Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by RRRIO (administrator) on RRRIO (Alienware Alienware 17) (27-02-2024 11:50:56)
Running from C:\Users\EMI\Desktop\FRST64 (2).exe
Loaded Profiles: RRRIO
Platform: Microsoft Windows 10 Home Version 22H2 19045.3570 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Dell Inc. -> Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [MacDrive 10 helper] => C:\Program Files\Mediafour\MacDrive 10\MDHelper.exe [299872 2017-09-28] (Mediafour Corporation -> Mediafour Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-10-14] (IDSA Production signing key -> Intel)
HKLM-x32\...\Run: [WinZip UN] => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [Native Instruments Maschine MK3 Control Panel] => C:\Program Files\Native Instruments\Maschine MK3 Driver\nimc3cpl.exe [10499696 2017-08-08] (Native Instruments GmbH -> Native Instruments GmbH)
HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [loopMIDI] => C:\Program Files (x86)\Tobias Erichsen\loopMIDI\loopMIDI.exe [5516048 2019-12-14] (Tobias Erichsen -> Tobias Erichsen)
HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [MicrosoftEdgeAutoLaunch_915AF156048C6E34903DA16F370929C0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4131264 2023-10-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\CUSTPDF Writer Monitor x86: C:\WINDOWS\system32\custmon64.dll [87040 2016-12-16] () [File not signed]
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2019-12-03] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\...\Print\Monitors\PDFescape Desktop Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\pdfescape desktop_pdfpmon_v.4.12.26.3.dll [932984 2020-03-12] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\118.0.5993.70\Installer\chrmstp.exe [2023-10-11] (Google LLC -> Google LLC)
Startup: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2020-11-13]
ShortcutAndArgument: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN56O354WN05X4;CONNECTION=USB;MONITOR=1;
Startup: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myCANAL.lnk [2022-11-21]
ShortcutTarget: myCANAL.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2023-04-17]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-03-12]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Préchargeur.lnk [2020-11-13]
ShortcutTarget: WinZip Préchargeur.lnk -> C:\Program Files (x86)\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {9A31BD0F-DF3E-4152-B267-0DC6BA559102} - System32\Tasks\AdobeAAMUpdater-1.0-RRRIO-RRRIO => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {1F56F72E-25FE-4F57-A3DD-C8F324A83C49} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1C07886B-D6C7-476D-83C8-BF14A28E0F8D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [739168 2023-10-09] (Dell Inc -> Dell Inc.)
Task: {2936F1DC-6A2C-470D-AD72-CE501F302B25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-24] (Google LLC -> Google LLC)
Task: {CDB5CB1C-4994-4862-9EE9-8A2CA9C7B640} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-24] (Google LLC -> Google LLC)
Task: {D93D2F83-C6B8-4152-8D15-0DE716587AF6} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {ECF9327F-6EEC-4477-AADB-87006AD10DA9} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {AA6A185B-E9E7-4CCB-B086-2FF0D34C8218} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {49E5449D-91EC-45CC-88B3-858C56D61D96} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {97BDE1D6-74FC-449C-8D8D-C49FE2FCE4A2} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File)
Task: {324CA5E4-6A9A-4AFB-BF7F-705FAB4D17CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2C86FD1-8477-4402-9D74-AC870C438953} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {420D00BB-0B3D-488C-8DCD-E51E63273BA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D4E1D4BD-884B-4A7F-B0AE-E346676D30DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A854247F-A49C-44F4-BE49-21426C369409} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3082767965-3652706906-2016044323-1001 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed]
Task: {A2867FCA-771B-44A2-9773-1E4FFA941291} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3082767965-3652706906-2016044323-1001 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed]
Task: {0592B3C9-526D-46A2-9088-8A5536378D4B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3082767965-3652706906-2016044323-500 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed]
Task: {62FBF37B-2FA8-4173-B328-A96A9587936A} - System32\Tasks\Opera scheduled assistant Autoupdate 1566558003 => C:\Users\EMI\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\EMI\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {BA92E9A9-EEE3-4368-B4A4-ECB7B830271C} - System32\Tasks\Opera scheduled Autoupdate 1566558001 => C:\Users\EMI\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {3D712841-DD0D-47AA-946F-B7EB923B2267} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {773F3AA3-37B1-4B6F-926D-D0FE64C35469} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-11] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {B7F7E568-A85C-4C69-BA51-956D2B8E0F46} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
Task: {AA058A36-6271-4DEE-ABE8-C373AAC4293F} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
Task: {AFF56F3F-40EB-4648-BABA-71BC15F9B465} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06b6628b-95ff-465a-872d-c523baf8c59e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06b6628b-95ff-465a-872d-c523baf8c59e}: [DhcpDomain] home
Tcpip\..\Interfaces\{4a7eccec-c505-40ee-b01b-9a980c42a6ef}: [DhcpNameServer] 192.168.80.53
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}: [DhcpNameServer] 192.168.140.42
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\341607D2055726C69636: [DhcpNameServer] 192.168.203.245
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\341607D2055726C69636: [DhcpDomain] access.network
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\34163796E6F60224162727965627560254E676869656E6: [DhcpNameServer] 10.197.0.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\34163796E6F60224162727965627560254E676869656E6: [DhcpDomain] wifirst.net
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\35471676961696275637: [DhcpNameServer] 195.36.145.100 195.36.228.100
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\563707163656023657C647572756C6: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\563707163656023657C647572756C6: [DhcpDomain] home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\7416C61687970214132353030334: [DhcpNameServer] 192.168.249.18
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\845514755494D224532383D25374D293447323: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\845514755494D224532383D293447323: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F523E24374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F523E24374: [DhcpDomain] .home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F55374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F55374: [DhcpDomain] .home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\C496675626F687D213632403: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\C496675626F687D213632403: [DhcpDomain] home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\E454452554749454: [DhcpNameServer] 185.48.254.18 85.14.174.253
