Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01 Ran by Administrator (28-09-2017 08:44:05) Running from C:\Users\Administrator.BOULET\Desktop Windows Server 2008 R2 Standard Service Pack 1 (X64) (2010-08-24 22:00:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4052908577-887183366-1266489224-500 - Administrator - Enabled) Guest (S-1-5-21-4052908577-887183366-1266489224-501 - Administrator - Disabled) krbtgt (0 - Administrator - Disabled) => %systemroot%\system32\config\systemprofile IWAM_BOULETSRV (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile IUSR_BOULETSRV (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile marco (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile charles (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile alexis (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Sforest (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile richard (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile rogerb (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile caroll (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile pierre (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile raymond (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile mimi (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Gabrielle (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Portable (0 - Administrator - Disabled) => %systemroot%\system32\config\systemprofile backup (0 - Administrator - Disabled) => %systemroot%\system32\config\systemprofile andre (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Production (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Yanick (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile admin (0 - Administrator - Disabled) => %systemroot%\system32\config\systemprofile sylvie (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile PierreB (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile adm1 (0 - Administrator - Disabled) => %systemroot%\system32\config\systemprofile sysdb (0 - Administrator - Disabled) => %systemroot%\system32\config\systemprofile Melodie (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Jerome (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile pvanier (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile salle-montre (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Punch (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile MicheleH (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Vannak (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile MichelleT (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Alexandra (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile vannak2 (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile _services (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Services (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile JulieD (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile StephanieG (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile temp (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile sebastien (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile taher (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile eda (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile UpdateUser (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Options (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Access (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile xerdox (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Senior (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile DB_ADMIN (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile PhilippeS (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile Francois (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile FRANCOISP (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile BOULETSRV$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile PIERRE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile CONFERENCE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SERGE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile VANNAK$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile AHALMAI$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile MIMI$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile PROD-MARCO$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile YANICK$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ALEXIS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SONIA$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile CHARLES$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile RAYMOND$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile GABRIELLE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile RICHARD$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile MACHINE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SOFT-NY0S4K31CR$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ORDI-XPSP2$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile CAROLLSEGUIN$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ROGER$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SYLVIE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile D6PSX6G1$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ALEXIS-ENTREPOT$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile YANICKVOSTRO410$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SOUDEUSE-AC0F23$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ALEXISVOSTRO430$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile NOUV_SEBASTIEN$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SEBASTIE-FC2118$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SEBASTIEN-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile PORTESETFENETRE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile DC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile PIERRE-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile PASCAL-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ORDI-PRODUCTION$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile BOULET-D83F7FC3$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile MANDRE-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile CHARLES-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile RAYMOND-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile