Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02
Ran by hp (administrator) on DESKTOP-OO31T5H (Hewlett-Packard HP EliteBook 820 G1) (29-11-2023 20:16:45)
Running from C:\Users\hp\Downloads\FRST64.exe
Loaded Profiles: hp
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) Language: Chinese (Simplified, China) -> English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <6>
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avpui.exe
(C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
(explorer.exe ->) (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIUPE.EXE
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <5>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <38>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Node.js Foundation -> Node.js) C:\Users\hp\AppData\Roaming\Java\jre8\bin\java.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2338.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2308.3.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-20] (IDT, Inc.) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [65149984 2023-11-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" [65185712 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2591152 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [Microsoft Edge Update] => C:\Users\hp\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-11-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [MicrosoftEdgeAutoLaunch_F072E8F080C5A31FE150A3CA4B35FB6A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUPE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [DigitalPulse] => C:\Users\hp\AppData\Roaming\DigitalPulse\DigitalPulseService.exe [10453760 2023-08-10] (Digital Pulse -> ) <==== ATTENTION
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [imon] => wscript.exe "C:\Users\hp\AppData\Roaming\Microsoft\Windows NT\imon.js" [176 2023-10-02] () [File not signed]
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\MountPoints2: {4ac686c1-f4ff-11ed-9b12-4ceb4221e84a} - "E:\华为手机助手安装向导.exe"
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\MountPoints2: {5bffc5b5-3549-11ee-9b1c-4ceb4221e84a} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-09-25] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON L3110 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBUPE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {B8378989-A398-438D-98A3-C5BF64DCFA16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {372AEE76-BF4A-4D54-8FF0-1D4A4C3F939F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {50DC6BA4-3749-4168-AF7E-FD536492B770} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {83EDB4EF-8F0C-4BA3-9518-62CA6270FB64} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {E0ACD587-8CEF-41FD-8453-EF7A8665008D} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\hp\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe [4906752 2023-08-10] (Digital Pulse -> ) <==== ATTENTION
Task: {A9FFF67E-1EF7-4DA2-8917-89F7ABD1B973} - System32\Tasks\EPSON L3110 Series Update {FE84A7A1-8A11-49FD-A96A-6E50FD5CFA19} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {6525F685-B0A8-491F-997B-EDEE4E38660A} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [6439584 2021-11-15] (HP Inc. -> HP Inc.)
Task: {16EC6566-E4C6-4295-91C4-CFDDA229D10B} - System32\Tasks\HPCustParticipation HP LaserJet MFP M129-M134 => C:\Program Files\HP\HP LaserJet MFP M129-M134\Bin\HPCustPartic.exe [6663328 2022-03-09] (HP Inc. -> HP Inc.)
Task: {9D4FE8A0-AA5B-458B-8A1F-1B16C51553E8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [728488 2023-11-07] (AO Kaspersky Lab -> AO Kaspersky Lab)
Task: {E2CC767F-BE1B-47C6-8F60-A65A02FB2E9D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File)
Task: {A9DCF2D5-47D3-4B06-A9FF-CD7E24A158D4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26916568 2023-10-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {0028A5DA-048F-48FA-A092-BD70CB425767} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26916568 2023-10-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {06EE6F25-1EA0-4A6C-BC8B-6F83D2A86D6D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DBF554A-F283-4E83-B850-8BC45BCC22AB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E6AF4608-6490-4684-96FF-50C5CA405203} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C403013-38C0-48C7-BFB6-4340931E3118} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {999A8C8F-0B48-4502-AD74-DDC9C604559A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {03DDD375-0563-4A04-A786-784D1CEE4033} - System32\Tasks\Microsoft\OneCore\DirectX\LXPCworking => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe [58864 2022-06-25] (Microsoft Corporation -> Microsoft Corporation) -> /unregister "C:\Program Files (x86)\KeysHttp\DarkTranj\cscapnzswsBKEY61.dll" <==== ATTENTION
Task: {620E2238-D4EA-4489-A678-2941A3DFFA44} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File)
Task: {EE2893CB-87AE-4FF6-9F47-259872CD6789} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0FF337D-C332-4FC8-9EF8-4EC7D2BC65A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF4D8A26-4D43-4E6C-BC47-BBD3D271C5D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19D7380D-C32F-4B53-90D3-01FB861082EE} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001Core{2A6CB0F5-1E6B-4262-ACC3-D3CA7DF8DF96} => C:\Users\hp\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206296 2023-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C1F09C36-8B94-4817-91CC-388025C9B1A3} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001UA{15F7D943-EB4E-4DD3-AA85-EB53A237CE42} => C:\Users\hp\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206296 2023-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0B3786F-512A-47E2-A6E8-3DC36EEF03E8} - System32\Tasks\nhdues.exe => C:\Users\hp\AppData\Local\Temp\1ff8bec27e\nhdues.exe (No File) <==== ATTENTION