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Profile: C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-25]
Edge Extension: (Google Docs Offline) - C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-25]
Edge Extension: (Edge relevant text changes) - C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-25]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default [2024-02-27]
CHR DownloadDir: D:\downloads
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.fnac.com; hxxps://www.nova.fr
CHR DefaultSearchURL: Default -> hxxp://selected-search.com/search?q={searchTerms}&
CHR DefaultSearchKeyword: Default -> ss
CHR Extension: (The Search Selector) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdinjalofclbacjijgifpahcnjapclb [2020-07-22]
CHR Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-08-27]
CHR Extension: (Google Docs hors connexion) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-16]
CHR Extension: (Screenshot YouTube) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2021-12-21]
CHR Extension: (Shazam : le nom des chansons en un clic) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2023-10-11]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Profile: C:\Users\EMI\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-21]
CHR HKLM\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKLM\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKLM\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
CHR HKLM-x32\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKLM-x32\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKLM-x32\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
Opera:
=======
OPR Profile: C:\Users\EMI\AppData\Roaming\Opera Software\Opera Stable [2020-11-13]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [115648 2015-08-03] (Andrea Electronics -> Andrea Electronics Corporation)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AlienFusionService; C:\Program Files\Alienware\Command Center\AlienFusionService.exe [16104 2014-10-30] (Dell Inc. -> Alienware)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-06-02] (Dell Inc -> )
S2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
S4 FilmoTV Server; C:\ProgramData\FilmoTV\nssm.exe [294912 2019-07-18] () [File not signed]
S4 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC -> iolo technologies, LLC)
S2 MacDrive10Service; C:\Program Files\Mediafour\MacDrive 10\MacDrive10Service.exe [223088 2018-03-21] (Mediafour Corporation -> Mediafour Corporation)
S2 myCANAL Server; C:\ProgramData\myCANAL\nssm.exe [294912 2022-09-01] () [File not signed]
S2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [24607464 2022-08-05] (Native Instruments GmbH -> Native Instruments GmbH)
S4 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2452344 2019-07-01] (PDFescape -> Red Software)
S4 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe [575352 2019-07-01] (PDFescape -> Red Software)
S4 PDFescape Desktop Update Service; C:\Program Files\PDFescape Desktop\updater-ws.exe [1383800 2019-07-01] (PDFescape -> Red Software)
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [405136 2016-12-16] (SafeNet Canada, Inc. -> SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1261200 2016-12-14] (SafeNet Canada, Inc. -> SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc.)
S2 slpd; C:\Windows\SysWOW64\slpd.exe [102400 2011-02-17] () [File not signed]
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160608 2023-10-09] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) <==== ATTENTION
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S1 CBDisk; C:\WINDOWS\system32\drivers\CBDisk.sys [70344 2015-06-09] (EldoS Corporation -> EldoS Corporation)
S3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] (Compal Electronics, Inc. -> )
S1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-11-08] (Martin Malik - REALiX -> REALiX(tm))
R0 MDAPFS; C:\Windows\System32\Drivers\MDAPFS.sys [458800 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDAPFSCT; C:\Windows\System32\Drivers\MDAPFSCT.sys [47944 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDDISK; C:\Windows\System32\Drivers\MDDISK.sys [37808 2017-12-04] (Mediafour Corporation -> Other World Computing)
S0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [321856 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDMOUNT; C:\Windows\System32\Drivers\MDMOUNT.sys [29064 2017-12-04] (Mediafour Corporation -> Other World Computing)
S3 nimc3audio; C:\WINDOWS\System32\Drivers\nimc3audio.sys [374296 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH)
S3 nimc3usb; C:\WINDOWS\System32\drivers\nimc3usb.sys [91088 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
S3 teVirtualMIDI64; C:\WINDOWS\System32\drivers\teVirtualMIDI64.sys [53120 2019-12-07] (Tobias Erichsen -> Tobias Erichsen)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [27064 2016-07-06] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572712 2023-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [140672 2014-11-24] (Microsoft Windows Hardware Compatibility Publisher -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl72da0771; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80163905-E30D-4E3D-A898-DBDD91690F65}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-27 11:50 - 2024-02-27 11:51 - 000029335 _____ C:\Users\EMI\Desktop\FRST.txt
2024-02-27 11:50 - 2024-02-27 11:51 - 000000000 ____D C:\FRST
2024-02-27 11:44 - 2024-02-27 11:44 - 000571366 _____ C:\Users\EMI\Desktop\ZHPDiag.html
2024-02-27 11:44 - 2024-02-27 11:44 - 000430041 _____ C:\Users\EMI\Desktop\ZHPDiag.txt
2024-02-27 11:34 - 2024-02-27 11:47 - 000000000 ____D C:\Users\EMI\AppData\Roaming\ZHP
2024-02-27 11:34 - 2024-02-27 11:34 - 000000863 _____ C:\Users\EMI\Desktop\ZHPSuite.lnk
2024-02-27 11:34 - 2024-02-27 11:34 - 000000000 ____D C:\Users\EMI\AppData\Local\ZHP
2024-02-27 11:34 - 2024-02-27 11:19 - 003538592 _____ (Nicolas Coolman) C:\Users\EMI\Desktop\ZHPSuite.exe
2024-02-27 11:34 - 2024-02-27 11:17 - 002386944 _____ (Farbar) C:\Users\EMI\Desktop\FRST64 (2).exe
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-27 11:51 - 2023-10-19 09:53 - 003260452 _____ C:\WINDOWS\ntbtlog.txt
2024-02-27 11:38 - 2021-05-26 12:50 - 001049538 _____ C:\WINDOWS\system32\perfh00C.dat
2024-02-27 11:38 - 2021-05-26 12:50 - 000269618 _____ C:\WINDOWS\system32\perfc00C.dat
2024-02-27 11:38 - 2021-05-26 11:20 - 000006144 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-27 11:33 - 2023-10-19 09:53 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-27 11:33 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-27 11:33 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-02-27 11:32 - 2021-12-19 20:13 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-27 11:32 - 2020-09-27 08:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-27 11:32 - 2019-08-21 08:47 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-27 11:31 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-27 11:30 - 2020-09-27 07:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-27 11:30 - 2018-10-14 19:50 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-27 11:30 - 2018-10-14 19:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-02-27 11:24 - 2019-08-31 14:35 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-02-27 11:23 - 2021-05-26 11:13 - 000000000 ____D C:\Users\EMI
