3291552707-3889884660-1303793167-3990676079\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2587568 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\116.0.5845.188\Installer\chrmstp.exe [2023-09-12] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin
HKLM\Software\Microsoft\Active Setup\Installed Components: [{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}] -> "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
Lsa: [Notification Packages] rassfm scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2023-03-26]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
Startup: C:\Users\yad2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChatGPTelegram.lnk [2023-07-01]
ShortcutTarget: ChatGPTelegram.lnk -> D:\downloads\ChatGPTTelegram\main.exe () [File not signed]
Startup: C:\Users\yad2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Silent - Shortcut.lnk [2023-04-13]
ShortcutTarget: Silent - Shortcut.lnk -> D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\Silent.exe () [File not signed]
Startup: C:\Users\yad2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SilentTabit - Shortcut.lnk [2023-04-13]
ShortcutTarget: SilentTabit - Shortcut.lnk -> D:\downloads\tabitExportBot\tabitExportBot\SilentTabit.exe () [File not signed]
BootExecute: autocheck autochk /q /v *
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {DA928F32-8D53-4075-BC76-C6C117FE1DAF} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {A7E6F22E-99FF-44ED-92A9-FD04B9282B73} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {B884EE4A-E1C6-43EC-85A5-FFBC73FC59B4} - System32\Tasks\GoogleUpdateTaskMachineCore{83733CC4-E87A-4794-9F68-A167CC2A36CF} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-16] (Google LLC -> Google LLC)
Task: {CC02596F-1DA7-4DBE-866D-EF57C8CB1A27} - System32\Tasks\GoogleUpdateTaskMachineUA{3EBFF4AC-EF4F-478E-BF1A-870F68C163A7} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-12-16] (Google LLC -> Google LLC)
Task: {C3AED200-428C-40C5-8008-6E501823620C} - System32\Tasks\Microsoft\AutoUpdateAgent\AutoUpdateAgent Poll => C:\Program Files\Microsoft Azure Recovery Services Agent\bin\AutoUpdateAgent.exe [129424 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {25820F83-40A2-4A44-BBF7-70B02DC79BC4} - System32\Tasks\Microsoft\AutoUpdateAgent\AutoUpdateAgent Status Check => C:\Program Files\Microsoft Azure Recovery Services Agent\bin\AutoUpdateAgent.exe [129424 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {A2B39C04-4A2C-4436-BDE7-5A01B0A817DC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9415E44-79B4-44BB-9E2D-A9CBDCF8C547} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C74CC6D-3595-4738-A877-FC2543EDBC83} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {59B5544C-8DFE-43D5-A387-E7F5032E07FA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2700E55-8914-421F-B8F2-E390D99FB788} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {11C47841-4839-42BA-A0DD-CF4777243924} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4377392 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {F954FB20-7907-48DF-9887-CFB66F943FC8} - System32\Tasks\Microsoft\OnlineBackup\Microsoft-OnlineBackup => C:\Windows\system32\windowspowershell\v1.0\powershell.exe [450560 2023-09-19] (Microsoft Windows -> Microsoft Corporation) -> -command Import-Module MSOnlineBackup; Start-OBBackup -Name "a96fa6dc-f65a-475f-9239-4776cd449b7a
Task: {40EBCF15-C370-417C-8E02-EA99A0222474} - System32\Tasks\Microsoft\OnlineBackup\Microsoft-OnlineBackup-RetryFailedJobs => C:\Windows\system32\windowspowershell\v1.0\powershell.exe [450560 2023-09-19] (Microsoft Windows -> Microsoft Corporation) -> -command Import-Module MSOnlineBackup;[Microsoft.Internal.CloudBackup.Client.Common.CBClientCommon]::RetryFailedJobs()
Task: {5098A7E3-5E45-4EDA-A7DD-4BDA99412CE0} - System32\Tasks\Microsoft\OnlineBackup\Microsoft-OnlineBackup-SystemStateBackup => C:\Windows\system32\windowspowershell\v1.0\powershell.exe [450560 2023-09-19] (Microsoft Windows -> Microsoft Corporation) -> -command Import-Module MSOnlineBackup; Start-OBBackup -Name "1a63366b-b92f-4ba2-98e3-8a84bb610fc4
Task: {CF47F7C6-44AF-4D17-9A5E-6C1E02565958} - System32\Tasks\Microsoft\Windows\Network Controller\SDN Diagnostics Task => C:\Windows\System32\SDNDiagnosticsTask.exe [307200 2023-02-16] (Microsoft Windows -> Microsoft)
Task: {91B1E4F0-8148-4664-8904-EA5D10E49090} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => C:\Windows\system32\rundll32.exe [73728 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {84048B57-AFBE-4B3D-A8EA-F724964476F1} - System32\Tasks\Microsoft\Windows\Server Initial Configuration Task => C:\Windows\system32\srvinitconfig.exe [73728 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
Task: {7EFD047A-8E80-492B-AA8E-DFC30158D60F} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => C:\Windows\system32\cscript.exe [167936 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {243E7C02-BF8F-4E23-8850-E15425668A69} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [114688 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
Task: {6D138ACC-146C-4A3F-A33C-EA5D126F52B0} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => C:\Windows\system32\cmd.exe [331776 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\silcollector.cmd publish <==== ATTENTION
Task: {B4BE303F-ADA3-4568-90A4-CEAA61167DBA} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => C:\Windows\system32\cmd.exe [331776 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> /d /c %systemroot%\system32\silcollector.cmd configure <==== ATTENTION
Task: {E22FAE16-B34A-4962-9361-D72EC062D4C7} - System32\Tasks\Microsoft\Windows\termsrv\licensing\TlsWarning => C:\Windows\system32\tlsbln.exe [94208 2023-07-13] (Microsoft Windows -> Microsoft Corporation)
Task: {E0C349B7-9DDE-4125-BCD0-5383F168D9B1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UUS Failover Task => %systemroot%\system32\failover.exe (No File)
Task: {C3262AA7-6D51-4466-A998-60F0ABD69A82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19E60E62-512A-4C82-BBFF-26C280109EC7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A2FE1A31-62BE-4F05-87D5-8A543E4BE068} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A184B3C1-1B90-446A-9A75-ABFDC5852418} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F5B6B367-EC13-4F4E-94F1-A3AD937B1563} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [722336 2023-09-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {5FFA5599-756D-4393-8D6A-2BFFF988896B} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [File not signed]
Task: {70CFF774-677F-4BAD-9188-E50C5D9834CA} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [974872 2023-07-14] (NVIDIA Corporation -> )
Task: {FD48ABFA-7F46-4AEA-A562-30562472255C} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {56EB485D-FBCD-44FD-8259-0E03F82DF477} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {AE89EF5C-A760-4C0A-8C48-4FC4BA5074C1} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EBC8FB9-84B1-4142-BBD6-7BDD46C132B2} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1003 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {5D43F1B6-AD99-4061-8F3E-D9E5C470FA2D} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130208 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {BEA07A1B-D6A3-43FA-AC41-0C256EAF7D73} - System32\Tasks\ShadowCopyVolume{6351c82a-0000-0000-007e-000000000000} => C:\Windows\system32\vssadmin.exe [163840 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> Create Shadow /AutoRetry=15 /For=\\?\Volume{6351c82a-0000-0000-007e-000000000000}\
Task: {A1C5FE13-D103-463B-9EE0-E27B1E13D26E} - System32\Tasks\ShadowCopyVolume{b00757b2-7d71-451c-9d00-1559d4b61cd9} => C:\Windows\system32\vssadmin.exe [163840 2021-05-08] (Microsoft Windows -> Microsoft Corporation) -> Create Shadow /AutoRetry=15 /For=\\?\Volume{b00757b2-7d71-451c-9d00-1559d4b61cd9}\
Task: {547DEFD4-D965-4C8A-A901-BB25A615F36A} - System32\Tasks\Yad2 => D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\Silent.exe [601600 2021-10-09] () [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\ShadowCopyVolume{6351c82a-0000-0000-007e-000000000000}.job => C:\Windows\system32\vssadmin.exe
Task: C:\Windows\Tasks\ShadowCopyVolume{b00757b2-7d71-451c-9d00-1559d4b61cd9}.job => C:\Windows\system32\vssadmin.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\vsocklib.dll [26512 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\Windows\SysWOW64\vsocklib.dll [26512 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Tcpip\..\Interfaces\{e8ee854c-ca4e-4c33-adb4-cb673218c123}: [NameServer] 8.8.8.8,4.4.4.4
ManualProxies: 1http=127.0.0.1:60322;https=127.0.0.1:60322;socks=127.0.0.1:60321 <==== ATTENTION
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2023-06-15]
Edge Extension: (LastPass: Free Password Manager) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bbcinlkgjjkejfdpemiealijmmooekmp [2023-06-14]
Edge Extension: (Freshmarketer-A/B Testing & Heatmap Software) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnkifneleaknlodbdncgnpbdffngdgjo [2023-04-24]