Task: {11DF89FA-3A56-44F9-ACF2-88560C9FC203} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF241A02-FF51-4A36-BC23-9D0F301228A8} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3239584733-2071816809-1449778513-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {615A0CFC-5522-4F82-8DED-936948F840C1} - System32\Tasks\VOauExQRhSdgJhJ2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-05-18] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\pLEtgnEXU\UsQgAc.dll",#1 <==== ATTENTION
Task: {166C760B-5B19-4567-83DF-21FC3F5F8553} - System32\Tasks\WindowsAppPool\sUaud76NdhgaHbd => C:\Users\hp\AppData\Local\Temp\sUaud76NdhgaHbd.exe (No File) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON L3110 Series Update {FE84A7A1-8A11-49FD-A96A-6E50FD5CFA19}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE:/EXE:{FE84A7A1-8A11-49FD-A96A-6E50FD5CFA19} /F:UpdateWORKGROUP\DESKTOP-OO31T5H$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\VOauExQRhSdgJhJ.job => C:\Program Files (x86)\pLEtgnEXU\dFYzCK.dll
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.16.4.1
Tcpip\..\Interfaces\{75ed1d32-3200-4d9d-9b10-7650a6f082fe}: [DhcpNameServer] 172.16.4.1
Tcpip\..\Interfaces\{fa12a564-c8e6-4b7f-8c46-1d79d6cbb33d}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-29]
Edge Notifications: Default -> hxxps://captchaone.lm.r.appspot.com; hxxps://cleancaptcha.lm.r.appspot.com; hxxps://vipcaptchanow.ew.r.appspot.com; hxxps://web.whatsapp.com; hxxps://www.facebook.com
Edge HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
Edge StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
Edge DefaultSearchURL: Default -> hxxps://x-finder.pro/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> x-finder.pro
Edge DefaultSuggestURL: Default -> hxxps://x-finder.pro/search/suggest.php?q={searchTerms}
Edge Extension: (YoutubeDownloader) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\geiolieogaichbpfhcannipendgnnbkn [2023-11-07] [UpdateUrl:hxxps://clients57.google.com/service/update2/crx] <==== ATTENTION
Edge Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-16]
Edge Extension: (SaveFrom.net helper) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hndfjogdceachkbgioglehonpejcdhem [2023-11-13]
Edge Extension: (Edge relevant text changes) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]
Edge Extension: (X-finder.pro) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem [2023-09-30]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-09-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP21.15; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe [32008 2023-10-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11818600 2023-10-05] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2018-01-29] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncHelper.exe [3509792 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2022-06-24] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 klvssbridge64_21.15; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\vssbridge64.exe [544680 2023-10-12] (AO Kaspersky Lab -> AO Kaspersky Lab)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.226.1031.0003\OneDriveUpdaterService.exe [3846064 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-20] (IDT, Inc.) [File not signed]
U3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2023-05-18] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2023-05-18] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 Intel(R) TPM Provisioning Service; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe" [X]
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 360Sensor_DM; C:\Windows\system32\drivers\360Sensor_DM64.sys [78040 2022-10-11] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [245088 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 klbackupdisk.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klbackupdisk.sys [83504 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klbackupflt.sys [214568 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\kldisk.sys [101936 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2023-10-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klflt.sys [551344 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klgse.sys [742224 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klhk.sys [1896256 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 klids.K4W-21-15; C:\ProgramData\Kaspersky Lab\AVP21.15\Bases\klids.sys [235704 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klif.sys [1154480 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [70680 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klkbdflt.sys [93720 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klmouflt.sys [89536 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klpd.sys [55216 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klpnpflt.sys [77760 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-15_arkmon; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_arkmon.sys [384656 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-15_klark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klark.sys [354640 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-15_klbg; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klbg.sys [183120 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-15_mark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_mark.sys [262712 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klwfp.sys [152000 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klwtp.sys [394800 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\kneps.sys [327216 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 scsiscan; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [21504 2023-05-18] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2014-01-20] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-09-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-01] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-29 22:50 - 2023-11-29 22:50 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2023-11-29 22:22 - 2023-11-29 22:22 - 000182017 _____ C:\Users\hp\Desktop\jnib.pdf