2024-02-27 11:15 - 2019-12-14 11:54 - 000000000 ____D C:\Users\EMI\AppData\Local\Adobe
==================== Files in the root of some directories ========
2020-05-29 21:30 - 2020-05-29 21:30 - 000304864 _____ () C:\Users\EMI\AppData\Roaming\Bacagude
2020-05-16 23:30 - 2020-05-16 23:30 - 000310915 _____ () C:\Users\EMI\AppData\Roaming\Bomiponohe
2020-06-12 10:59 - 2020-06-12 10:59 - 000352786 _____ () C:\Users\EMI\AppData\Roaming\Gifepe
2020-12-23 19:22 - 2023-04-18 09:29 - 000000016 _____ () C:\Users\EMI\AppData\Roaming\msregsvv.dll
2020-04-09 23:01 - 2020-09-08 17:59 - 000000381 _____ () C:\Users\EMI\AppData\Roaming\WB.CFG
2020-06-13 08:42 - 2020-06-13 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT4F2C.tmp
2020-06-13 08:42 - 2020-06-13 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT4F2D.tmp
2020-09-27 08:42 - 2020-09-27 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT8986.tmp
2020-09-27 08:42 - 2020-09-27 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT8996.tmp
2020-06-14 08:42 - 2020-06-14 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BITAB1C.tmp
2020-06-14 08:42 - 2020-06-14 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BITAB2D.tmp
2021-10-01 11:17 - 2021-10-01 11:17 - 000000091 _____ () C:\Users\EMI\AppData\Local\fusioncache.dat
2019-12-23 12:10 - 2019-12-23 12:10 - 000000000 _____ () C:\Users\EMI\AppData\Local\oobelibMkey.log
2019-11-13 08:27 - 2019-11-13 08:27 - 000000079 _____ () C:\Users\EMI\AppData\Local\Temp{8E2FF397-A327-4B40-962D-61A48186742A}.ini
==================== SigCheckExt =========================
2019-03-19 05:45 - 2019-03-19 05:45 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionMgr.dll
2021-05-13 19:52 - 2021-05-13 19:52 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2019-03-19 05:44 - 2019-03-19 05:44 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\canonurl.dll
2020-12-09 17:47 - 2020-12-09 17:47 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CMFNVSDeviceBridge.dll
2021-04-09 11:35 - 2016-12-16 11:12 - 000087040 _____ C:\WINDOWS\system32\custmon64.dll
2017-09-29 14:42 - 2017-09-29 14:42 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcComImplementations.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 001210368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dml.dll
2021-01-13 23:56 - 2021-01-13 23:56 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2021-01-13 23:56 - 2021-01-13 23:56 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2019-09-07 14:11 - 2019-09-07 14:11 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemonitor.dll
2018-07-21 16:58 - 2018-06-29 06:11 - 004876800 _____ (Gracenote, Inc.) C:\WINDOWS\system32\gnsdk_fp.dll
2019-09-07 14:11 - 2019-09-07 14:11 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-04-12 00:33 - 2018-04-12 00:33 - 003447296 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrvWn8.dll
2018-04-12 00:33 - 2018-04-12 00:33 - 000303616 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia2DrvRootWn8.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPPMon.dll
2019-12-23 17:41 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2019-09-07 14:11 - 2019-09-07 14:11 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Core.dll
2018-06-16 04:25 - 2018-06-08 06:59 - 003124224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2019-03-19 05:43 - 2019-03-19 05:43 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mitigationscanner.exe
2021-02-09 18:21 - 2019-12-03 18:33 - 000026112 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalmon.dll
2021-02-09 18:21 - 2019-12-03 18:33 - 000016896 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalui.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000049664 _____ C:\WINDOWS\system32\PerceptionSimulationInput.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneDataSync.dll
2019-03-19 05:45 - 2019-03-19 05:45 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureBioSysprep.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvcPAL.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmClientApi.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2017-09-29 14:41 - 2017-09-29 14:41 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedic.exe
2021-01-13 23:57 - 2021-01-13 23:57 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.ShellPosition.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Sets.dll
2019-12-23 17:41 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000784384 _____ C:\WINDOWS\system32\xvidcore.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000310784 _____ C:\WINDOWS\system32\xvidvfw.dll
2019-03-19 05:45 - 2019-03-19 05:45 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\canonurl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cflapi.dll
2017-09-29 14:42 - 2017-09-29 14:42 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreShellExtFramework.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 001161216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dml.dll
2021-10-12 11:21 - 2020-01-30 11:50 - 003296256 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\FarPoint.Spread8U.Excel2007.dll
2019-12-23 17:41 - 2015-10-24 18:00 - 000112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2021-10-12 11:21 - 2020-01-30 11:50 - 000766025 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\fpimage.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamemonitor.dll
2019-12-23 17:41 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsTelemetry.dll
2021-10-01 11:17 - 2011-02-17 16:44 - 000102400 _____ C:\WINDOWS\SysWOW64\slpd.exe
2021-10-01 11:17 - 2012-05-29 15:37 - 000069632 _____ C:\WINDOWS\SysWOW64\slptool.exe
2017-09-29 14:42 - 2017-09-29 14:42 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2017-09-29 14:42 - 2017-09-29 14:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tier2punctuations.dll
2019-12-23 17:41 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000681984 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000284160 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2020-04-09 10:39 - 2020-04-09 07:41 - 1271901190 _____ (Igor Pavlov) C:\Users\EMI\Desktop\ableton_live_suite_10.1.6_64.iso.7z.exe
2021-06-07 21:02 - 2021-01-02 00:59 - 005220352 _____ C:\Users\EMI\Desktop\adb.exe
2021-06-07 21:02 - 2021-01-02 00:59 - 000097792 _____ (Google, inc) C:\Users\EMI\Desktop\AdbWinApi.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000062976 _____ (Google, inc) C:\Users\EMI\Desktop\AdbWinUsbApi.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 050103296 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avcodec-58.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 011094016 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avformat-58.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000866304 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avutil-56.dll