GEORGES-XP$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile MICHELLE-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile YANICK2-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile SERGE-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile PVANIER-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile VANNAK-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile MELO-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile TAHER-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile JEROMELEMIRE-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile BCK01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile TS01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile CAROLL$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile RICHARD-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ASUSM11AA$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile GEORGE-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile TAHER$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile MELODIE-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile FRANCOIS-PC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile DESKTOP-1MVN7SJ$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile BOULET-9DA6FB24$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile BOULET-CA99C036$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile TAHER-A9D7AA9A6$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile YANICK-E3DE98E2$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile DESKTOP-69LIO7T$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile DESKTOP-JCR17CF$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile BCK02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile mac-alexis$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated) Adobe Flash Player 27 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 27.0.0.130 - Adobe Systems Incorporated) Bitdefender Endpoint Security Tools (HKLM\...\Endpoint Security) (Version: 6.2.25.944 - Bitdefender) CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform) Dyn Updater (HKLM-x32\...\DynUpdater) (Version: 4.1.10 - Dyn, Inc.) Free DWG Viewer 7.0 (HKLM-x32\...\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}) (Version: 7.0.1 - IGC) HP Officejet Pro X551dw Printer Basic Device Software (HKLM\...\{68401FEC-E430-4DA0-8912-FAAAEE790D3D}) (Version: 29.1.973.39397 - Hewlett-Packard Co.) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - ) Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation) OKI Color Swatch Utility (HKLM-x32\...\{A344F95E-E51A-450C-8F84-C940BF61903E}) (Version: 2.15.0000 - Okidata) OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata) PayClock (HKLM\...\{CD257C96-8CF2-46EB-ACE9-0533B6B5F8A1}) (Version: 6.3.1 - Lathem Time Corporation) Printer DCA (HKLM-x32\...\{D8D6CA44-79AE-4CFD-885B-1BD50A77AB34}) (Version: 4.1.20573 - PrintFleet Inc.) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.) VMware Tools (HKLM\...\{2CC6DDCE-708B-416C-8DA6-D1862544668D}) (Version: 9.4.15.2827462 - VMware, Inc.) VMware vSphere Client 4.0 (HKLM-x32\...\{C40698F9-A861-4531-9F8C-FA7F8961375B}) (Version: 4.0.0.12305 - VMware, Inc.) WatchGuard Fireware v11.10.2 for XTM 3 devices (HKLM-x32\...\WatchGuard XTM XTM3 11.10.2_is1) (Version: - WatchGuard Technologies, Inc.) WatchGuard Fireware XTM OS for Edge e-Series 11.3.3 (HKLM-x32\...\WatchGuard Fireware XTM OS for Edge e-Series 11.3.3_is1) (Version: - WatchGuard Technologies, Inc.) WatchGuard Fireware XTM OS for Edge e-Series 11.3.4 (HKLM-x32\...\WatchGuard Fireware XTM OS for Edge e-Series 11.3.4_is1) (Version: - WatchGuard Technologies, Inc.) WatchGuard System Manager 11.11.4 (HKLM-x32\...\WatchGuard System Manager 11.11_is1) (Version: - WatchGuard Technologies, Inc.) WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH) WinSCP 4.3.2 (HKLM-x32\...\winscp3_is1) (Version: 4.3.2 - Martin Prikryl) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-07] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-07] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-07] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-07] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {63EE8552-A444-4BA2-8E1E-C8350D6D412A} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe [2009-07-13] (Microsoft Corporation) Task: {69110D7B-41DC-4E9D-BDD3-C826C7DB613B} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleUsageCollector => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation) Task: {A2E56698-33ED-4BF2-B4EA-A785F189193C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-08] (Adobe Systems Incorporated) Task: {AFECE848-8DA2-461B-B5E6-CBEF57A4DF7D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerRoleCollector => C:\Windows\system32\ceiprole.exe [2010-11-20] (Microsoft Corporation) Task: {C348952E-D9A1-4D2C-8BDE-BCBCE455287E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd) Task: {D49A10DA-0F70-4779-BD96-B2D976A4F2E3} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe [2010-11-20] (Microsoft Corporation) Task: {DD56266B-8394-4D65-B6B4-76159A9CA2DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Administrator.BOULET\Desktop\Symantec Endpoint Protection Manager Console.lnk -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\bin\sesm.bat (No File) ==================== Loaded Modules (Whitelisted) ============== 2017-09-28 00:52 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-09-27 09:58 - 2017-09-27 09:55 - 000280576 _____ () C:\Program Files\Bitdefender\Endpoint Security\txmlutil.dll 2017-09-27 09:58 - 2015-10-06 16:56 - 000279608 _____ () C:\Program Files\Bitdefender\Endpoint Security\zlib.dll 2017-09-27 22:46 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2017-09-27 22:46 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2017-09-27 22:46 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2017-09-27 22:46 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Administrator.BOULET\Downloads\avcertclean_1.1.2.exe:BDU [0] AlternateDataStreams: C:\Users\Administrator.BOULET\Downloads\HijackThis.exe:BDU [0] AlternateDataStreams: C:\Users\Administrator.BOULET\Downloads\mb3-setup-consumer-3.2.2.2029.exe:BDU [0] AlternateDataStreams: C:\Users\Administrator.BOULET\Downloads\spybotsd-2.6.46.exe:BDU [0] AlternateDataStreams: C:\Users\Administrator.BOULET\Downloads\ZHPDiag3.exe:BDU [0] AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD [146] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-606344767-3282361405-600652822-500\...