2023-11-29 22:15 - 2023-11-29 22:18 - 000000000 ____D C:\Users\hp\Desktop\endommagés
2023-11-29 22:13 - 2023-11-29 22:14 - 001356079 _____ C:\Users\hp\Downloads\MARKETING_INTERNATIONAL_Sequence_4_La_de.pdf
2023-11-29 20:16 - 2023-11-29 20:17 - 000029407 _____ C:\Users\hp\Downloads\FRST.txt
2023-11-29 20:13 - 2023-11-29 20:17 - 000000000 ____D C:\FRST
2023-11-29 19:50 - 2023-11-29 19:51 - 002383872 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2023-11-13 23:32 - 2023-11-13 23:32 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2023-11-13 23:32 - 2023-11-13 23:32 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2023-11-13 23:32 - 2023-11-13 23:32 - 000003470 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2023-11-13 23:32 - 2023-11-13 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2023-11-13 23:32 - 2023-11-13 23:32 - 000000000 ____D C:\Program Files\KMSpico
2023-11-13 23:32 - 2010-12-06 10:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2023-11-08 17:12 - 2023-11-08 17:12 - 000890849 _____ C:\Users\hp\Downloads\Les_Grandes_Theories_du_Marketing.pdf
2023-11-07 14:40 - 2023-11-07 14:59 - 000000330 _____ C:\WINDOWS\Tasks\VOauExQRhSdgJhJ.job
2023-11-07 01:45 - 2023-11-13 23:28 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2023-11-07 01:45 - 2023-11-07 01:45 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage
2023-11-07 01:44 - 2023-11-07 01:44 - 000003240 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2023-11-07 01:44 - 2023-11-07 01:44 - 000000000 ____D C:\Program Files\Common Files\AV
2023-11-07 01:43 - 2023-11-07 01:43 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk
2023-11-07 01:43 - 2023-11-07 01:43 - 000002268 _____ C:\Users\Public\Desktop\Kaspersky.lnk
2023-11-07 01:42 - 2023-11-07 01:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\K4W-21-15
2023-11-07 01:42 - 2023-11-07 01:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2023-11-07 01:42 - 2023-11-07 01:42 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2023-11-07 01:38 - 2023-11-07 01:38 - 000000000 ____D C:\Program Files (x86)\VBMsLqLYwDUn
2023-11-07 01:35 - 2023-11-07 14:59 - 000000000 ____D C:\Program Files (x86)\bjiixYyONUZU2
2023-11-07 01:35 - 2023-11-07 01:38 - 000003008 _____ C:\WINDOWS\system32\Tasks\VOauExQRhSdgJhJ2
2023-11-07 01:35 - 2023-11-07 01:38 - 000000000 ____D C:\ProgramData\qpWiLFLNAyPZgwVB
2023-11-07 01:34 - 2023-11-07 01:34 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2023-11-07 01:32 - 2023-11-07 15:08 - 000000000 ____D C:\Program Files (x86)\pLEtgnEXU
2023-11-07 01:32 - 2023-11-07 01:32 - 000009846 __RSH C:\ProgramData\ntuser.pol
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-29 22:50 - 2023-06-27 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office
2023-11-29 22:50 - 2023-05-15 18:33 - 000000000 ____D C:\Program Files\Microsoft Office
2023-11-29 22:28 - 2023-05-18 06:13 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-11-29 22:27 - 2023-03-22 13:13 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Word
2023-11-29 22:26 - 2023-09-30 10:30 - 000000000 ____D C:\Users\hp\AppData\Local\ElevatedDiagnostics
2023-11-29 22:21 - 2023-05-18 20:02 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-11-29 22:13 - 2023-05-17 01:26 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-11-29 22:12 - 2023-05-18 06:13 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3239584733-2071816809-1449778513-1001
2023-11-29 22:12 - 2023-05-18 06:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-11-29 22:12 - 2023-05-15 18:59 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-29 20:13 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2023-11-29 20:12 - 2023-05-18 06:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-11-29 19:35 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-13 18:40 - 2023-03-22 13:13 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\UProof
2023-11-08 16:29 - 2023-03-22 13:24 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Excel
2023-11-08 15:58 - 2023-02-15 14:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles
2023-11-08 15:58 - 2023-02-15 14:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-11-07 15:12 - 2023-05-18 06:13 - 002199972 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-07 15:12 - 2023-05-18 05:30 - 000744428 _____ C:\WINDOWS\system32\perfh00C.dat
2023-11-07 15:12 - 2023-05-18 05:30 - 000141734 _____ C:\WINDOWS\system32\perfc00C.dat
2023-11-07 15:12 - 2019-12-07 22:43 - 000394222 _____ C:\WINDOWS\system32\prfh0804.dat
2023-11-07 15:12 - 2019-12-07 22:43 - 000124908 _____ C:\WINDOWS\system32\prfc0804.dat
2023-11-07 15:09 - 2023-05-13 19:28 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-11-07 15:09 - 2023-05-13 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-11-07 15:09 - 2023-05-13 19:28 - 000000000 ____D C:\Program Files\WinRAR
2023-11-07 15:07 - 2023-05-18 06:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-07 15:07 - 2023-05-18 06:05 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-07 15:07 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-11-07 15:01 - 2023-09-18 01:30 - 000000000 ____D C:\WINDOWS\Minidump