2024-02-27 11:34 - 2024-02-27 11:17 - 002386944 _____ (Farbar) C:\Users\EMI\Desktop\FRST64 (2).exe
2021-06-07 21:01 - 2021-01-02 00:59 - 000627589 _____ C:\Users\EMI\Desktop\scrcpy.exe
2021-06-07 21:02 - 2021-01-02 00:59 - 001561088 _____ () C:\Users\EMI\Desktop\SDL2.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000433664 _____ (FFmpeg Project) C:\Users\EMI\Desktop\swresample-3.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000552960 _____ (FFmpeg Project) C:\Users\EMI\Desktop\swscale-5.dll
2024-02-27 11:34 - 2024-02-27 11:19 - 003538592 _____ (Nicolas Coolman) C:\Users\EMI\Desktop\ZHPSuite.exe
2020-12-23 19:22 - 2023-04-18 09:29 - 000000016 _____ C:\Users\EMI\AppData\Roaming\msregsvv.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{906d132a-1dc6-11e6-89cf-806e6f6e6963}
{f0dd8695-08a1-11e6-8345-806e6f6e6963}
{233deb20-d55b-11ee-8d0b-806e6f6e6963}
{906d132b-1dc6-11e6-89cf-806e6f6e6963}
{61e12fa0-81ec-11f2-8263-806e6f6e6963}
{5cecd55c-bc6f-11eb-8c28-806e6f6e6963}
{5cecd55d-bc6f-11eb-8c28-806e6f6e6963}
{5cecd55e-bc6f-11eb-8c28-806e6f6e6963}
timeout 0
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-GB
inherit {globalsettings}
default {current}
resumeobject {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0
Firmware Application (101fffff)
-------------------------------
identifier {233deb20-d55b-11ee-8d0b-806e6f6e6963}
description USB Storage Device
Firmware Application (101fffff)
-------------------------------
identifier {5cecd55c-bc6f-11eb-8c28-806e6f6e6963}
description EFI USB Device
Firmware Application (101fffff)
-------------------------------
identifier {5cecd55d-bc6f-11eb-8c28-806e6f6e6963}
description EFI DVD/CDROM
Firmware Application (101fffff)
-------------------------------
identifier {5cecd55e-bc6f-11eb-8c28-806e6f6e6963}
description EFI Network
Firmware Application (101fffff)
-------------------------------
identifier {61e12fa0-81ec-11f2-8263-806e6f6e6963}
description Network
Firmware Application (101fffff)
-------------------------------
identifier {906d132a-1dc6-11e6-89cf-806e6f6e6963}
description Hard Drive
Firmware Application (101fffff)
-------------------------------
identifier {906d132b-1dc6-11e6-89cf-806e6f6e6963}
description CD/DVD/CD-RW Drive
Firmware Application (101fffff)
-------------------------------
identifier {f0dd8695-08a1-11e6-8345-806e6f6e6963}
description mSATA
Windows Boot Loader
-------------------
identifier {41f91d98-171a-11e6-b4b9-b5ce41306c8d}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{41f91d99-171a-11e6-b4b9-b5ce41306c8d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-GB
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{41f91d99-171a-11e6-b4b9-b5ce41306c8d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {ebcdf32f-cf45-11e3-91dc-ecf4bb2ae70a}
device ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale fr-FR
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a}
systemroot \windows
nx OptIn
bootmenupolicy Standard
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-GB
inherit {bootloadersettings}
recoverysequence {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c}
device ramdisk=[\Device\HarddiskVolume8]\Recovery\WindowsRE\Winre.wim,{f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-GB
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume8]\Recovery\WindowsRE\Winre.wim,{f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-GB
inherit {resumeloadersettings}
recoverysequence {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-GB
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume6
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Device options
--------------
identifier {f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume8
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================
Ran by RRRIO (administrator) on RRRIO (Alienware Alienware 17) (27-02-2024 11:50:56)
Running from C:\Users\EMI\Desktop\FRST64 (2).exe
Loaded Profiles: RRRIO
Platform: Microsoft Windows 10 Home Version 22H2 19045.3570 (X64) Language: English (United Kingdom)
Default browser: Chrome
Boot Mode: Safe Mode (minimal)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Dell Inc. -> Alienware)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [MacDrive 10 helper] => C:\Program Files\Mediafour\MacDrive 10\MDHelper.exe [299872 2017-09-28] (Mediafour Corporation -> Mediafour Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645648 2019-10-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [285544 2020-10-14] (IDSA Production signing key -> Intel)
HKLM-x32\...\Run: [WinZip UN] => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [Native Instruments Maschine MK3 Control Panel] => C:\Program Files\Native Instruments\Maschine MK3 Driver\nimc3cpl.exe [10499696 2017-08-08] (Native Instruments GmbH -> Native Instruments GmbH)
HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [loopMIDI] => C:\Program Files (x86)\Tobias Erichsen\loopMIDI\loopMIDI.exe [5516048 2019-12-14] (Tobias Erichsen -> Tobias Erichsen)
HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\...\Run: [MicrosoftEdgeAutoLaunch_915AF156048C6E34903DA16F370929C0] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4131264 2023-10-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\CUSTPDF Writer Monitor x86: C:\WINDOWS\system32\custmon64.dll [87040 2016-12-16] () [File not signed]
HKLM\...\Print\Monitors\HP C511 Status Monitor: C:\WINDOWS\system32\hpinkstsC511LM.dll [333496 2012-12-16] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\MPE3 Port: C:\WINDOWS\system32\mpelocalmon.dll [26112 2019-12-03] (Copyright (c) Code Industry Ltd) [File not signed]
HKLM\...\Print\Monitors\PDFescape Desktop Monitor: C:\WINDOWS\system32\spool\DRIVERS\x64\pdfescape desktop_pdfpmon_v.4.12.26.3.dll [932984 2020-03-12] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com))
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\118.0.5993.70\Installer\chrmstp.exe [2023-10-11] (Google LLC -> Google LLC)
Startup: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 4500 series.lnk [2020-11-13]
ShortcutAndArgument: Monitor Ink Alerts - HP ENVY 4500 series.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP ENVY 4500 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN56O354WN05X4;CONNECTION=USB;MONITOR=1;
Startup: C:\Users\EMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myCANAL.lnk [2022-11-21]
ShortcutTarget: myCANAL.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2023-04-17]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-03-12]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Préchargeur.lnk [2020-11-13]
ShortcutTarget: WinZip Préchargeur.lnk -> C:\Program Files (x86)\WinZip\WzPreloader.exe (Corel Corporation -> WinZip Computing)
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {9A31BD0F-DF3E-4152-B267-0DC6BA559102} - System32\Tasks\AdobeAAMUpdater-1.0-RRRIO-RRRIO => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {1F56F72E-25FE-4F57-A3DD-C8F324A83C49} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1C07886B-D6C7-476D-83C8-BF14A28E0F8D} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [739168 2023-10-09] (Dell Inc -> Dell Inc.)