Edge Extension: (McAfee® WebAdvisor) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2023-06-14]
Edge Extension: (VWO) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gllemfmjnjodckfckbikkajnblcdfihd [2023-04-24]
Edge Extension: (Cisco Webex Extension) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ikdddppdhmjcdfgilpnbkdeggoiicjgo [2023-04-24]
Edge Extension: (Edge relevant text changes) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-06-14]
Edge Extension: (Video Downloader by ODM) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opjjpmhoiojifppkkcdabiobhakljdgm [2023-04-24]
Edge Extension: (Visual Tagger Extension) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pejbgeckhkmcjnijdhmpjgcbnogmmcef [2023-04-24]
FireFox:
========
FF DefaultProfile: lkycfrm1.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\lkycfrm1.default [2023-06-25]
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release [2023-09-21]
FF Extension: (English (US) Dictionary) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\en-US-mozilla@dictionaries.addons.mozilla.org.xpi [2023-06-25]
FF Extension: (Language: English (US)) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2023-09-19]
FF Extension: (Language: עברית (Hebrew)) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\langpack-he@firefox.mozilla.org.xpi [2023-09-20]
FF Extension: (SmartProxy) - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\vrllf1jq.default-release\Extensions\smartproxy@salarcode.com.xpi [2023-07-19]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-09-20] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-09-20] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2023-08-06]
CHR DownloadDir: D:\downloads
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-07-26]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-08-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-12-16]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-11]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-09-03]
CHR Notifications: Profile 1 -> hxxp://127.0.0.1; hxxps://127.0.0.1; hxxps://freshuk2
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-02-14]
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\System Profile [2023-09-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [4040776 2023-09-06] (philandro Software GmbH -> AnyDesk Software GmbH)
R2 AzureAttestService; C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll [152312 2019-08-20] (Microsoft Windows -> Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncHelper.exe [3513264 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe [154032 2023-05-02] (PhaseFive Systems LLC -> Phase Five Systems)
S3 KPSSVC; C:\Windows\system32\kpssvc.dll [253952 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-09-11] (Malwarebytes Inc. -> Malwarebytes)
R2 meshcentral.exe; C:\Program Files\Open Source\MeshCentral\winservice\daemon\meshcentral.exe [36352 2023-04-16] (CloudBees, Inc.) [File not signed]
R2 MSSQLSERVER; d:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [722848 2023-01-23] (Microsoft Corporation -> Microsoft Corporation)
R2 NVWMI; C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\NVWMI\nvWmi64.exe [4513320 2023-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 obengine; C:\Program Files\Microsoft Azure Recovery Services Agent\bin\cbengine.exe [27552 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [45384 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.191.0912.0001\OneDriveUpdaterService.exe [3850144 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
R2 PBIEgwService; D:\Program Files\On-premises data gateway\Microsoft.PowerBI.EnterpriseGateway.exe [127984 2023-06-13] (Microsoft Corporation -> Microsoft)
R2 PBIRobots.Agent.ProcessStation.Service.exe; C:\Program Files\Devscope\PBIRobots\PBIRobots.Agent.ProcessStation.Service.exe [127832 2023-02-06] (DEVSCOPE - SOLUÇÕES DE SISTEMAS E TECNOLOGIAS DE INFORMAÇÃO, S.A -> )
R2 RecoveryServicesManagementAgent; C:\Program Files\Microsoft Azure Recovery Services Agent\bin\OBRecoveryServicesManagementAgent.exe [31136 2022-10-31] (Microsoft Corporation -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [143360 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
S3 RSoPProv; C:\Windows\SysWOW64\RSoPProv.exe [104448 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R3 sacsvr; C:\Windows\system32\sacsvr.dll [40960 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402368 2023-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ServerManagementGateway; C:\Program Files\Windows Admin Center\sme.exe [16264 2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
S3 ServerManagementGatewayAccount; C:\Program Files\Windows Admin Center\smea.exe [62904 2023-06-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ServiceTimeSyncClient; C:\Program Files (x86)\Time-Sync\TimeSyncServiceClient.exe [1703984 2023-01-28] (Rainer Döpke -> Speed-Soft)
S3 SQLSERVERAGENT; d:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [726952 2023-01-23] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY; d:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [300968 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
R2 TermServLicensing; C:\Windows\System32\lserver.dll [1019904 2023-09-19] (Microsoft Windows -> Microsoft Corporation)
R2 UALSVC; C:\Windows\System32\ualsvc.dll [368640 2023-07-13] (Microsoft Windows -> Microsoft Corporation)
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64632 2023-04-09] (VMware, Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ASTGRP; C:\Windows\System32\drivers\astkmd.sys [151416 2018-10-07] (Microsoft Windows Hardware Compatibility Publisher -> ASPEED Technology Inc.)
S0 bfadfcoei; C:\Windows\System32\drivers\bfadfcoei.sys [2279248 2021-05-08] (Microsoft Windows -> QLogic Corporation)
S0 bfadi; C:\Windows\System32\drivers\bfadi.sys [2279248 2021-05-08] (Microsoft Windows -> QLogic Corporation)
S0 bxfcoe; C:\Windows\System32\drivers\bxfcoe.sys [285008 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 bxois; C:\Windows\System32\drivers\bxois.sys [546640 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 elxfcoe; C:\Windows\System32\drivers\elxfcoe.sys [758584 2021-05-08] (Microsoft Windows -> Emulex)
S0 elxstor; C:\Windows\System32\drivers\elxstor.sys [949560 2021-05-08] (Microsoft Windows -> Broadcom)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 FancyCcV; C:\Windows\System32\DRIVERS\rxfcv.sys [169048 2023-06-30] (Microsoft Windows Hardware Compatibility Publisher -> Romex Software)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [222272 2023-09-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-05-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [199640 2023-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [78400 2023-09-22] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-05-07] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [181984 2023-09-22] (Malwarebytes Inc. -> Malwarebytes)
S3 MsLbfoProvider; C:\Windows\System32\drivers\MsLbfoProvider.sys [147456 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [78376 2023-04-27] (Insecure.Com LLC -> Insecure.Com LLC.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S0 qebdrv; C:\Windows\System32\drivers\qevbda.sys [2231120 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 qefcoe; C:\Windows\System32\drivers\qefcoe.sys [270160 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 qeois; C:\Windows\System32\drivers\qeois.sys [673592 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 ql2300i; C:\Windows\System32\drivers\ql2300i.sys [1703760 2021-05-08] (Microsoft Windows -> Marvell Semiconductor Inc.)
S0 ql40xx2i; C:\Windows\System32\drivers\ql40xx2i.sys [475472 2021-05-08] (Microsoft Windows -> QLogic Corporation)
S0 qlfcoei; C:\Windows\System32\drivers\qlfcoei.sys [1300304 2021-05-08] (Microsoft Windows -> QLogic Corporation)
R3 RasGre; C:\Windows\System32\drivers\rasgre.sys [77824 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
S4 RsFx0700; C:\Windows\System32\DRIVERS\RsFx0700.sys [298392 2022-10-08] (Microsoft Corporation -> Microsoft Corporation)
R0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [131400 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [133944 2020-01-20] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd)
R2 TSFairShare; C:\Windows\System32\drivers\TSFairShare.sys [106496 2022-12-16] (Microsoft Windows -> Microsoft Corporation)
S3 tsvip; C:\Windows\System32\drivers\tsvip.sys [77824 2023-09-19] (Microsoft Windows -> )
S3 tsvip; C:\Windows\SysWOW64\drivers\tsvip.sys [36864 2023-09-19] (Microsoft Windows -> )
R2 UnionFS; C:\Windows\system32\drivers\UnionFS.sys [513360 2023-08-20] (Microsoft Windows -> Microsoft Corporation)
S3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [254616 2023-01-11] (Oracle Corporation -> Oracle and/or its affiliates)
R0 vmci; C:\Windows\System32\drivers\vmci.sys [104888 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R1 vmkbd3; C:\Windows\system32\DRIVERS\vmkbd.sys [60344 2022-11-16] (VMware, Inc. -> VMware, Inc.)