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\QzftvhLwaiOqODueOWR
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\KQYxCPACisumC
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\ddDtwWRrXXhU2
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\AOmDpeoEU
2023-11-07 14:59 - 2023-09-30 10:45 - 000000000 __SHD C:\ProgramData\x64netJS
2023-11-07 14:59 - 2023-09-30 10:30 - 000000000 ____D C:\WINDOWS\SysWOW64\pfaidjxl
2023-11-07 14:59 - 2023-09-30 10:29 - 000000000 ____D C:\Program Files (x86)\PowerControl
2023-11-07 14:59 - 2023-05-18 06:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Network
2023-11-07 14:38 - 2023-05-18 06:06 - 000000000 ____D C:\Users\hp
2023-11-07 14:37 - 2023-09-30 10:32 - 000000004 _____ C:\ProgramData\lock.dat
2023-11-07 14:37 - 2023-09-30 10:30 - 000000000 ____D C:\ProgramData\ContentDVSvc
2023-11-07 14:35 - 2023-09-30 10:32 - 000000024 _____ C:\ProgramData\rta.C038
2023-11-07 01:53 - 2023-09-30 10:37 - 000000000 ___HD C:\WINDOWS\rss
2023-11-07 01:49 - 2023-09-30 10:30 - 000000000 ____D C:\Users\hp\AppData\Local\b6cfe5e3-c153-4569-b94c-773bb0c2da77
2023-11-07 01:43 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-11-07 01:42 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-11-07 01:35 - 2023-01-13 04:04 - 000000000 ____D C:\Users\hp\AppData\Local\VirtualStore
2023-11-07 01:33 - 2023-05-18 06:13 - 000003868 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001UA{15F7D943-EB4E-4DD3-AA85-EB53A237CE42}
2023-11-07 01:33 - 2023-05-18 06:13 - 000003798 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001Core{2A6CB0F5-1E6B-4262-ACC3-D3CA7DF8DF96}
2023-11-07 01:33 - 2023-05-18 06:13 - 000003262 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{A0006C4F-F428-495B-9F47-2669A7BE8F08}
2023-11-07 01:33 - 2023-05-18 06:13 - 000003138 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{156F21CD-CDE6-43E5-A949-C7FB99C6BC24}
==================== Files in the root of some directories ========
2023-09-30 10:32 - 2023-11-07 14:37 - 000000004 _____ () C:\ProgramData\lock.dat
2023-10-02 14:18 - 2023-10-02 16:13 - 000000004 _____ () C:\ProgramData\rc.dat
2023-09-30 10:32 - 2023-09-30 10:32 - 000000008 _____ () C:\ProgramData\ts.dat
2023-09-30 10:31 - 2023-09-30 10:31 - 000000560 _____ () C:\Users\hp\AppData\Local\bowsakkdestx.txt
2023-05-17 18:20 - 2023-05-17 18:20 - 000000410 _____ () C:\Users\hp\AppData\Local\oobelibMkey.log
==================== FLock ==============================
2023-11-07 14:59 C:\WINDOWS\SysWOW64\pfaidjxl
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Ran by hp (administrator) on DESKTOP-OO31T5H (Hewlett-Packard HP EliteBook 820 G1) (29-11-2023 20:16:45)
Running from C:\Users\hp\Downloads\FRST64.exe
Loaded Profiles: hp
Platform: Microsoft Windows 10 Pro Version 22H2 19045.3448 (X64) Language: Chinese (Simplified, China) -> English (United States)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe <6>
(C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe ->) (AO Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avpui.exe
(C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe
(explorer.exe ->) (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\spool\drivers\x64\3\E_YATIUPE.EXE
(explorer.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.105.3208.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <5>
(Intel Corporation -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <38>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Node.js Foundation -> Node.js) C:\Users\hp\AppData\Roaming\Java\jre8\bin\java.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [File not signed] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2338.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2308.3.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-01-20] (IDT, Inc.) [File not signed]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1151872 2016-11-18] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" [65149984 2023-11-13] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" [65185712 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\MRT: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
HKLM\Software\Policies\...\system: [EnableSmartScreen] 0
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2591152 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [Microsoft Edge Update] => C:\Users\hp\AppData\Local\Microsoft\EdgeUpdate\1.3.181.5\MicrosoftEdgeUpdateCore.exe [264264 2023-11-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [MicrosoftEdgeAutoLaunch_F072E8F080C5A31FE150A3CA4B35FB6A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4210216 2023-09-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUPE.EXE [416896 2017-09-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [DigitalPulse] => C:\Users\hp\AppData\Roaming\DigitalPulse\DigitalPulseService.exe [10453760 2023-08-10] (Digital Pulse -> ) <==== ATTENTION
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\Run: [imon] => wscript.exe "C:\Users\hp\AppData\Roaming\Microsoft\Windows NT\imon.js" [176 2023-10-02] () [File not signed]
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\MountPoints2: {4ac686c1-f4ff-11ed-9b12-4ceb4221e84a} - "E:\华为手机助手安装向导.exe"
HKU\S-1-5-21-3239584733-2071816809-1449778513-1001\...\MountPoints2: {5bffc5b5-3549-11ee-9b1c-4ceb4221e84a} - "E:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [65160 2021-09-25] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\EPSON L3110 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBUPE.DLL [184832 2017-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\HP E111 Status Monitor: C:\WINDOWS\system32\hpinkstsE111LM.dll [393352 2017-04-14] (Hewlett Packard -> HP Inc.)