Task: {2936F1DC-6A2C-470D-AD72-CE501F302B25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-24] (Google LLC -> Google LLC)
Task: {CDB5CB1C-4994-4862-9EE9-8A2CA9C7B640} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-05-24] (Google LLC -> Google LLC)
Task: {D93D2F83-C6B8-4152-8D15-0DE716587AF6} - System32\Tasks\HPCustParticipation HP ENVY 4500 series => C:\Program Files\HP\HP ENVY 4500 series\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {ECF9327F-6EEC-4477-AADB-87006AD10DA9} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {AA6A185B-E9E7-4CCB-B086-2FF0D34C8218} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel(R) Software Development Products -> Intel Corporation)
Task: {49E5449D-91EC-45CC-88B3-858C56D61D96} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (No File)
Task: {97BDE1D6-74FC-449C-8D8D-C49FE2FCE4A2} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File)
Task: {324CA5E4-6A9A-4AFB-BF7F-705FAB4D17CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2C86FD1-8477-4402-9D74-AC870C438953} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {420D00BB-0B3D-488C-8DCD-E51E63273BA9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D4E1D4BD-884B-4A7F-B0AE-E346676D30DA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A854247F-A49C-44F4-BE49-21426C369409} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3082767965-3652706906-2016044323-1001 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed]
Task: {A2867FCA-771B-44A2-9773-1E4FFA941291} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3082767965-3652706906-2016044323-1001 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed]
Task: {0592B3C9-526D-46A2-9088-8A5536378D4B} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3082767965-3652706906-2016044323-500 => C:\Users\EMI\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-10-21] () [File not signed]
Task: {62FBF37B-2FA8-4173-B328-A96A9587936A} - System32\Tasks\Opera scheduled assistant Autoupdate 1566558003 => C:\Users\EMI\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\EMI\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {BA92E9A9-EEE3-4368-B4A4-ECB7B830271C} - System32\Tasks\Opera scheduled Autoupdate 1566558001 => C:\Users\EMI\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {3D712841-DD0D-47AA-946F-B7EB923B2267} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {773F3AA3-37B1-4B6F-926D-D0FE64C35469} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [170496 2023-10-11] (Microsoft Windows -> Microsoft Corporation) -> //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {B7F7E568-A85C-4C69-BA51-956D2B8E0F46} - System32\Tasks\WinZip Update Notifier 1 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
Task: {AA058A36-6271-4DEE-ABE8-C373AAC4293F} - System32\Tasks\WinZip Update Notifier 2 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
Task: {AFF56F3F-40EB-4648-BABA-71BC15F9B465} - System32\Tasks\WinZip Update Notifier 3 => C:\Program Files (x86)\WinZip\WZUpdateNotifier.exe [2231184 2020-08-19] (Corel Corporation -> Corel Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06b6628b-95ff-465a-872d-c523baf8c59e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06b6628b-95ff-465a-872d-c523baf8c59e}: [DhcpDomain] home
Tcpip\..\Interfaces\{4a7eccec-c505-40ee-b01b-9a980c42a6ef}: [DhcpNameServer] 192.168.80.53
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}: [DhcpNameServer] 192.168.140.42
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\341607D2055726C69636: [DhcpNameServer] 192.168.203.245
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\341607D2055726C69636: [DhcpDomain] access.network
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\34163796E6F60224162727965627560254E676869656E6: [DhcpNameServer] 10.197.0.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\34163796E6F60224162727965627560254E676869656E6: [DhcpDomain] wifirst.net
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\35471676961696275637: [DhcpNameServer] 195.36.145.100 195.36.228.100
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\563707163656023657C647572756C6: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\563707163656023657C647572756C6: [DhcpDomain] home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\7416C61687970214132353030334: [DhcpNameServer] 192.168.249.18
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\845514755494D224532383D25374D293447323: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\845514755494D224532383D293447323: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F523E24374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F523E24374: [DhcpDomain] .home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F55374: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\848473236513F554543454F55374: [DhcpDomain] .home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\C496675626F687D213632403: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\C496675626F687D213632403: [DhcpDomain] home
Tcpip\..\Interfaces\{6d1b940e-f4f9-4cf0-b675-c55c1650c4ce}\E454452554749454: [DhcpNameServer] 185.48.254.18 85.14.174.253
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Profile: C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default [2023-10-25]
Edge Extension: (Google Docs Offline) - C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-25]
Edge Extension: (Edge relevant text changes) - C:\Users\EMI\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-25]
FireFox:
========
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\dtplugin\npDeployJava1.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.231.2 -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\plugin2\npjp2.dll [2019-11-04] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default [2024-02-27]
CHR DownloadDir: D:\downloads
CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://www.fnac.com; hxxps://www.nova.fr
CHR DefaultSearchURL: Default -> hxxp://selected-search.com/search?q={searchTerms}&
CHR DefaultSearchKeyword: Default -> ss
CHR Extension: (The Search Selector) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhdinjalofclbacjijgifpahcnjapclb [2020-07-22]
CHR Extension: (Adblock Plus - bloqueur de publicités gratuit) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2023-08-27]
CHR Extension: (Google Docs hors connexion) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-16]
CHR Extension: (Screenshot YouTube) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjoijpfmdhbjkkgnmahganhoinjjpohk [2021-12-21]
CHR Extension: (Shazam : le nom des chansons en un clic) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2023-10-11]
CHR Extension: (Paiements via le Chrome Web Store) - C:\Users\EMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Profile: C:\Users\EMI\AppData\Local\Google\Chrome\User Data\System Profile [2019-08-21]
CHR HKLM\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKLM\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKLM\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKU\S-1-5-21-3082767965-3652706906-2016044323-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
CHR HKLM-x32\...\Chrome\Extension: [bhdinjalofclbacjijgifpahcnjapclb]
CHR HKLM-x32\...\Chrome\Extension: [jgfblpnggnjhmdbidfmoidoglbcbnfoi]
CHR HKLM-x32\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc]
Opera:
=======
OPR Profile: C:\Users\EMI\AppData\Roaming\Opera Software\Opera Stable [2020-11-13]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
S2 AERTFilters; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [115648 2015-08-03] (Andrea Electronics -> Andrea Electronics Corporation)
S4 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S4 AlienFusionService; C:\Program Files\Alienware\Command Center\AlienFusionService.exe [16104 2014-10-30] (Dell Inc. -> Alienware)
S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-06-29] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed]
S2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [458960 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
S2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [161488 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
S2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [484560 2023-07-06] (Dell Inc -> Dell Technologies Inc.)