R3 VMnetAdapter; C:\Windows\system32\DRIVERS\vmnetadapter.sys [31128 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\Windows\system32\DRIVERS\vmnetbridge.sys [53656 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\Windows\system32\DRIVERS\vmnetuserif.sys [30664 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmx86; C:\Windows\system32\DRIVERS\vmx86.sys [100776 2023-04-09] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [88976 2022-07-03] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103672 2021-05-08] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation)
U4 npcap_wifi; no ImagePath
S3 vwifibus; \SystemRoot\System32\drivers\vwifibus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-09-23 05:15 - 2023-09-23 05:15 - 000074108 _____ C:\Users\yad2\AppData\Local\Temp\wct8A87.tmp
2023-09-23 04:30 - 2023-09-23 04:30 - 000074108 _____ C:\Users\yad2\AppData\Local\Temp\wct5297.tmp
2023-09-23 04:30 - 2023-09-23 04:30 - 000074108 _____ C:\Users\Administrator\AppData\Local\Temp\wct5297.tmp
2023-09-22 16:03 - 2023-09-23 19:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\4
2023-09-22 16:03 - 2023-09-22 16:03 - 000000000 ____D C:\Users\yad2\AppData\LocalLow\Adobe
2023-09-22 16:02 - 2023-09-23 19:35 - 000000000 ____D C:\Users\yad2\AppData\Local\Temp\1
2023-09-22 16:02 - 2023-09-22 16:02 - 000181984 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2023-09-22 15:30 - 2023-09-22 15:30 - 000000000 ____D C:\Users\yad2\AppData\Local\Temp\mbam
2023-09-22 04:30 - 2023-09-22 04:30 - 000074103 _____ C:\Users\yad2\AppData\Local\Temp\wct8CD9.tmp
2023-09-22 04:30 - 2023-09-22 04:30 - 000074103 _____ C:\Users\tamar\AppData\Local\Temp\wct87E8.tmp
2023-09-22 04:30 - 2023-09-22 04:30 - 000074103 _____ C:\Users\Administrator\AppData\Local\Temp\wct8846.tmp
2023-09-22 03:25 - 2023-09-22 03:25 - 000074102 _____ C:\Users\yad2\AppData\Local\Temp\wctB6F3.tmp
2023-09-21 17:55 - 2023-09-21 17:55 - 000074101 _____ C:\Users\yad2\AppData\Local\Temp\wctEA92.tmp
2023-09-21 15:14 - 2023-09-21 15:14 - 004229097 _____ C:\Users\tamar\Downloads\roy1 copy.psd
2023-09-21 14:21 - 2023-09-21 14:21 - 004123921 _____ C:\Users\tamar\Downloads\roy12.psd
2023-09-21 13:51 - 2023-09-21 13:51 - 003734893 _____ C:\Users\tamar\Downloads\roy1.psd
2023-09-21 04:30 - 2023-09-21 04:30 - 000074101 _____ C:\Users\Administrator\AppData\Local\Temp\wct335A.tmp
2023-09-21 04:25 - 2023-09-21 04:25 - 000074101 _____ C:\Users\yad2\AppData\Local\Temp\wct37CF.tmp
2023-09-21 03:30 - 2023-09-21 03:30 - 000074068 _____ C:\Users\yad2\AppData\Local\Temp\wct60CE.tmp
2023-09-20 19:13 - 2023-09-20 19:13 - 000003459 _____ C:\Users\yad2\AppData\Local\Temp\wctAAC2.tmp
2023-09-20 19:13 - 2023-09-20 19:13 - 000003459 _____ C:\Users\yad2\AppData\Local\Temp\wct45B5.tmp
2023-09-20 11:38 - 2023-09-20 11:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\{E26AAC90-A867-4D7C-A195-661505907DD6}
2023-09-20 11:35 - 2023-09-20 11:35 - 000000000 ____D C:\Users\yad2\AppData\Local\Temp\Adobe
2023-09-20 06:50 - 2023-09-20 06:50 - 000074058 _____ C:\Users\yad2\AppData\Local\Temp\wctEFA8.tmp
2023-09-20 06:10 - 2023-09-20 06:10 - 000074058 _____ C:\Users\yad2\AppData\Local\Temp\wct2E54.tmp
2023-09-19 23:42 - 2023-09-19 23:42 - 000000327 _____ C:\Users\Administrator\AppData\Local\Temp\tmp6B07.tmp
2023-09-19 18:10 - 2023-09-19 18:10 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wct8338.tmp
2023-09-19 13:14 - 2023-09-19 13:14 - 001408871 _____ C:\Users\yad2\Downloads\VMMap.zip
2023-09-19 13:08 - 2023-09-19 13:08 - 000687327 _____ C:\Users\yad2\Downloads\RAMMap.zip
2023-09-19 12:46 - 2023-09-19 12:46 - 000003460 _____ C:\Windows\system32\Tasks\npcapwatchdog
2023-09-19 12:46 - 2023-09-19 12:46 - 000000000 ____D C:\Windows\SysWOW64\Npcap
2023-09-19 12:46 - 2023-09-19 12:46 - 000000000 ____D C:\Windows\system32\Npcap
2023-09-19 12:46 - 2023-09-19 12:46 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\waf_fileupload
2023-09-19 12:23 - 2023-09-19 12:35 - 276921920 _____ (Zoho Corporation Pvt. Ltd.) C:\Users\Administrator\Downloads\ManageEngine_OpManager_Free_64bit.exe
2023-09-19 12:19 - 2023-09-19 12:19 - 000687327 _____ C:\Users\Administrator\Downloads\RAMMap.zip
2023-09-19 12:19 - 2023-09-19 12:19 - 000000000 ____D C:\Users\Administrator\Downloads\RAMMap
2023-09-19 12:00 - 2023-09-19 12:00 - 000000000 ___HD C:\$WinREAgent
2023-09-19 11:25 - 2023-09-19 11:25 - 000074087 _____ C:\Users\tamar\AppData\Local\Temp\wct35E3.tmp
2023-09-19 06:05 - 2023-09-19 06:05 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wct23F5.tmp
2023-09-19 06:05 - 2023-09-19 06:05 - 000074087 _____ C:\Users\tamar\AppData\Local\Temp\wct1D3E.tmp
2023-09-19 06:05 - 2023-09-19 06:05 - 000074087 _____ C:\Users\Administrator\AppData\Local\Temp\wct22DB.tmp
2023-09-19 05:10 - 2023-09-19 05:10 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wctE862.tmp
2023-09-19 05:10 - 2023-09-19 05:10 - 000074087 _____ C:\Users\yad2\AppData\Local\Temp\wct64F1.tmp
2023-09-19 02:59 - 2023-09-19 02:59 - 000002619 _____ C:\Users\yad2\AppData\Local\Temp\wctD890.tmp
2023-09-19 02:59 - 2023-09-19 02:59 - 000002619 _____ C:\Users\yad2\AppData\Local\Temp\wct417B.tmp
2023-09-18 18:20 - 2023-09-18 18:20 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct2A42.tmp
2023-09-18 11:05 - 2023-09-18 11:05 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wctDC7D.tmp
2023-09-18 06:05 - 2023-09-18 06:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct6497.tmp
2023-09-18 06:05 - 2023-09-18 06:05 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wct568D.tmp
2023-09-18 06:05 - 2023-09-18 06:05 - 000074468 _____ C:\Users\Administrator\AppData\Local\Temp\wct5F38.tmp
2023-09-18 05:05 - 2023-09-18 05:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct90C6.tmp
2023-09-17 18:20 - 2023-09-17 18:20 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctD1A9.tmp
2023-09-17 11:20 - 2023-09-17 11:20 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wct8348.tmp
2023-09-17 06:05 - 2023-09-17 06:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctF6.tmp
2023-09-17 06:05 - 2023-09-17 06:05 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wctFFFC.tmp
2023-09-17 06:05 - 2023-09-17 06:05 - 000074468 _____ C:\Users\Administrator\AppData\Local\Temp\wct4BF.tmp
2023-09-17 05:05 - 2023-09-17 05:05 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct39D6.tmp
2023-09-16 18:20 - 2023-09-16 18:20 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wct77B8.tmp
2023-09-16 11:20 - 2023-09-16 11:20 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wct2A43.tmp
2023-09-16 06:10 - 2023-09-16 06:10 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctAED9.tmp
2023-09-16 06:10 - 2023-09-16 06:10 - 000074468 _____ C:\Users\tamar\AppData\Local\Temp\wctAA36.tmp
2023-09-16 06:10 - 2023-09-16 06:10 - 000074468 _____ C:\Users\Administrator\AppData\Local\Temp\wctAEE9.tmp
2023-09-16 05:10 - 2023-09-16 05:10 - 000074468 _____ C:\Users\yad2\AppData\Local\Temp\wctE0A4.tmp
2023-09-15 11:20 - 2023-09-15 11:20 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wctD19B.tmp
2023-09-15 06:10 - 2023-09-15 06:10 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wct5395.tmp
2023-09-15 06:10 - 2023-09-15 06:10 - 000074458 _____ C:\Users\Administrator\AppData\Local\Temp\wct5848.tmp
2023-09-15 03:45 - 2023-09-15 03:45 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wct4071.tmp
2023-09-15 03:45 - 2023-09-15 03:45 - 000074458 _____ C:\Users\Administrator\AppData\Local\Temp\wct47D4.tmp
2023-09-14 11:25 - 2023-09-14 11:25 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wct7473.tmp
2023-09-14 03:45 - 2023-09-14 03:45 - 000074458 _____ C:\Users\tamar\AppData\Local\Temp\wctED99.tmp
2023-09-14 03:45 - 2023-09-14 03:45 - 000074458 _____ C:\Users\Administrator\AppData\Local\Temp\wctF1FE.tmp
2023-09-13 11:20 - 2023-09-13 11:20 - 000074425 _____ C:\Users\tamar\AppData\Local\Temp\wctEE0.tmp
2023-09-13 03:30 - 2023-09-13 03:30 - 000074425 _____ C:\Users\tamar\AppData\Local\Temp\wct2BC.tmp
2023-09-13 03:30 - 2023-09-13 03:30 - 000074425 _____ C:\Users\Administrator\AppData\Local\Temp\wct2BC.tmp
2023-09-12 11:25 - 2023-09-12 11:25 - 000074419 _____ C:\Users\tamar\AppData\Local\Temp\wct99E6.tmp
2023-09-12 03:30 - 2023-09-12 03:30 - 000074419 _____ C:\Users\tamar\AppData\Local\Temp\wctB86F.tmp
2023-09-12 03:30 - 2023-09-12 03:30 - 000074419 _____ C:\Users\Administrator\AppData\Local\Temp\wctB86F.tmp
2023-09-11 11:25 - 2023-09-11 11:25 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct377B.tmp
2023-09-11 03:30 - 2023-09-11 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct52FA.tmp