GroupPolicy: Restriction - Edge <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Edge: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {B8378989-A398-438D-98A3-C5BF64DCFA16} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {372AEE76-BF4A-4D54-8FF0-1D4A4C3F939F} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3571168 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {50DC6BA4-3749-4168-AF7E-FD536492B770} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3807712 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {83EDB4EF-8F0C-4BA3-9518-62CA6270FB64} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
Task: {E0ACD587-8CEF-41FD-8453-EF7A8665008D} - System32\Tasks\DigitalPulseUpdateTask => C:\Users\hp\AppData\Roaming\DigitalPulse\DigitalPulseUpdate.exe [4906752 2023-08-10] (Digital Pulse -> ) <==== ATTENTION
Task: {A9FFF67E-1EF7-4DA2-8917-89F7ABD1B973} - System32\Tasks\EPSON L3110 Series Update {FE84A7A1-8A11-49FD-A96A-6E50FD5CFA19} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE [680440 2017-06-07] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
Task: {6525F685-B0A8-491F-997B-EDEE4E38660A} - System32\Tasks\HPCustParticipation HP DeskJet 2130 series => C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe [6439584 2021-11-15] (HP Inc. -> HP Inc.)
Task: {16EC6566-E4C6-4295-91C4-CFDDA229D10B} - System32\Tasks\HPCustParticipation HP LaserJet MFP M129-M134 => C:\Program Files\HP\HP LaserJet MFP M129-M134\Bin\HPCustPartic.exe [6663328 2022-03-09] (HP Inc. -> HP Inc.)
Task: {9D4FE8A0-AA5B-458B-8A1F-1B16C51553E8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [728488 2023-11-07] (AO Kaspersky Lab -> AO Kaspersky Lab)
Task: {E2CC767F-BE1B-47C6-8F60-A65A02FB2E9D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => %ProgramFiles%\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (No File)
Task: {A9DCF2D5-47D3-4B06-A9FF-CD7E24A158D4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26916568 2023-10-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {0028A5DA-048F-48FA-A092-BD70CB425767} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26916568 2023-10-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {06EE6F25-1EA0-4A6C-BC8B-6F83D2A86D6D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {3DBF554A-F283-4E83-B850-8BC45BCC22AB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158872 2023-11-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E6AF4608-6490-4684-96FF-50C5CA405203} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C403013-38C0-48C7-BFB6-4340931E3118} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {999A8C8F-0B48-4502-AD74-DDC9C604559A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {03DDD375-0563-4A04-A786-784D1CEE4033} - System32\Tasks\Microsoft\OneCore\DirectX\LXPCworking => C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe [58864 2022-06-25] (Microsoft Corporation -> Microsoft Corporation) -> /unregister "C:\Program Files (x86)\KeysHttp\DarkTranj\cscapnzswsBKEY61.dll" <==== ATTENTION
Task: {620E2238-D4EA-4489-A678-2941A3DFFA44} - System32\Tasks\Microsoft\Windows\CUAssistant\CULauncher => %ProgramFiles%\CUAssistant\culauncher.exe (No File)
Task: {EE2893CB-87AE-4FF6-9F47-259872CD6789} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B0FF337D-C332-4FC8-9EF8-4EC7D2BC65A1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CF4D8A26-4D43-4E6C-BC47-BBD3D271C5D5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-09-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {19D7380D-C32F-4B53-90D3-01FB861082EE} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001Core{2A6CB0F5-1E6B-4262-ACC3-D3CA7DF8DF96} => C:\Users\hp\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206296 2023-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {C1F09C36-8B94-4817-91CC-388025C9B1A3} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001UA{15F7D943-EB4E-4DD3-AA85-EB53A237CE42} => C:\Users\hp\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206296 2023-03-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {F0B3786F-512A-47E2-A6E8-3DC36EEF03E8} - System32\Tasks\nhdues.exe => C:\Users\hp\AppData\Local\Temp\1ff8bec27e\nhdues.exe (No File) <==== ATTENTION
Task: {11DF89FA-3A56-44F9-ACF2-88560C9FC203} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {FF241A02-FF51-4A36-BC23-9D0F301228A8} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-3239584733-2071816809-1449778513-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130832 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {615A0CFC-5522-4F82-8DED-936948F840C1} - System32\Tasks\VOauExQRhSdgJhJ2 => C:\WINDOWS\system32\rundll32.exe [71680 2023-05-18] (Microsoft Windows -> Microsoft Corporation) -> "C:\Program Files (x86)\pLEtgnEXU\UsQgAc.dll",#1 <==== ATTENTION