S2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49880 2023-06-02] (Dell Inc -> )
S2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [156064 2022-12-09] (Dell Inc -> Dell)
S4 FilmoTV Server; C:\ProgramData\FilmoTV\nssm.exe [294912 2019-07-18] () [File not signed]
S4 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC -> iolo technologies, LLC)
S2 MacDrive10Service; C:\Program Files\Mediafour\MacDrive 10\MacDrive10Service.exe [223088 2018-03-21] (Mediafour Corporation -> Mediafour Corporation)
S2 myCANAL Server; C:\ProgramData\myCANAL\nssm.exe [294912 2022-09-01] () [File not signed]
S2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [24607464 2022-08-05] (Native Instruments GmbH -> Native Instruments GmbH)
S4 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2452344 2019-07-01] (PDFescape -> Red Software)
S4 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator\common\creator-ws.exe [575352 2019-07-01] (PDFescape -> Red Software)
S4 PDFescape Desktop Update Service; C:\Program Files\PDFescape Desktop\updater-ws.exe [1383800 2019-07-01] (PDFescape -> Red Software)
S2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [405136 2016-12-16] (SafeNet Canada, Inc. -> SafeNet, Inc.)
S2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1261200 2016-12-14] (SafeNet Canada, Inc. -> SafeNet, Inc)
S2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc. -> SafeNet, Inc.)
S2 slpd; C:\Windows\SysWOW64\slpd.exe [102400 2011-02-17] () [File not signed]
S2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [160608 2023-10-09] (Dell Inc -> Dell Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-10-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe [495720 2018-07-04] (Wondershare Technology Co.,Ltd -> Wondershare) <==== ATTENTION
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 bomebus; C:\WINDOWS\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S1 CBDisk; C:\WINDOWS\system32\drivers\CBDisk.sys [70344 2015-06-09] (EldoS Corporation -> EldoS Corporation)
S3 DBUtilDrv2; C:\WINDOWS\System32\drivers\DBUtilDrv2.sys [24968 2023-10-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36728 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
S3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [46640 2023-08-29] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [10752 2013-01-24] (Microsoft Windows Hardware Compatibility Publisher -> OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] (Compal Electronics, Inc. -> )
S1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2020-11-08] (Martin Malik - REALiX -> REALiX(tm))
R0 MDAPFS; C:\Windows\System32\Drivers\MDAPFS.sys [458800 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDAPFSCT; C:\Windows\System32\Drivers\MDAPFSCT.sys [47944 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDDISK; C:\Windows\System32\Drivers\MDDISK.sys [37808 2017-12-04] (Mediafour Corporation -> Other World Computing)
S0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [321856 2017-12-04] (Mediafour Corporation -> Other World Computing)
R0 MDMOUNT; C:\Windows\System32\Drivers\MDMOUNT.sys [29064 2017-12-04] (Mediafour Corporation -> Other World Computing)
S3 nimc3audio; C:\WINDOWS\System32\Drivers\nimc3audio.sys [374296 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH)
S3 nimc3usb; C:\WINDOWS\System32\drivers\nimc3usb.sys [91088 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc. -> Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc. -> Razer Inc)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 stdcfltn; C:\WINDOWS\System32\DRIVERS\stdcfltn.sys [23216 2015-01-09] (STMicroelectronics -> ST Microelectronics)
S3 teVirtualMIDI64; C:\WINDOWS\System32\drivers\teVirtualMIDI64.sys [53120 2019-12-07] (Tobias Erichsen -> Tobias Erichsen)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2016-12-21] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [27064 2016-07-06] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-10-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [572712 2023-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [140672 2014-11-24] (Microsoft Windows Hardware Compatibility Publisher -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105872 2023-10-07] (Microsoft Windows -> Microsoft Corporation)
S3 MpKsl72da0771; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80163905-E30D-4E3D-A898-DBDD91690F65}\MpKslDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-27 11:50 - 2024-02-27 11:51 - 000029335 _____ C:\Users\EMI\Desktop\FRST.txt
2024-02-27 11:50 - 2024-02-27 11:51 - 000000000 ____D C:\FRST
2024-02-27 11:44 - 2024-02-27 11:44 - 000571366 _____ C:\Users\EMI\Desktop\ZHPDiag.html
2024-02-27 11:44 - 2024-02-27 11:44 - 000430041 _____ C:\Users\EMI\Desktop\ZHPDiag.txt
2024-02-27 11:34 - 2024-02-27 11:47 - 000000000 ____D C:\Users\EMI\AppData\Roaming\ZHP
2024-02-27 11:34 - 2024-02-27 11:34 - 000000863 _____ C:\Users\EMI\Desktop\ZHPSuite.lnk
2024-02-27 11:34 - 2024-02-27 11:34 - 000000000 ____D C:\Users\EMI\AppData\Local\ZHP
2024-02-27 11:34 - 2024-02-27 11:19 - 003538592 _____ (Nicolas Coolman) C:\Users\EMI\Desktop\ZHPSuite.exe
2024-02-27 11:34 - 2024-02-27 11:17 - 002386944 _____ (Farbar) C:\Users\EMI\Desktop\FRST64 (2).exe
==================== Three months (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2024-02-27 11:51 - 2023-10-19 09:53 - 003260452 _____ C:\WINDOWS\ntbtlog.txt
2024-02-27 11:38 - 2021-05-26 12:50 - 001049538 _____ C:\WINDOWS\system32\perfh00C.dat
2024-02-27 11:38 - 2021-05-26 12:50 - 000269618 _____ C:\WINDOWS\system32\perfc00C.dat
2024-02-27 11:38 - 2021-05-26 11:20 - 000006144 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-27 11:33 - 2023-10-19 09:53 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-02-27 11:33 - 2020-09-27 07:50 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-27 11:33 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-02-27 11:32 - 2021-12-19 20:13 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-27 11:32 - 2020-09-27 08:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-27 11:32 - 2019-08-21 08:47 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-27 11:31 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-27 11:30 - 2020-09-27 07:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-27 11:30 - 2018-10-14 19:50 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-27 11:30 - 2018-10-14 19:48 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2024-02-27 11:24 - 2019-08-31 14:35 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-02-27 11:23 - 2021-05-26 11:13 - 000000000 ____D C:\Users\EMI