2023-09-11 03:30 - 2023-09-11 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wct55B9.tmp
2023-09-10 11:20 - 2023-09-10 11:20 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctDA9D.tmp
2023-09-10 03:30 - 2023-09-10 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctFC1A.tmp
2023-09-10 03:30 - 2023-09-10 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wct707.tmp
2023-09-09 11:25 - 2023-09-09 11:25 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct8178.tmp
2023-09-09 03:50 - 2023-09-09 03:50 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctF5E7.tmp
2023-09-09 03:30 - 2023-09-09 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctA663.tmp
2023-09-09 03:30 - 2023-09-09 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wctA942.tmp
2023-09-08 11:20 - 2023-09-08 11:20 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct27B7.tmp
2023-09-08 05:10 - 2023-09-08 05:10 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct2194.tmp
2023-09-08 03:30 - 2023-09-08 03:30 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wct4F84.tmp
2023-09-08 03:30 - 2023-09-08 03:30 - 000078176 _____ C:\Users\Administrator\AppData\Local\Temp\wct5233.tmp
2023-09-07 11:20 - 2023-09-07 11:20 - 000078176 _____ C:\Users\tamar\AppData\Local\Temp\wctCE73.tmp
2023-09-07 03:30 - 2023-09-07 03:30 - 000078171 _____ C:\Users\tamar\AppData\Local\Temp\wctFB35.tmp
2023-09-07 03:30 - 2023-09-07 03:30 - 000078171 _____ C:\Users\Administrator\AppData\Local\Temp\wctFBD1.tmp
2023-09-07 01:35 - 2023-09-07 01:35 - 000078171 _____ C:\Users\tamar\AppData\Local\Temp\wctFD9.tmp
2023-09-07 01:35 - 2023-09-07 01:35 - 000078171 _____ C:\Users\Administrator\AppData\Local\Temp\wct12E7.tmp
2023-09-06 09:09 - 2023-09-20 11:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Word
2023-09-06 09:09 - 2023-09-06 09:09 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Proof
2023-09-06 01:35 - 2023-09-06 01:35 - 000078171 _____ C:\Users\tamar\AppData\Local\Temp\wctC118.tmp
2023-09-06 01:35 - 2023-09-06 01:35 - 000078171 _____ C:\Users\Administrator\AppData\Local\Temp\wctC118.tmp
2023-09-04 11:39 - 2023-09-04 11:38 - 000058659 _____ C:\Users\Administrator\Desktop\WhatsApp Image 2023-09-03 at 22.29.19.jpeg
2023-09-04 09:17 - 2023-09-04 09:17 - 000006385 _____ C:\Users\yad2\Downloads\Webshare 150 proxies (1).txt
2023-09-03 16:17 - 2023-09-03 16:17 - 000004298 __RSH C:\ProgramData\ntuser.pol
2023-09-03 13:21 - 2023-09-18 12:18 - 000000000 ____D C:\Users\yad2\Desktop\proxies
2023-09-03 12:26 - 2023-09-03 12:26 - 015111157 _____ C:\Users\Administrator\Desktop\1.pdf
2023-09-03 12:18 - 2023-09-03 12:25 - 015106599 _____ C:\Users\Administrator\Desktop\doc00445620230903111840.pdf
2023-09-03 09:48 - 2023-09-22 16:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-08-30 14:07 - 2023-08-30 14:08 - 616478828 _____ C:\Users\Administrator\Downloads\AMD_VGA(v21.30.02.210727a_0827).zip
2023-08-30 14:07 - 2023-08-30 14:07 - 052771519 _____ C:\Users\Administrator\Downloads\Chipset(v3.10.22.706).zip
2023-08-30 14:07 - 2023-08-30 14:07 - 001050514 _____ C:\Users\Administrator\Downloads\ASPEED_VGA(v1.10.01).zip
2023-08-30 14:07 - 2023-08-30 14:07 - 000369685 _____ C:\Users\Administrator\Downloads\AM4_SATA_Floppy_CC(v9.3.0.296).zip
2023-08-30 13:54 - 2023-09-23 19:32 - 000000000 ____D C:\Users\Administrator\Downloads\FRST-OlderVersion
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctF76.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctC37E.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctBA0E.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wct7402.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wct6F2A.tmp
2023-08-30 11:40 - 2023-08-30 11:40 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wct1184.tmp
2023-08-30 03:00 - 2023-08-30 03:00 - 000078187 _____ C:\Users\Administrator\AppData\Local\Temp\wctB52A.tmp
2023-08-29 19:03 - 2023-08-29 19:03 - 000000000 _____ C:\Users\Administrator\AppData\Local\Temp\{384836B7-2C0A-49D8-88CE-B5A70009B431} - OProcSessId.dat
2023-08-29 14:55 - 2023-08-29 14:55 - 000078148 _____ C:\Users\tamar\AppData\Local\Temp\wctC6D4.tmp
2023-08-29 03:10 - 2023-08-29 03:10 - 000078143 _____ C:\Users\tamar\AppData\Local\Temp\wct1E88.tmp
2023-08-29 03:10 - 2023-08-29 03:10 - 000078143 _____ C:\Users\Administrator\AppData\Local\Temp\wct2389.tmp
2023-08-28 14:55 - 2023-08-28 14:55 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct6EC8.tmp
2023-08-28 03:10 - 2023-08-28 03:10 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct732F.tmp
2023-08-28 03:10 - 2023-08-28 03:10 - 000078142 _____ C:\Users\Administrator\AppData\Local\Temp\wct734F.tmp
2023-08-27 14:55 - 2023-08-27 14:55 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct166E.tmp
2023-08-27 03:10 - 2023-08-27 03:10 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wct1D79.tmp
2023-08-27 03:10 - 2023-08-27 03:10 - 000078142 _____ C:\Users\Administrator\AppData\Local\Temp\wct1DC7.tmp
2023-08-26 14:55 - 2023-08-26 14:55 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wctBDA7.tmp
2023-08-26 03:10 - 2023-08-26 03:10 - 000078142 _____ C:\Users\tamar\AppData\Local\Temp\wctC7C2.tmp
2023-08-26 03:10 - 2023-08-26 03:10 - 000078142 _____ C:\Users\Administrator\AppData\Local\Temp\wctC830.tmp
2023-08-25 14:55 - 2023-08-25 14:55 - 000078109 _____ C:\Users\tamar\AppData\Local\Temp\wct64F0.tmp
2023-08-25 03:10 - 2023-08-25 03:10 - 000078109 _____ C:\Users\tamar\AppData\Local\Temp\wct72A8.tmp
2023-08-25 03:10 - 2023-08-25 03:10 - 000078109 _____ C:\Users\Administrator\AppData\Local\Temp\wct7306.tmp
2023-08-24 14:55 - 2023-08-24 14:55 - 000078099 _____ C:\Users\tamar\AppData\Local\Temp\wctCB6.tmp
2023-08-24 03:10 - 2023-08-24 03:10 - 000078099 _____ C:\Users\tamar\AppData\Local\Temp\wct1B7A.tmp
2023-08-24 03:10 - 2023-08-24 03:10 - 000078099 _____ C:\Users\Administrator\AppData\Local\Temp\wct1BE8.tmp
2023-08-24 01:55 - 2023-08-24 01:55 - 000078099 _____ C:\Users\tamar\AppData\Local\Temp\wct75ED.tmp
2023-08-24 01:55 - 2023-08-24 01:55 - 000078099 _____ C:\Users\Administrator\AppData\Local\Temp\wct761C.tmp
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-09-23 19:34 - 2023-08-20 14:50 - 000043130 _____ C:\Users\Administrator\Downloads\FRST.txt
2023-09-23 19:33 - 2023-08-20 14:50 - 000000000 ____D C:\FRST
2023-09-23 19:32 - 2023-08-20 14:39 - 002382848 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2023-09-23 19:22 - 2022-12-16 07:36 - 000000000 ____D C:\Program Files (x86)\Google
2023-09-23 19:22 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\SystemTemp
2023-09-23 16:01 - 2023-07-11 13:56 - 000000468 _____ C:\Users\Administrator\AppData\Local\Temp\InterOP_CCD_Logs.txt
2023-09-23 16:01 - 2022-12-16 07:50 - 000000000 ____D C:\Program Files\Adobe
2023-09-23 14:31 - 2023-03-23 18:09 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-09-23 05:18 - 2023-08-16 16:47 - 000000053 _____ C:\Users\yad2\AppData\Local\Temp\.ses
2023-09-23 04:33 - 2022-12-16 05:25 - 000000053 _____ C:\Users\Administrator\AppData\Local\Temp\.ses
2023-09-23 04:02 - 2021-05-08 11:20 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-09-22 16:41 - 2021-05-08 11:06 - 000000000 ____D C:\Windows\CbsTemp
2023-09-22 16:36 - 2022-12-15 13:47 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Excel
2023-09-22 16:06 - 2022-12-16 03:49 - 001027444 _____ C:\Windows\system32\PerfStringBackup.INI
2023-09-22 16:06 - 2021-05-08 11:18 - 000000000 ____D C:\Windows\INF
2023-09-22 16:03 - 2022-12-16 09:13 - 000000000 ___RD C:\Users\yad2\OneDrive
2023-09-22 16:03 - 2022-12-16 07:53 - 000000000 ___RD C:\Users\Administrator\Creative Cloud Files
2023-09-22 16:03 - 2022-12-16 06:52 - 000000000 ____D C:\ProgramData\NVIDIA
2023-09-22 16:03 - 2022-12-16 03:51 - 000000000 ____D C:\Users\Administrator
2023-09-22 16:03 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\ServiceState
2023-09-22 16:02 - 2023-06-25 12:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-09-22 16:02 - 2023-03-29 10:59 - 000000000 ____D C:\ProgramData\VMware
2023-09-22 16:02 - 2022-12-16 13:38 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-09-22 16:02 - 2022-12-16 08:01 - 000000000 ____D C:\Windows\system32\lserver
2023-09-22 16:02 - 2022-12-16 03:37 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-09-22 16:00 - 2021-05-08 11:06 - 000131072 _____ C:\Windows\system32\config\BBI
2023-09-22 15:59 - 2023-04-04 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\VMware
2023-09-21 13:47 - 2023-06-25 12:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-09-21 13:42 - 2022-12-15 13:40 - 000000000 ____D C:\Users\tamar\AppData\Roaming\Microsoft\Teams