Task: {166C760B-5B19-4567-83DF-21FC3F5F8553} - System32\Tasks\WindowsAppPool\sUaud76NdhgaHbd => C:\Users\hp\AppData\Local\Temp\sUaud76NdhgaHbd.exe (No File) <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\EPSON L3110 Series Update {FE84A7A1-8A11-49FD-A96A-6E50FD5CFA19}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUPE.EXE:/EXE:{FE84A7A1-8A11-49FD-A96A-6E50FD5CFA19} /F:UpdateWORKGROUP\DESKTOP-OO31T5H$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\VOauExQRhSdgJhJ.job => C:\Program Files (x86)\pLEtgnEXU\dFYzCK.dll
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.16.4.1
Tcpip\..\Interfaces\{75ed1d32-3200-4d9d-9b10-7650a6f082fe}: [DhcpNameServer] 172.16.4.1
Tcpip\..\Interfaces\{fa12a564-c8e6-4b7f-8c46-1d79d6cbb33d}: [DhcpNameServer] 192.168.1.254
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge DefaultProfile: Default
Edge Profile: C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-29]
Edge Notifications: Default -> hxxps://captchaone.lm.r.appspot.com; hxxps://cleancaptcha.lm.r.appspot.com; hxxps://vipcaptchanow.ew.r.appspot.com; hxxps://web.whatsapp.com; hxxps://www.facebook.com
Edge HomePage: Default -> hxxps://find-it.pro/?utm_source=distr_m
Edge StartupUrls: Default -> "hxxps://find-it.pro/?utm_source=distr_m"
Edge DefaultSearchURL: Default -> hxxps://x-finder.pro/search?q={searchTerms}
Edge DefaultSearchKeyword: Default -> x-finder.pro
Edge DefaultSuggestURL: Default -> hxxps://x-finder.pro/search/suggest.php?q={searchTerms}
Edge Extension: (YoutubeDownloader) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\geiolieogaichbpfhcannipendgnnbkn [2023-11-07] [UpdateUrl:hxxps://clients57.google.com/service/update2/crx] <==== ATTENTION
Edge Extension: (Google Docs Offline) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-16]
Edge Extension: (SaveFrom.net helper) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hndfjogdceachkbgioglehonpejcdhem [2023-11-13]
Edge Extension: (Edge relevant text changes) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-16]
Edge Extension: (X-finder.pro) - C:\Users\hp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem [2023-09-30]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-09-25]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-09-21] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3966432 2023-08-22] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AVP21.15; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe [32008 2023-10-12] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11818600 2023-10-05] (Microsoft Corporation -> Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [145224 2018-01-29] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.226.1031.0003\FileSyncHelper.exe [3509792 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2022-06-24] (Huawei Technologies Co., Ltd. -> ) [File not signed]
S3 klvssbridge64_21.15; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\vssbridge64.exe [544680 2023-10-12] (AO Kaspersky Lab -> AO Kaspersky Lab)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.226.1031.0003\OneDriveUpdaterService.exe [3846064 2023-11-29] (Microsoft Corporation -> Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI -> @ByELDI) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [340480 2014-01-20] (IDT, Inc.) [File not signed]
U3 wuauserv; C:\WINDOWS\system32\svchost.exe [55320 2023-05-18] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
U3 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [46504 2023-05-18] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 Intel(R) TPM Provisioning Service; "C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe" [X]
S4 VBoxGuest; VBoxGuest [X]
S4 VBoxMouse; VBoxMouse [X]
S4 VBoxService; VBoxService [X]
S4 VBoxSF; VBoxSF [X]
S4 VBoxVideo; VBoxVideo [X]
S4 VBoxWddm; VBoxWddm [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 360Sensor_DM; C:\Windows\system32\drivers\360Sensor_DM64.sys [78040 2022-10-11] (Beijing Qihu Technology Co., Ltd. -> 360.cn)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [245088 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R1 klbackupdisk.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klbackupdisk.sys [83504 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klbackupflt.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klbackupflt.sys [214568 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kldisk.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\kldisk.sys [101936 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [53576 2023-10-12] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klflt.sys [551344 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klgse.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klgse.sys [742224 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klhk.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klhk.sys [1896256 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 klids.K4W-21-15; C:\ProgramData\Kaspersky Lab\AVP21.15\Bases\klids.sys [235704 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 KLIF.