2024-02-27 11:15 - 2019-12-14 11:54 - 000000000 ____D C:\Users\EMI\AppData\Local\Adobe
==================== Files in the root of some directories ========
2020-05-29 21:30 - 2020-05-29 21:30 - 000304864 _____ () C:\Users\EMI\AppData\Roaming\Bacagude
2020-05-16 23:30 - 2020-05-16 23:30 - 000310915 _____ () C:\Users\EMI\AppData\Roaming\Bomiponohe
2020-06-12 10:59 - 2020-06-12 10:59 - 000352786 _____ () C:\Users\EMI\AppData\Roaming\Gifepe
2020-12-23 19:22 - 2023-04-18 09:29 - 000000016 _____ () C:\Users\EMI\AppData\Roaming\msregsvv.dll
2020-04-09 23:01 - 2020-09-08 17:59 - 000000381 _____ () C:\Users\EMI\AppData\Roaming\WB.CFG
2020-06-13 08:42 - 2020-06-13 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT4F2C.tmp
2020-06-13 08:42 - 2020-06-13 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT4F2D.tmp
2020-09-27 08:42 - 2020-09-27 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT8986.tmp
2020-09-27 08:42 - 2020-09-27 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BIT8996.tmp
2020-06-14 08:42 - 2020-06-14 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BITAB1C.tmp
2020-06-14 08:42 - 2020-06-14 08:42 - 000000000 _____ () C:\Users\EMI\AppData\Local\BITAB2D.tmp
2021-10-01 11:17 - 2021-10-01 11:17 - 000000091 _____ () C:\Users\EMI\AppData\Local\fusioncache.dat
2019-12-23 12:10 - 2019-12-23 12:10 - 000000000 _____ () C:\Users\EMI\AppData\Local\oobelibMkey.log
2019-11-13 08:27 - 2019-11-13 08:27 - 000000079 _____ () C:\Users\EMI\AppData\Local\Temp{8E2FF397-A327-4B40-962D-61A48186742A}.ini
==================== SigCheckExt =========================
2019-03-19 05:45 - 2019-03-19 05:45 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionMgr.dll
2021-05-13 19:52 - 2021-05-13 19:52 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\bindflt.dll
2019-03-19 05:44 - 2019-03-19 05:44 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\canonurl.dll
2020-12-09 17:47 - 2020-12-09 17:47 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CMFNVSDeviceBridge.dll
2021-04-09 11:35 - 2016-12-16 11:12 - 000087040 _____ C:\WINDOWS\system32\custmon64.dll
2017-09-29 14:42 - 2017-09-29 14:42 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcComImplementations.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 001210368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dml.dll
2021-01-13 23:56 - 2021-01-13 23:56 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2021-01-13 23:56 - 2021-01-13 23:56 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2019-09-07 14:11 - 2019-09-07 14:11 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamemonitor.dll
2018-07-21 16:58 - 2018-06-29 06:11 - 004876800 _____ (Gracenote, Inc.) C:\WINDOWS\system32\gnsdk_fp.dll
2019-09-07 14:11 - 2019-09-07 14:11 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-04-12 00:33 - 2018-04-12 00:33 - 003447296 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\HPScanTRDrvWn8.dll
2018-04-12 00:33 - 2018-04-12 00:33 - 000303616 _____ (Hewlett-Packard) C:\WINDOWS\system32\HPWia2DrvRootWn8.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPPMon.dll
2019-12-23 17:41 - 2011-12-07 19:37 - 000148992 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2019-09-07 14:11 - 2019-09-07 14:11 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Core.dll
2018-06-16 04:25 - 2018-06-08 06:59 - 003124224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2019-03-19 05:43 - 2019-03-19 05:43 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mitigationscanner.exe
2021-02-09 18:21 - 2019-12-03 18:33 - 000026112 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalmon.dll
2021-02-09 18:21 - 2019-12-03 18:33 - 000016896 _____ (Copyright (c) Code Industry Ltd ) C:\WINDOWS\system32\mpelocalui.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000049664 _____ C:\WINDOWS\system32\PerceptionSimulationInput.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneDataSync.dll
2019-03-19 05:45 - 2019-03-19 05:45 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecureBioSysprep.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvcPAL.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmClientApi.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2017-09-29 14:41 - 2017-09-29 14:41 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\VrdUmed.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedic.exe
2021-01-13 23:57 - 2021-01-13 23:57 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.internal.shellcommon.ShellPosition.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000300032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Sets.dll
2019-12-23 17:41 - 2017-07-30 12:50 - 003799552 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw64.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000784384 _____ C:\WINDOWS\system32\xvidcore.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000310784 _____ C:\WINDOWS\system32\xvidvfw.dll
2019-03-19 05:45 - 2019-03-19 05:45 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\canonurl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cflapi.dll
2017-09-29 14:42 - 2017-09-29 14:42 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreShellExtFramework.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 001161216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dml.dll
2021-10-12 11:21 - 2020-01-30 11:50 - 003296256 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\FarPoint.Spread8U.Excel2007.dll
2019-12-23 17:41 - 2015-10-24 18:00 - 000112128 _____ C:\WINDOWS\SysWOW64\ff_vfw.dll
2021-10-12 11:21 - 2020-01-30 11:50 - 000766025 _____ (FarPoint Technologies, Inc.) C:\WINDOWS\SysWOW64\fpimage.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamemonitor.dll