2023-09-21 12:59 - 2022-12-22 12:47 - 000000000 ___RD C:\Users\tamar\Creative Cloud Files
2023-09-21 12:59 - 2022-12-15 13:40 - 000000000 ____D C:\Users\tamar
2023-09-21 11:36 - 2022-12-16 09:13 - 000000000 ____D C:\Users\yad2\AppData\Roaming\Adobe
2023-09-21 11:36 - 2022-12-16 08:05 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk
2023-09-21 11:36 - 2022-12-16 07:50 - 000000000 ____D C:\Program Files\Common Files\Adobe
2023-09-21 06:28 - 2022-12-16 03:45 - 000002381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-09-21 06:28 - 2021-05-08 11:20 - 000000000 ___HD C:\Program Files\WindowsApps
2023-09-21 06:28 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\AppReadiness
2023-09-21 03:33 - 2023-03-27 08:57 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1003
2023-09-21 03:33 - 2022-12-16 09:14 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1001
2023-09-21 03:33 - 2022-12-15 13:40 - 000003596 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-1000
2023-09-21 03:33 - 2022-12-15 13:33 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3240025226-2610930385-1699277903-500
2023-09-21 03:33 - 2022-12-15 13:33 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-09-21 03:33 - 2022-12-15 13:33 - 000002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-09-20 11:39 - 2023-03-30 14:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Temp\hsperfdata_Administrator
2023-09-20 11:37 - 2022-12-16 07:50 - 000001310 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2023-09-20 11:37 - 2022-12-16 07:50 - 000001280 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2023-09-20 11:37 - 2022-12-16 07:50 - 000000000 ____D C:\Program Files (x86)\Adobe
2023-09-20 11:35 - 2023-06-25 12:17 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-09-20 11:35 - 2022-12-16 09:14 - 000000000 ____D C:\Users\yad2\AppData\Roaming\com.adobe.dunamis
2023-09-19 23:48 - 2022-12-16 09:13 - 000000000 ____D C:\Users\yad2
2023-09-19 23:47 - 2023-05-04 14:50 - 000000000 ____D C:\Program Files\Npcap
2023-09-19 23:46 - 2022-12-16 03:37 - 000511800 _____ C:\Windows\system32\FNTCACHE.DAT
2023-09-19 23:46 - 2022-12-15 13:31 - 000000000 ____D C:\Program Files\Microsoft Office
2023-09-19 23:43 - 2021-05-08 12:39 - 000000000 ___SD C:\Windows\system32\AppV
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\SysWOW64\setup
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\SystemResources
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\system32\setup
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\system32\oobe
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2023-09-19 23:43 - 2021-05-08 11:20 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-09-19 12:50 - 2022-12-16 03:37 - 000000000 ____D C:\Windows\ServiceProfiles
2023-09-19 12:46 - 2022-12-16 05:34 - 000000000 ____D C:\ProgramData\Package Cache
2023-09-19 12:41 - 2022-12-16 03:54 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\MMC
2023-09-19 12:06 - 2022-12-16 03:47 - 002993152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2023-09-19 12:00 - 2022-12-16 05:28 - 000000000 ____D C:\Windows\system32\MRT
2023-09-19 11:57 - 2022-12-16 05:28 - 177941912 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2023-09-19 05:14 - 2023-01-11 09:56 - 000000053 _____ C:\Users\tamar\AppData\Local\Temp\.ses
2023-09-19 04:17 - 2022-12-16 07:36 - 000003820 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{3EBFF4AC-EF4F-478E-BF1A-870F68C163A7}
2023-09-19 04:17 - 2022-12-16 07:36 - 000003696 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{83733CC4-E87A-4794-9F68-A167CC2A36CF}
2023-09-15 20:53 - 2022-12-15 13:40 - 000002368 _____ C:\Users\tamar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2023-09-12 23:17 - 2022-12-16 07:36 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-09-12 23:17 - 2022-12-16 07:36 - 000002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-09-11 14:01 - 2023-07-29 07:31 - 000003530 _____ C:\Windows\system32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0
2023-09-11 14:01 - 2023-03-23 18:11 - 000003506 _____ C:\Windows\system32\Tasks\AdobeGCInvoker-1.0
2023-09-11 11:32 - 2023-05-07 10:30 - 000222272 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2023-09-09 20:21 - 2023-06-27 22:35 - 000000000 ____D C:\Users\tamar\AppData\Local\Temp\CreativeCloud
2023-09-06 21:48 - 2023-03-26 09:03 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2023-09-04 08:55 - 2022-12-16 16:33 - 000435517 _____ C:\Users\yad2\Documents\tabit_export_xls.xml
2023-09-03 21:15 - 2022-12-18 15:37 - 000002850 _____ C:\Users\yad2\Documents\alla.aviv@gmail.com.txt
2023-09-03 16:19 - 2023-07-13 07:23 - 001569386 _____ C:\Users\yad2\Documents\yad2.co.il_alert_api_db.xml
2023-08-31 19:26 - 2022-12-16 03:37 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-08-30 16:37 - 2021-05-08 11:20 - 000000000 ____D C:\Windows\LiveKernelReports
2023-08-30 13:57 - 2023-08-20 14:54 - 000062759 _____ C:\Users\Administrator\Downloads\Addition.txt
2023-08-29 19:15 - 2022-12-16 03:37 - 000012288 ___SH C:\DumpStack.log.tmp
2023-08-29 19:02 - 2023-08-21 11:43 - 000000000 ____D C:\Users\tamar\AppData\Local\Temp\2
2023-08-29 18:56 - 2023-04-24 14:28 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2023-08-27 13:42 - 2022-12-16 07:51 - 000000059 _____ C:\Users\Administrator\AppData\Local\Temp\crash_repo_pref.txt
2023-08-27 13:29 - 2022-12-25 16:59 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe
==================== Files in the root of some directories ========
2023-04-16 09:49 - 2023-03-28 03:09 - 006166960 _____ (Cloud Software Group, Inc.) C:\Program Files (x86)\ClnD190.tmp
2022-12-15 15:02 - 2022-12-15 15:02 - 000000114 _____ () C:\Users\Administrator\AppData\Roaming\pmj4wc3x.fgn.vbs
2022-12-15 15:02 - 2022-12-15 15:02 - 000000133 _____ () C:\Users\Administrator\AppData\Roaming\tvzf4y2k.cuy.url
2023-03-27 09:04 - 2023-03-27 09:04 - 000000000 _____ () C:\Users\Administrator\AppData\Local\oobelibMkey.log
2022-12-16 07:52 - 2023-09-19 22:50 - 000007616 _____ () C:\Users\Administrator\AppData\Local\resmon.resmoncfg
==================== FCheck ================================
(If an entry is included in the fixlist, the file/folder will be moved.)
FCheck: C:\Windows\system32\vmcompute.exe [2023-06-27] <==== ATTENTION (zero byte File/Folder)
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2023-09-18 04:21
==================== End of FRST.txt ========================
and new addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2023
Ran by Administrator (23-09-2023 19:36:12)
Running from C:\Users\Administrator\Downloads
Microsoft Windows Server 2022 Standard Version 21H2 20348.1970 (X64) (2022-12-16 00:49:28)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-3240025226-2610930385-1699277903-500 - Administrator - Enabled) => C:\Users\Administrator
benny (S-1-5-21-3240025226-2610930385-1699277903-1003 - Limited - Enabled) => C:\Users\benny
DefaultAccount (S-1-5-21-3240025226-2610930385-1699277903-503 - Limited - Disabled)
Guest (S-1-5-21-3240025226-2610930385-1699277903-501 - Limited - Disabled)
tamar (S-1-5-21-3240025226-2610930385-1699277903-1000 - Limited - Enabled) => C:\Users\tamar
WDAGUtilityAccount (S-1-5-21-3240025226-2610930385-1699277903-504 - Limited - Disabled)
yad2 (S-1-5-21-3240025226-2610930385-1699277903-1001 - Limited - Enabled) => C:\Users\yad2
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe After Effects 2023 (HKLM-x32\...\AEFT_23_6) (Version: 23.6 - Adobe Inc.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.3.0.61 - Adobe Inc.)
Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_9) (Version: 27.9 - Adobe Inc.)
Adobe Media Encoder 2023 (HKLM-x32\...\AME_23_6) (Version: 23.6 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_7) (Version: 24.7.0.643 - Adobe Inc.)
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 8.0.0.13 - Advanced Micro Devices, Inc.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.1.16 - AnyDesk Software GmbH)
asrrmgmttool v2.6.0 (HKLM-x32\...\{53ACA7A9-C692-4A79-8E74-34FEC358749C}_is1) (Version: 2.6.0 - ASRockRack Inc.)
Browser for SQL Server 2022 (HKLM-x32\...\{FDB357D5-CC78-480A-8D26-C15D1A877642}) (Version: 16.0.1000.6 - Microsoft Corporation)
BrowserAutomationStudio (HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\BrowserAutomationStudio) (Version: 24.3.1.0 - BrowserAutomationStudio)
Burp Suite Professional 2023.4.3 (HKLM\...\7318-9294-3757-1226) (Version: 2023.4.3 - PortSwigger Web Security)
CPUID CPU-Z 2.03 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.03 - CPUID, Inc.)