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klif.sys [1154480 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [70680 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klkbdflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klkbdflt.sys [93720 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klmouflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klmouflt.sys [89536 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpd.K4W-21-15; C:\WINDOWS\System32\DRIVERS\K4W-21-15\klpd.sys [55216 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klpnpflt.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klpnpflt.sys [77760 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-15_arkmon; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_arkmon.sys [384656 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-15_klark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klark.sys [354640 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R0 klupd_K4W-21-15_klbg; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klbg.sys [183120 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 klupd_K4W-21-15_mark; C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_mark.sys [262712 2023-11-07] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwfp.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klwfp.sys [152000 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 klwtp.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\klwtp.sys [394800 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R1 kneps.K4W-21-15; C:\WINDOWS\system32\DRIVERS\K4W-21-15\kneps.sys [327216 2023-10-12] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 scsiscan; C:\WINDOWS\system32\DRIVERS\scsiscan.sys [21504 2023-05-18] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2014-01-20] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55872 2023-09-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2023-09-01] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-29 22:50 - 2023-11-29 22:50 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project.lnk
2023-11-29 22:22 - 2023-11-29 22:22 - 000182017 _____ C:\Users\hp\Desktop\jnib.pdf
2023-11-29 22:15 - 2023-11-29 22:18 - 000000000 ____D C:\Users\hp\Desktop\endommagés
2023-11-29 22:13 - 2023-11-29 22:14 - 001356079 _____ C:\Users\hp\Downloads\MARKETING_INTERNATIONAL_Sequence_4_La_de.pdf
2023-11-29 20:16 - 2023-11-29 20:17 - 000029407 _____ C:\Users\hp\Downloads\FRST.txt
2023-11-29 20:13 - 2023-11-29 20:17 - 000000000 ____D C:\FRST
2023-11-29 19:50 - 2023-11-29 19:51 - 002383872 _____ (Farbar) C:\Users\hp\Downloads\FRST64.exe
2023-11-13 23:32 - 2023-11-13 23:32 - 000004608 _____ C:\WINDOWS\SECOH-QAD.exe
2023-11-13 23:32 - 2023-11-13 23:32 - 000003584 _____ C:\WINDOWS\SECOH-QAD.dll
2023-11-13 23:32 - 2023-11-13 23:32 - 000003470 _____ C:\WINDOWS\system32\Tasks\AutoPico Daily Restart
2023-11-13 23:32 - 2023-11-13 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2023-11-13 23:32 - 2023-11-13 23:32 - 000000000 ____D C:\Program Files\KMSpico
2023-11-13 23:32 - 2010-12-06 10:16 - 000090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2023-11-08 17:12 - 2023-11-08 17:12 - 000890849 _____ C:\Users\hp\Downloads\Les_Grandes_Theories_du_Marketing.pdf
2023-11-07 14:40 - 2023-11-07 14:59 - 000000330 _____ C:\WINDOWS\Tasks\VOauExQRhSdgJhJ.job
2023-11-07 01:45 - 2023-11-13 23:28 - 000012288 _____ C:\WINDOWS\SysWOW64\AppRulesStorage
2023-11-07 01:45 - 2023-11-07 01:45 - 000012288 _____ C:\WINDOWS\SysWOW64\DnsStorage
2023-11-07 01:44 - 2023-11-07 01:44 - 000003240 _____ C:\WINDOWS\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2023-11-07 01:44 - 2023-11-07 01:44 - 000000000 ____D C:\Program Files\Common Files\AV
2023-11-07 01:43 - 2023-11-07 01:43 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk
2023-11-07 01:43 - 2023-11-07 01:43 - 000002268 _____ C:\Users\Public\Desktop\Kaspersky.lnk
2023-11-07 01:42 - 2023-11-07 01:43 - 000000000 ____D C:\WINDOWS\system32\Drivers\K4W-21-15
2023-11-07 01:42 - 2023-11-07 01:42 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2023-11-07 01:42 - 2023-11-07 01:42 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2023-11-07 01:38 - 2023-11-07 01:38 - 000000000 ____D C:\Program Files (x86)\VBMsLqLYwDUn
2023-11-07 01:35 - 2023-11-07 14:59 - 000000000 ____D C:\Program Files (x86)\bjiixYyONUZU2
2023-11-07 01:35 - 2023-11-07 01:38 - 000003008 _____ C:\WINDOWS\system32\Tasks\VOauExQRhSdgJhJ2
2023-11-07 01:35 - 2023-11-07 01:38 - 000000000 ____D C:\ProgramData\qpWiLFLNAyPZgwVB
2023-11-07 01:34 - 2023-11-07 01:34 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2023-11-07 01:32 - 2023-11-07 15:08 - 000000000 ____D C:\Program Files (x86)\pLEtgnEXU
2023-11-07 01:32 - 2023-11-07 01:32 - 000009846 __RSH C:\ProgramData\ntuser.pol
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-11-29 22:50 - 2023-06-27 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outils Microsoft Office
2023-11-29 22:50 - 2023-05-15 18:33 - 000000000 ____D C:\Program Files\Microsoft Office