2019-12-23 17:41 - 2011-12-07 19:32 - 000216064 _____ ( ) C:\WINDOWS\SysWOW64\lagarith.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsTelemetry.dll
2021-10-01 11:17 - 2011-02-17 16:44 - 000102400 _____ C:\WINDOWS\SysWOW64\slpd.exe
2021-10-01 11:17 - 2012-05-29 15:37 - 000069632 _____ C:\WINDOWS\SysWOW64\slptool.exe
2017-09-29 14:42 - 2017-09-29 14:42 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2017-09-29 14:42 - 2017-09-29 14:42 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tier2punctuations.dll
2019-12-23 17:41 - 2017-07-30 12:50 - 003850240 _____ (x264vfw project) C:\WINDOWS\SysWOW64\x264vfw.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000681984 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2019-12-23 17:41 - 2019-12-04 11:00 - 000284160 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2020-04-09 10:39 - 2020-04-09 07:41 - 1271901190 _____ (Igor Pavlov) C:\Users\EMI\Desktop\ableton_live_suite_10.1.6_64.iso.7z.exe
2021-06-07 21:02 - 2021-01-02 00:59 - 005220352 _____ C:\Users\EMI\Desktop\adb.exe
2021-06-07 21:02 - 2021-01-02 00:59 - 000097792 _____ (Google, inc) C:\Users\EMI\Desktop\AdbWinApi.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000062976 _____ (Google, inc) C:\Users\EMI\Desktop\AdbWinUsbApi.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 050103296 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avcodec-58.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 011094016 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avformat-58.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000866304 _____ (FFmpeg Project) C:\Users\EMI\Desktop\avutil-56.dll
2024-02-27 11:34 - 2024-02-27 11:17 - 002386944 _____ (Farbar) C:\Users\EMI\Desktop\FRST64 (2).exe
2021-06-07 21:01 - 2021-01-02 00:59 - 000627589 _____ C:\Users\EMI\Desktop\scrcpy.exe
2021-06-07 21:02 - 2021-01-02 00:59 - 001561088 _____ () C:\Users\EMI\Desktop\SDL2.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000433664 _____ (FFmpeg Project) C:\Users\EMI\Desktop\swresample-3.dll
2021-06-07 21:02 - 2021-01-02 00:59 - 000552960 _____ (FFmpeg Project) C:\Users\EMI\Desktop\swscale-5.dll
2024-02-27 11:34 - 2024-02-27 11:19 - 003538592 _____ (Nicolas Coolman) C:\Users\EMI\Desktop\ZHPSuite.exe
2020-12-23 19:22 - 2023-04-18 09:29 - 000000016 _____ C:\Users\EMI\AppData\Roaming\msregsvv.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{906d132a-1dc6-11e6-89cf-806e6f6e6963}
{f0dd8695-08a1-11e6-8345-806e6f6e6963}
{233deb20-d55b-11ee-8d0b-806e6f6e6963}
{906d132b-1dc6-11e6-89cf-806e6f6e6963}
{61e12fa0-81ec-11f2-8263-806e6f6e6963}
{5cecd55c-bc6f-11eb-8c28-806e6f6e6963}
{5cecd55d-bc6f-11eb-8c28-806e6f6e6963}
{5cecd55e-bc6f-11eb-8c28-806e6f6e6963}
timeout 0
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-GB
inherit {globalsettings}
default {current}
resumeobject {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0
Firmware Application (101fffff)
-------------------------------
identifier {233deb20-d55b-11ee-8d0b-806e6f6e6963}
description USB Storage Device
Firmware Application (101fffff)
-------------------------------
identifier {5cecd55c-bc6f-11eb-8c28-806e6f6e6963}
description EFI USB Device
Firmware Application (101fffff)
-------------------------------
identifier {5cecd55d-bc6f-11eb-8c28-806e6f6e6963}
description EFI DVD/CDROM
Firmware Application (101fffff)
-------------------------------
identifier {5cecd55e-bc6f-11eb-8c28-806e6f6e6963}
description EFI Network
Firmware Application (101fffff)
-------------------------------
identifier {61e12fa0-81ec-11f2-8263-806e6f6e6963}
description Network
Firmware Application (101fffff)
-------------------------------
identifier {906d132a-1dc6-11e6-89cf-806e6f6e6963}
description Hard Drive
Firmware Application (101fffff)
-------------------------------
identifier {906d132b-1dc6-11e6-89cf-806e6f6e6963}
description CD/DVD/CD-RW Drive
Firmware Application (101fffff)
-------------------------------
identifier {f0dd8695-08a1-11e6-8345-806e6f6e6963}
description mSATA
Windows Boot Loader
-------------------
identifier {41f91d98-171a-11e6-b4b9-b5ce41306c8d}
device ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{41f91d99-171a-11e6-b4b9-b5ce41306c8d}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-GB
inherit {bootloadersettings}
displaymessage Recovery
displaymessageoverride Recovery
osdevice ramdisk=[unknown]\Recovery\WindowsRE\Winre.wim,{41f91d99-171a-11e6-b4b9-b5ce41306c8d}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Windows Boot Loader
-------------------
identifier {ebcdf32f-cf45-11e3-91dc-ecf4bb2ae70a}
device ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale fr-FR
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume6]\Recovery\WindowsRE\Winre.wim,{ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a}
systemroot \windows
nx OptIn
bootmenupolicy Standard
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-GB
inherit {bootloadersettings}
recoverysequence {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c}
nx OptIn
bootmenupolicy Standard
Windows Boot Loader
-------------------
identifier {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c}
device ramdisk=[\Device\HarddiskVolume8]\Recovery\WindowsRE\Winre.wim,{f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-GB
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume8]\Recovery\WindowsRE\Winre.wim,{f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes
Resume from Hibernate
---------------------
identifier {f23fa4b5-be1a-11eb-8d71-ab810b7b5c3c}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-GB
inherit {resumeloadersettings}
recoverysequence {f23fa4b7-be1a-11eb-8d71-ab810b7b5c3c}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume3
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-GB
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems No
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {ebcdf330-cf45-11e3-91dc-ecf4bb2ae70a}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume6
ramdisksdipath \Recovery\WindowsRE\boot.sdi
Device options
--------------
identifier {f23fa4b8-be1a-11eb-8d71-ab810b7b5c3c}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume8
ramdisksdipath \Recovery\WindowsRE\boot.sdi
==================== End of FRST.txt ========================