GatewayComponents (HKLM\...\{41C6C666-5B47-430F-9784-83C78094E54C}) (Version: 15.178.9 - Microsoft Corporation) Hidden
GDR 1050 for SQL Server 2022 (KB5021522) (64-bit) (HKLM\...\KB5021522) (Version: 16.0.1050.5 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 116.0.5845.188 - Google LLC)
GraphDataSetComponents (HKLM\...\{7117E6EC-BA12-4D6B-874C-DFFCBB2E4556}) (Version: 15.178.9 - Microsoft Corporation) Hidden
Intel® C++ Redistributables on Intel® 64 (HKLM-x32\...\{F70BCE36-25F2-4475-A918-6209B3D85BF3}) (Version: 15.0.179 - Intel Corporation)
Intel® Network Connections 28.2.0.0 (HKLM\...\{23326CB1-CBD7-49A7-803C-BCEB7E8BCB07}) (Version: 28.2.0.0 - Intel) Hidden
Intel® Network Connections 28.2.0.0 (HKLM\...\PROSetDX) (Version: 28.2.0.0 - Intel)
Jump Desktop (HKLM\...\{70ECB083-F2B2-4660-A587-77F130E1D509}) (Version: 8.5.2.0 - Phase Five Systems)
Jump Desktop Connect (HKLM-x32\...\{31BEBB68-1DB7-44B2-A889-30A4CC70026A}) (Version: 6.10.11.0 - Phase Five Systems)
Magic Bullet Suite (HKLM\...\Magic Bullet Suite v2023.0.0) (Version: - Maxon Computer GmbH)
Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes)
Maxon Cinema 4D 2023 (HKLM\...\Maxon Cinema 4D 2023) (Version: 2023 - Maxon)
Microsoft Azure Recovery Services Agent (HKLM\...\{FFE6D16C-3F87-4192-AF94-DDBEFF165106}) (Version: 2.0.9250.0 - Microsoft Corporation) Hidden
Microsoft Azure Recovery Services Agent (HKLM\...\Windows Azure Backup) (Version: 2.0.9250.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 117.0.2045.36 - Microsoft Corporation)
Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{CBA9B46D-5C8E-46F9-94B4-7024400EDE52}) (Version: 17.10.3.1 - Microsoft Corporation)
Microsoft OLE DB Driver for SQL Server (HKLM\...\{77E9E138-0D4C-495E-BE77-761E1797BA16}) (Version: 18.2.4.0 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.191.0912.0001 - Microsoft Corporation)
Microsoft Power BI Desktop (x64) (HKLM\...\{22c320c9-e8b5-4bb6-887d-7641425d1a91}) (Version: 2.118.1063.0 - Microsoft Corporation) Hidden
Microsoft PowerBI Desktop (x64) (HKLM-x32\...\{40d9ac63-0b2d-4f7f-9f8d-7940d4a537cb}) (Version: 2.118.1063.0 - Microsoft Corporation)
Microsoft SQL Server 2022 (64-bit) (HKLM\...\Microsoft SQL Server SQL2022) (Version: - Microsoft Corporation)
Microsoft SQL Server 2022 RsFx Driver (HKLM\...\{629C8FC9-3763-4C58-8264-5288AE34AFEF}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
Microsoft SQL Server 2022 Setup (English) (HKLM\...\{1D9EE2F2-148E-46B8-ABC8-A9055B4D936C}) (Version: 16.0.1050.5 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\...\Teams) (Version: 1.6.00.24078 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\Teams) (Version: 1.5.00.33362 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\Teams) (Version: 1.6.00.6754 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31332 (HKLM-x32\...\{a98dc6ff-d360-4878-9f0a-915eba86eaf3}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31332 (HKLM-x32\...\{8972AC25-452E-4FFE-945A-EB9E28C20322}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31332 (HKLM-x32\...\{AEAA18F7-9C96-4A43-BC07-8B88A4913EEB}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft VSS Writer for SQL Server 2022 (HKLM\...\{AB5D8778-81F3-47E2-87A4-35E776CD664B}) (Version: 16.0.1000.6 - Microsoft Corporation)
MiniTool Partition Wizard 12.7 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 12.7 - MiniTool Software Limited)
Mozilla Firefox (x64 ru) (HKLM\...\Mozilla Firefox 117.0.1 (x64 ru)) (Version: 117.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 114.0.2 - Mozilla)
Node.js (HKLM\...\{12C3946E-D830-40C5-9524-3A45D6BFDD19}) (Version: 14.17.1 - Node.js Foundation)
Npcap OEM (HKLM-x32\...\NpcapInst) (Version: 1.75 - Nmap Project)
NVIDIA Graphics Driver 536.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 536.67 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA RTX Desktop Manager 204.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 204.26 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-040D-1000-0000000FF1CE}) (Version: 16.0.16731.20234 - Microsoft Corporation) Hidden
On-premises data gateway (HKLM-x32\...\{93dbfca5-c9a9-4037-86e3-12724ca32b17}) (Version: 3000.178.9 - Microsoft Corporation)
PBIRobots (HKLM\...\{92298F40-8F99-4ECF-B5FF-D9F4BD74BC36}) (Version: 3.3.20.0 - Devscope) Hidden
PBIRobots (HKLM\...\PBIRobots 3.3.20.0) (Version: 3.3.20.0 - Devscope)
PrimoCache 4.3.0 (HKLM\...\{7A37EA43-BF6F-4DB7-83DB-97AA19BF9408}_is1) (Version: 4.3.0 - Romex Software)
SQL Server 2022 Batch Parser (HKLM\...\{7EFD8B19-A9E6-41CF-A96F-B9B6E30EC345}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Common Files (HKLM\...\{6A68D32C-4C0D-4847-B70C-58E6B4D76A12}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Common Files (HKLM\...\{8770AF64-BB4B-4404-BDD6-6AF8E4C461FC}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Connection Info (HKLM\...\{770DA7F2-817B-4AA6-9160-08BB658ABDC6}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Connection Info (HKLM\...\{EAC54B82-7A37-4A9E-8953-474316BD40F6}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Services (HKLM\...\{6621C765-569C-4D46-A8E9-C69A47971357}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Services (HKLM\...\{C4CF167C-4739-4A3A-8D75-59C9C5F135CA}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Shared (HKLM\...\{161B8D12-C41B-4ACF-9BB5-E1FEE6788869}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Database Engine Shared (HKLM\...\{D6E82158-05B9-4A18-A624-EA135BC77766}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 DMF (HKLM\...\{5AB77D4E-9E5F-4627-B78B-129A5EC2858A}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 DMF (HKLM\...\{DCA0C2D6-83BF-41AE-B1AB-C4181002DE40}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects (HKLM\...\{12618131-AA9A-4DAE-9387-CE4417955B9F}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects (HKLM\...\{6F8242AA-1B25-421C-8E45-FC5978D9AA3A}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects Extensions (HKLM\...\{35EC6145-E333-42DB-BCB3-380DF6140C11}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 Shared Management Objects Extensions (HKLM\...\{A0F7ACBA-075F-4BC7-A85A-5DC301FCEC74}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 SQL Diagnostics (HKLM\...\{0CEFE958-E71A-4171-9DEF-77E9234A5613}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 XEvent (HKLM\...\{94AEB0A0-365C-449B-B573-D2ECB353EB06}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
SQL Server 2022 XEvent (HKLM\...\{BD8B7339-7559-4FC3-95E6-264324D45235}) (Version: 16.0.1000.6 - Microsoft Corporation) Hidden
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.5.0.8070 - Microsoft Corporation)
Time-Sync (HKLM-x32\...\Time-Sync) (Version: 1.89 - Speed-Soft)
TreeSize Free V4.6.2 (64 bit) (HKLM\...\TreeSize Free_is1) (Version: 4.6.2 - JAM Software)
TreeSize V9.0.2 (HKLM\...\TreeSize_is1) (Version: 9.0.2 - JAM Software)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
Windows Admin Center (HKLM\...\{CB7E54F9-AE9E-401E-83DC-29C1BC189539}) (Version: 1.5.6593.0 - Microsoft Corporation)
WinRAR 6.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
XEvil 6 (HKLM-x32\...\{77EE27F2-C9B0-408B-A39A-F5AA8191ECA3}) (Version: 6.0.35.1007 - Botmaster Labs) Hidden
XEvil 6 (HKLM-x32\...\XEvil 6 6.0.35.1007) (Version: 6.0.35.1007 - Botmaster Labs)
יישומי Microsoft 365 לעסקים - he-il (HKLM\...\O365BusinessRetail - he-il) (Version: 16.0.16731.20234 - Microsoft Corporation)
Packages:
=========
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-06-27] (Adobe Systems Incorporated)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-08-01] (NVIDIA Corp.)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\yad2\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\yad2\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-A60F94A42F24} -> [Creative Cloud Files] => C:\Users\Administrator\Creative Cloud Files [2022-12-16 07:53]
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22349.4\x64\Microsoft.Teams.AddinLoader.dll => No File
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{d4737846-a892-2f78-d0cd-b8fbcacdf3bc}\localserver32 -> "C:\Program Files\PowerBI tips Business Ops\resources\static\external-tools\010__SQL_BI\BravoV0\app\Bravo.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-3240025226-2610930385-1699277903-500_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.191.0912.0001\FileSyncShell64.dll [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nv_dispswi.inf_amd64_ca3ea3074bd296e4\nvshext.dll [2023-07-14] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvQuadroView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2023-07-14] (NVIDIA Corporation -> )
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-09-07] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-07] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2023-02-16] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Приватный просмотр Firefox.lnk -> C:\Program Files\Mozilla Firefox\private_browsing.exe (Mozilla Corporation) <==== Cyrillic
ShortcutWithArgument: C:\Users\Administrator\Desktop\Benny (Person 1) - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
==================== Loaded Modules (Whitelisted) =============
2023-07-01 21:57 - 2023-07-01 17:20 - 000037888 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_helpers.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000207872 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_http_parser.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000034816 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_http_writer.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000024064 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\aiohttp\_websocket.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000010752 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\charset_normalizer\md.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000115712 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\charset_normalizer\md__mypyc.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000051712 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\frozenlist\_frozenlist.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000046592 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\multidict\_multidict.cp311-win_amd64.pyd
2023-07-01 21:57 - 2023-07-01 17:20 - 000067072 _____ () [File not signed] D:\downloads\ChatGPTTelegram\pydist\Lib\site-packages\yarl\_quoting_c.cp311-win_amd64.pyd