2023-11-29 22:28 - 2023-05-18 06:13 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-11-29 22:27 - 2023-03-22 13:13 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Word
2023-11-29 22:26 - 2023-09-30 10:30 - 000000000 ____D C:\Users\hp\AppData\Local\ElevatedDiagnostics
2023-11-29 22:21 - 2023-05-18 20:02 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2023-11-29 22:13 - 2023-05-17 01:26 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-11-29 22:12 - 2023-05-18 06:13 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3239584733-2071816809-1449778513-1001
2023-11-29 22:12 - 2023-05-18 06:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-11-29 22:12 - 2023-05-15 18:59 - 000002038 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-11-29 20:13 - 2019-12-07 17:13 - 000000000 ____D C:\WINDOWS\INF
2023-11-29 20:12 - 2023-05-18 06:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-11-29 19:35 - 2019-12-07 17:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-11-13 18:40 - 2023-03-22 13:13 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\UProof
2023-11-08 16:29 - 2023-03-22 13:24 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Excel
2023-11-08 15:58 - 2023-02-15 14:28 - 000000000 __SHD C:\Users\hp\IntelGraphicsProfiles
2023-11-08 15:58 - 2023-02-15 14:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2023-11-07 15:12 - 2023-05-18 06:13 - 002199972 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-11-07 15:12 - 2023-05-18 05:30 - 000744428 _____ C:\WINDOWS\system32\perfh00C.dat
2023-11-07 15:12 - 2023-05-18 05:30 - 000141734 _____ C:\WINDOWS\system32\perfc00C.dat
2023-11-07 15:12 - 2019-12-07 22:43 - 000394222 _____ C:\WINDOWS\system32\prfh0804.dat
2023-11-07 15:12 - 2019-12-07 22:43 - 000124908 _____ C:\WINDOWS\system32\prfc0804.dat
2023-11-07 15:09 - 2023-05-13 19:28 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-11-07 15:09 - 2023-05-13 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-11-07 15:09 - 2023-05-13 19:28 - 000000000 ____D C:\Program Files\WinRAR
2023-11-07 15:07 - 2023-05-18 06:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-11-07 15:07 - 2023-05-18 06:05 - 000008192 ___SH C:\DumpStack.log.tmp
2023-11-07 15:07 - 2019-12-07 17:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-11-07 15:01 - 2023-09-18 01:30 - 000000000 ____D C:\WINDOWS\Minidump
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\QzftvhLwaiOqODueOWR
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\KQYxCPACisumC
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\ddDtwWRrXXhU2
2023-11-07 14:59 - 2023-09-30 10:48 - 000000000 ____D C:\Program Files (x86)\AOmDpeoEU
2023-11-07 14:59 - 2023-09-30 10:45 - 000000000 __SHD C:\ProgramData\x64netJS
2023-11-07 14:59 - 2023-09-30 10:30 - 000000000 ____D C:\WINDOWS\SysWOW64\pfaidjxl
2023-11-07 14:59 - 2023-09-30 10:29 - 000000000 ____D C:\Program Files (x86)\PowerControl
2023-11-07 14:59 - 2023-05-18 06:09 - 000000000 ____D C:\Users\hp\AppData\Roaming\Microsoft\Network
2023-11-07 14:38 - 2023-05-18 06:06 - 000000000 ____D C:\Users\hp
2023-11-07 14:37 - 2023-09-30 10:32 - 000000004 _____ C:\ProgramData\lock.dat
2023-11-07 14:37 - 2023-09-30 10:30 - 000000000 ____D C:\ProgramData\ContentDVSvc
2023-11-07 14:35 - 2023-09-30 10:32 - 000000024 _____ C:\ProgramData\rta.C038
2023-11-07 01:53 - 2023-09-30 10:37 - 000000000 ___HD C:\WINDOWS\rss
2023-11-07 01:49 - 2023-09-30 10:30 - 000000000 ____D C:\Users\hp\AppData\Local\b6cfe5e3-c153-4569-b94c-773bb0c2da77
2023-11-07 01:43 - 2019-12-07 17:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-11-07 01:42 - 2019-12-07 17:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-11-07 01:35 - 2023-01-13 04:04 - 000000000 ____D C:\Users\hp\AppData\Local\VirtualStore
2023-11-07 01:33 - 2023-05-18 06:13 - 000003868 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001UA{15F7D943-EB4E-4DD3-AA85-EB53A237CE42}
2023-11-07 01:33 - 2023-05-18 06:13 - 000003798 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3239584733-2071816809-1449778513-1001Core{2A6CB0F5-1E6B-4262-ACC3-D3CA7DF8DF96}
2023-11-07 01:33 - 2023-05-18 06:13 - 000003262 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{A0006C4F-F428-495B-9F47-2669A7BE8F08}
2023-11-07 01:33 - 2023-05-18 06:13 - 000003138 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{156F21CD-CDE6-43E5-A949-C7FB99C6BC24}
==================== Files in the root of some directories ========
2023-09-30 10:32 - 2023-11-07 14:37 - 000000004 _____ () C:\ProgramData\lock.dat
2023-10-02 14:18 - 2023-10-02 16:13 - 000000004 _____ () C:\ProgramData\rc.dat
2023-09-30 10:32 - 2023-09-30 10:32 - 000000008 _____ () C:\ProgramData\ts.dat
2023-09-30 10:31 - 2023-09-30 10:31 - 000000560 _____ () C:\Users\hp\AppData\Local\bowsakkdestx.txt
2023-05-17 18:20 - 2023-05-17 18:20 - 000000410 _____ () C:\Users\hp\AppData\Local\oobelibMkey.log
==================== FLock ==============================
2023-11-07 14:59 C:\WINDOWS\SysWOW64\pfaidjxl
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================