2023-09-19 23:48 - 2023-09-19 23:48 - 005816320 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Engine.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000053760 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\CurlWrapper\curlwrapper64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000025600 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\DateTime\datetime64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000032256 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\FileSystem\filesystem64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 001007616 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\ImageProcessing\imageprocessing64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000023552 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\Processes\processmanager64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000022016 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\RegularExpression\regexp64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000047616 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\Timezones\timezones64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000013312 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\modules\UserNotification\usernotification64.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000334848 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\libegl.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 005735936 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\libglesv2.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 102108160 _____ () [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\libcef.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 006004224 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Engine.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000060928 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\CurlWrapper\curlwrapper64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000025600 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\DateTime\datetime64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000032256 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\FileSystem\filesystem64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 001007616 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\ImageProcessing\imageprocessing64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000023552 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\Processes\processmanager64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000022016 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\RegularExpression\regexp64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000047616 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\Timezones\timezones64.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 000013312 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\modules\UserNotification\usernotification64.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000366592 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\libegl.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 005673472 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\libglesv2.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 003677184 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\vk_swiftshader.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 102108160 _____ () [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\libcef.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 005561200 _____ (Artem Shevchenko -> The Qt Company Ltd) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Qt5Core.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 005561200 _____ (Artem Shevchenko -> The Qt Company Ltd) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Qt5Core.dll
2023-09-19 23:59 - 2023-09-19 23:59 - 003884544 _____ (Newtonsoft) [File not signed] C:\Windows\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\f6d76a590480061da2e4a0467f310de2\Newtonsoft.Json.ni.dll
2023-05-02 13:53 - 2023-05-02 13:53 - 014191104 _____ (Phase Five Systems) [File not signed] C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnectCore.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000681472 _____ (Taro Labs) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\Proxy.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000681472 _____ (Taro Labs) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\Proxy.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 138794496 _____ (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\chrome.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000870400 _____ (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome\chrome_elf.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 000825856 _____ (The Chromium Authors) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\Worker\chrome_elf.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 157236224 _____ (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\chrome.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000963584 _____ (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome\chrome_elf.dll
2023-09-22 16:28 - 2023-09-22 16:28 - 000825856 _____ (The Chromium Authors) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\Worker\chrome_elf.dll
2023-09-19 23:48 - 2023-09-19 23:48 - 002761728 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] D:\downloads\tabitExportBot\tabitExportBot\appsremote\tabitExportBot\SID9cf8eb1b\engine\libcurl.dll
2023-09-22 16:29 - 2023-09-22 16:29 - 002761728 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] D:\downloads\Yad2AlertBotV2\Yad2AlertBotV2\appsremote\Yad2AlertBotV2\SID8dd4cb65\engine\libcurl.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Administrator\Downloads\ChromeSetup (1).exe:MBAM.Zone.Identifier [391]
AlternateDataStreams: C:\Users\Administrator\Downloads\ManageEngine_OpManager_Free_64bit.exe:MBAM.Zone.Identifier [169]
AlternateDataStreams: C:\Users\Administrator\Downloads\meshagent64-amd1.exe:MBAM.Zone.Identifier [159]
AlternateDataStreams: C:\Users\Administrator\Downloads\MeshCentralInstaller-2.11.exe:MBAM.Zone.Identifier [150]
AlternateDataStreams: C:\Users\Administrator\Downloads\MeshCentralRouter.exe:MBAM.Zone.Identifier [88]
AlternateDataStreams: C:\Users\Administrator\Downloads\NVIDIA_UEFI_Firmware_Updater_1.2-x64.exe:MBAM.Zone.Identifier [170]
AlternateDataStreams: C:\Users\Administrator\Downloads\PhysX_9.21.0713_SystemSoftware.exe:MBAM.Zone.Identifier [156]
AlternateDataStreams: C:\Users\Administrator\Downloads\pw-setup.exe:MBAM.Zone.Identifier [407]
AlternateDataStreams: C:\Users\Administrator\Downloads\Samsung_Magician_DC_Windows_64bit.exe:MBAM.Zone.Identifier [215]
AlternateDataStreams: C:\Users\Administrator\Downloads\Samsung_SSD_DC_Toolkit_for_Windows_1.exe:MBAM.Zone.Identifier [218]
AlternateDataStreams: C:\Users\Administrator\Downloads\SQL2022-SSEI-Eval.exe:MBAM.Zone.Identifier [205]
AlternateDataStreams: C:\Users\Administrator\Downloads\SSMS-Setup-ENU.exe:MBAM.Zone.Identifier [179]
AlternateDataStreams: C:\Users\Administrator\Downloads\TeamViewer_Setup_x64.exe:MBAM.Zone.Identifier [330]
AlternateDataStreams: C:\Users\Administrator\Downloads\VMware-workstation-full-17.0.0-20800274.exe:MBAM.Zone.Identifier [168]
AlternateDataStreams: C:\Users\benny\Downloads\AnyDesk.exe:MBAM.Zone.Identifier [110]
AlternateDataStreams: C:\Users\benny\Downloads\Samsung_NVM_Express_Driver_3.3.exe:MBAM.Zone.Identifier [218]
AlternateDataStreams: C:\Users\benny\Downloads\spsetup132.exe:MBAM.Zone.Identifier [119]
AlternateDataStreams: C:\Users\benny\Downloads\VMware-workstation-full-17.0.0-20800274.exe:MBAM.Zone.Identifier [168]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-08-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-16] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\sharepoint.com -> hxxps://yevula-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\sharepoint.com -> hxxps://yevula-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3240025226-2610930385-1699277903-500\...\sharepoint.com -> hxxps://yevula-files.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2021-05-08 11:20 - 2021-05-08 11:18 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
2023-04-20 15:44 - 2023-06-27 11:02 - 000000497 _____ C:\Windows\system32\drivers\etc\hosts.ics
192.168.137.1 FRESHUK2.mshome.net # 2028 6 0 25 8 2 2 95
192.168.137.206 WinDev2305Eval.mshome.net # 2023 7 2 4 8 2 2 94
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\VMware\VMware Workstation\bin\;%INTEL_DEV_REDIST%redist\intel64\compiler;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\Tools\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\nodejs\
HKU\S-1-5-21-3240025226-2610930385-1699277903-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3240025226-2610930385-1699277903-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-80-1835761534-3291552707-3889884660-1303793167-3990676079\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 4.4.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet 4: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 4: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet 2: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 3: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet 3: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
Ethernet: VMware Bridge Protocol -> vmware_bridge (enabled)
Ethernet: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet1: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet1: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
VMware Network Adapter VMnet8: VMware Bridge Protocol -> vmware_bridge (disabled)
VMware Network Adapter VMnet8: Npcap Packet Driver (NPCAP) -> INSECURE_NPCAP (enabled)
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-3240025226-2610930385-1699277903-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3240025226-2610930385-1699277903-1003\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3240025226-2610930385-1699277903-500\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [WindowsServerBackup-wbengine-In-TCP-NoScope] => (Allow) C:\Windows\system32\wbengine.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe => No File
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) C:\Windows\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{413125E9-346B-43CA-B270-0BD7C9747612}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{B9AB21DE-9855-424B-9C58-66F2CC9EAFD4}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{4A1374C6-DCA4-482D-915E-9438E7DF2997}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{D2DBB9D5-AA37-408B-B338-8A06751EF07C}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{D8B6A019-C2F7-4794-A176-06A2F02BA8F9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{C4A62CEF-81DB-47A3-B652-C45783C09EC3}] => (Allow) LPort=7070
FirewallRules: [{6AC245A1-9658-4A63-B4AF-04959618AF9B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0FBE0F67-71E6-4D2C-A16A-5707BACA34C9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{965C5EEE-9371-4F4A-ACCE-39E004EA02FE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{88BCC4EC-D8B4-4A2F-831A-347DA4AF45F3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A938BE53-5C08-4F3A-B148-568B87C74C0F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7D285AC1-4201-43F5-B05E-40AF6EFF4624}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems)
FirewallRules: [{319E405D-2296-4201-A12F-153B97F68A8E}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\6.10.11.0\JumpConnect.exe (PhaseFive Systems LLC -> Phase Five Systems)
FirewallRules: [{E5C7F6CA-C7CC-4A02-8E8F-0158D3942D1E}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{6D399055-BB51-41B0-8546-6EA4640F423D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [TCP Query User{182C0633-A0B6-46B9-A103-0095A848EC71}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe => No File
FirewallRules: [UDP Query User{1A69F94E-81A1-4F54-AFB2-4080ED549D57}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\24.3.1\worker\chrome\worker.exe => No File
FirewallRules: [TCP Query User{2F1DA9D3-472D-4BB6-A703-C31D47475E7F}D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe] => (Allow) D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [UDP Query User{B9369E07-A4AF-4EE8-82D1-9A7195F57EA9}D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe] => (Allow) D:\downloads\sdio_1.12.13.754\sdio_x64_r754.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [{754D95C9-3A5E-4DDB-BA9F-B8F0E47B514D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CF700D45-E7C7-43F4-879C-41EB752A42EE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{F018C854-CF66-4A21-BC09-96BE536F05DC}C:\program files\jam software\treesize\treesize.exe] => (Allow) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [UDP Query User{41179B4E-824E-4C50-AA96-1D916BA5948A}C:\program files\jam software\treesize\treesize.exe] => (Allow) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [{1E6517B4-7CD9-41F4-BD37-E53992522E92}] => (Block) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [{23F5366E-564F-4879-B949-BC1AA3837D11}] => (Block) C:\program files\jam software\treesize\treesize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [TCP Query User{2D05D679-F461-4092-9BED-66AFB8BFE3D7}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe] => (Block) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [UDP Query User{00F18E21-3BD3-4D31-BA93-C482AA0DA938}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe] => (Block) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.8.0\worker.3\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [TCP Query User{E63D1E15-C0A5-4353-8C4E-3630B86CBD09}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe (The Chromium Authors) [File not signed]
FirewallRules: [UDP Query User{4D4B2573-40C2-4CD3-BCEA-E82628D6A6E6}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8dd4cb65\engine\worker\chrome\worker.exe (The Chromium Authors) [File not signed]
FirewallRules: [{5D6F7E6A-7856-4AA7-B633-50525CAEB4D2}] => (Allow) D:\Program Files\Microsoft Power BI Desktop\bin\msmdsrv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{3DFAED7E-CE0E-4656-89F3-39332F838E72}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [UDP Query User{B57ECD65-25F1-41C6-933E-9A6543C12EE0}C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe] => (Allow) C:\users\yad2\appdata\roaming\browserautomationstudio\apps\25.4.1\worker\chrome\worker.exe (Artem Shevchenko -> The Chromium Authors)
FirewallRules: [TCP Query User{464503F3-D18F-4FBA-947C-50DE91261E29}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe => No File
FirewallRules: [UDP Query User{C1A40703-9983-49C0-A65B-69B044843CCB}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sid8748447e\engine\worker\chrome\worker.exe => No File
FirewallRules: [{BD40FE59-F1B7-4FA0-9281-3CDFFC545E16}] => (Allow) LPort=6655
FirewallRules: [{8697FCC7-52CA-404C-BCFF-DC2588F8A6FA}] => (Allow) LPort=8082
FirewallRules: [TCP Query User{BD882A8E-1FEC-457E-92B1-93584B22EE42}C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [UDP Query User{B1D3EFAB-FA04-452C-88C5-F316AB851410}C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe] => (Allow) C:\users\administrator\downloads\sdio_1.12.14.755\sdio_x64_r755.exe (Glenn Stuart Delahoy -> Glenn Delahoy)
FirewallRules: [{3E3D5829-3CEF-4500-A9B2-7F3A5AD4C8FF}] => (Allow) C:\Program Files\JAM Software\TreeSize\TreeSize.exe (JAM Software GmbH -> JAM Software)
FirewallRules: [TCP Query User{381EF5D3-669E-4761-9B36-E84403A57C50}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe => No File
FirewallRules: [UDP Query User{E9B0CAAB-01DA-4720-808F-62803DC47DAC}D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe] => (Allow) D:\downloads\yad2alertbotv2\yad2alertbotv2\appsremote\yad2alertbotv2\sidc696ea40\engine\worker.4\chrome\worker.exe => No File
FirewallRules: [{C204A82B-BA07-4D3A-B9F1-477E916F5F70}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{5284C9E0-F195-4A7E-969D-3D659C19EADC}C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe] => (Allow) C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe => No File
FirewallRules: [UDP Query User{22AC3436-142F-47E1-BA5E-551EC6C8362E}C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe] => (Allow) C:\users\administrator\appdata\local\temp\3\{6791e6b1-13fa-4f69-bab5-8ab58093f085}\manageengine_opmanager_free_64bit.exe => No File
FirewallRules: [TCP Query User{871126E6-7B50-44EE-B8B2-392CD162DBA0}D:\program files\manageengine\opmanager\jre\bin\javaw.exe] => (Allow) D:\program files\manageengine\opmanager\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A947A3DC-99C3-4399-988E-12CB2717B40F}D:\program files\manageengine\opmanager\jre\bin\javaw.exe] => (Allow) D:\program files\manageengine\opmanager\jre\bin\javaw.exe => No File
FirewallRules: [{AEE1881C-4B16-44C1-B941-5605CF8DE572}] => (Allow) LPort=22
FirewallRules: [{FE73A02A-33F5-46DE-8C42-6D08C2229D25}] => (Allow) LPort=69
FirewallRules: [{D4DAF495-D0EE-43B0-A592-A9085DD811D7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{A502CA4C-09BA-4124-91EB-E6AD51D571CD}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{DC1E4500-D049-4AFF-8FC9-477101FCBAE3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{6AFE5B66-6CA9-45FE-9AA4-59D7273E09A9}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{864A92BF-65B9-4522-A139-F0655CEDC532}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{E188F867-8BEC-493A-A2E6-C5AA91FFA217}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{7CE09FD7-7550-4BBF-BF05-417736CB5546}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.36\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:423.44 GB) (Free:53.41 GB) (13%)
Check "VSS" service
==================== Faulty Device Manager Devices ============
Name: Intel® I210 Gigabit Network Connection
Description: Intel® I210 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1rexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel® I210 Gigabit Network Connection #2
Description: Intel® I210 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1rexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Intel® Ethernet Server Adapter I350-T2
Description: Intel® Ethernet Server Adapter I350-T2
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1rexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (09/23/2023 12:16:21 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (09/23/2023 07:00:00 AM) (Source: VSS) (EventID: 7001) (User: )
Description: VssAdmin: Unable to create a shadow copy: Either the specified volume was not found or it is not a local volume.
Command-line: '"C:\Windows\system32\vssadmin.exe" Create Shadow /AutoRetry=15 /For=\\?\Volume{6351c82a-0000-0000-007e-000000000000}\'.
Error: (09/22/2023 10:34:54 PM) (Source: nview) (EventID: 1) (User: )
Description: too many errors. stop logging.
Error: (09/22/2023 10:34:54 PM) (Source: nview) (EventID: 1) (User: )
Description: Failed to update display data in shared memory. Continue with stale data.
Error: (09/22/2023 10:33:51 PM) (Source: nview) (EventID: 1) (User: )
Description: failed to update data. try again...
Error: (09/22/2023 10:33:51 PM) (Source: nview) (EventID: 1) (User: )
Description: Failed to update display data in shared memory. Continue with stale data.
Error: (09/22/2023 10:32:49 PM) (Source: nview) (EventID: 1) (User: )
Description: failed to update data. try again...
Error: (09/22/2023 10:32:49 PM) (Source: nview) (EventID: 1) (User: )
Description: Failed to update display data in shared memory. Continue with stale data.
System errors:
=============
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (09/22/2023 04:00:01 PM) (Source: DCOM) (EventID: 10010) (User: FRESHUK2)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Windows Defender:
================
Date: 2023-06-21 09:32:00
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: Exploit:Win32/CVE-2012-5076
Severity: Severe
Category: Exploit
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Security intelligence Version: AV: 1.391.2087.0, AS: 1.391.2087.0, NIS: 1.391.2087.0
Engine Version: AM: 1.1.23050.3, NIS: 1.1.23050.3
Event[0]
Date: 2023-06-26 23:33:03
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-06-26 21:10:43
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-06-26 20:55:59
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-06-26 20:27:03
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.391.2720.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.23050.3
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2023-04-24 13:15:27
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2023-09-22 20:07:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-09-22 15:59:54
Description:
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
BIOS: American Megatrends International, LLC. P1.50 08/01/2022
Motherboard: ASRockRack X570D4U
Processor: AMD Ryzen 9 5950X 16-Core Processor
Percentage of memory in use: 17%
Total physical RAM: 130996.4 MB
Available physical RAM: 108455.36 MB
Total Virtual: 200628.4 MB
Available Virtual: 170507 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:423.44 GB) (Free:53.41 GB) (Model: Samsung SSD 970 PRO 512GB) NTFS
Drive d: () (Fixed) (Total:843.05 GB) (Free:275.41 GB) (Model: Samsung SSD 860 PRO 1TB) NTFS
Drive e: () (Fixed) (Total:15.43 GB) (Free:15.34 GB) (Model: Samsung SSD 860 PRO 1TB) NTFS
Drive f: () (Fixed) (Total:5.51 GB) (Free:5.42 GB) (Model: Samsung SSD 970 PRO 512GB) NTFS
\\?\Volume{6b76aac0-2710-0000-72a7-806e6f6e6963}\ () (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 6351C82A)
Partition: GPT.
==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 6350E47A)
Partition: GPT.
==================== End of Addition.txt =======================