\fenetresconcerto.ca -> hxxp://www.fenetresconcerto.ca IE trusted site: HKU\S-1-5-21-606344767-3282361405-600652822-500\...\meteomedia.com -> hxxp://www.meteomedia.com IE trusted site: HKU\S-1-5-21-606344767-3282361405-600652822-500\...\microsoft.com -> fullproduct.download.microsoft.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-606344767-3282361405-600652822-1117\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-606344767-3282361405-600652822-500\Control Panel\Desktop\\Wallpaper -> DNS Servers: 127.0.0.1 - 192.168.0.250 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe FirewallRules: [{0A7CAA76-DB14-4B18-8063-AC9FB3AF60AE}] => (Allow) LPort=6160 FirewallRules: [{F8B9CC18-E038-4114-9406-728D26B3F1CE}] => (Allow) LPort=6160 FirewallRules: [{F6A15FAE-A30F-445A-9B45-B5BE016B75F3}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{D7C02281-340B-4394-811B-7B0D28D5D348}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{F81B97A5-9517-4971-BE12-56EA17960CEF}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{FDF1C8C0-C6CA-4790-A36E-3FF5DCCB2D57}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{CBD1009C-53FE-4BF8-A840-423BE1BBFB71}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{31828B91-5025-441E-8E1E-1B5F51FF990F}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{BE97A6C4-F45D-4950-93EB-C14389208369}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{6C909B49-0582-4FBA-BEF4-1D96D7E98D60}] => (Allow) C:\Punch\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{CEA9DAD6-5B7E-4921-84DB-2945E438434E}] => (Allow) C:\Program Files\HP\HP Officejet Pro X551dw Printer\Bin\DeviceSetup.exe FirewallRules: [{A54B9C9C-DE70-491A-81F9-23C918531B6A}] => (Allow) C:\Program Files\HP\HP Officejet Pro X551dw Printer\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [FSRM-SrmReports-In (RPC)] => (Allow) %systemroot%\system32\srmhost.exe FirewallRules: [{86AF2FA9-4CC8-4B1F-A403-97ED04B40774}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{0D1823B9-2259-42D3-B859-A22E213EF4E4}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{F7D60CAD-C870-44DC-9E41-F0985870E184}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{B353C5C7-5953-4D91-8B14-1E51FDF1A588}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{2133BDF9-91A5-4DB0-93BB-78ECFF89AA55}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{CE28AE02-32A7-4AC7-8221-CA19C1F003CA}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{6E42465A-3BF1-4FD6-B6AE-B4D47270C01B}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{A35FB6BB-114F-494C-99EF-F8926ABD45D9}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{7CC1ACE1-810E-4DEB-ADB2-BE8CAA39E9E3}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{537C76BF-D08C-486A-8E91-70D4041A4E05}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{DEE53802-DDE9-467E-8A42-50B3078DF0F9}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{8FACDD42-BA21-4674-BA7B-AF9F8BAB444D}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{DC90B11D-333A-4078-BFFD-F40C5473E9F4}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{2891A508-4C6C-4764-9B1C-A8D844CFFFC0}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{34DFAA0E-DFA2-433D-9B29-880E95DDBD40}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{B90D6D62-6E1A-481B-B8CD-7AEF5D8ECBBC}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{9F316D83-6D56-40FD-A092-051B5D685685}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{5410F433-5819-40CE-8DDA-4C38FB32373E}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{05584627-32F9-4F37-A869-9D4DB536600A}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{B3D74FB5-84AD-4A2D-B54A-14EEA2F0B866}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{A9B37260-E174-4C52-9EA0-FB6FE1235BC9}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\PayclockV6.exe FirewallRules: [{714AC6B5-0119-471F-8F00-27C83EF874A9}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\PayclockV6.exe FirewallRules: [{61A58892-7A34-4396-91E4-3CF31ED89917}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\LicenseManager.exe FirewallRules: [{03D58CAE-AE20-4287-A01C-965FA57A063C}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\LicenseManager.exe FirewallRules: [{002277C9-951B-48DF-A19B-699010562504}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\RegistrationWizard.exe FirewallRules: [{78DF469F-8E88-4F0F-8E1F-9FCB575DA845}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\RegistrationWizard.exe FirewallRules: [{BCC86D8F-7DDD-4163-9F76-D75D43F308D1}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\Dbsrv11.exe FirewallRules: [{85A7E890-C5E2-443A-80B6-E124EA5EC177}] => (Allow) C:\Program Files\Lathem Time Corporation\PayClock\Dbsrv11.exe FirewallRules: [{72963966-82AC-4FC0-B948-0E4A565BF289}] => (Allow) LPort=7350 FirewallRules: [{AA6B486C-E326-4BF7-AF22-462404ECB385}] => (Allow) LPort=7350 FirewallRules: [{D41D5223-A37D-4A77-80D5-4CAE6B4CD123}] => (Allow) LPort=7351 FirewallRules: [{8BF4CF94-01F4-469B-B1E9-21B2910F5103}] => (Allow) LPort=7351 FirewallRules: [{E691601F-4D99-4A13-B341-341728303BDD}] => (Allow) LPort=7352 FirewallRules: [{98DF54AA-1CA9-41AB-A9C6-44BF587EE05C}] => (Allow) LPort=7352 FirewallRules: [{298C6E04-E6D9-43ED-A049-41A9043BD185}] => (Allow) LPort=9156 FirewallRules: [{BBBC710D-3613-4972-8B88-8FDA359F5943}] => (Allow) LPort=9156 FirewallRules: [{6785EB7E-1CDD-48BF-85B7-BF76677F6A8D}] => (Allow) LPort=9157 FirewallRules: [{60DC7C5C-BBE7-480C-9799-FB76E9F5BDD6}] => (Allow) LPort=9157 FirewallRules: [{2090102E-0BD6-42D7-8B92-ECC65096927E}] => (Allow) LPort=9158 FirewallRules: [{6F1C3E0F-33A0-4525-A4D8-73F4F2FF31E3}] => (Allow) LPort=9158 FirewallRules: [{4F213D42-0C00-48AD-AE92-892051F99921}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{35CA0366-5603-46D8-8F02-7DCC66E16C3C}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClockInstaller.exe FirewallRules: [{22707390-4796-4803-9CD9-417473BF35CB}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{04601FEC-F55C-4A90-A853-3FAC37FDEF01}] => (Allow) C:\Punch\BakupMars2016\PayClock V631\PayClock V631\PayClock.msi FirewallRules: [{A77AADA8-49A9-4DCC-AE13-74DA2CD0869D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [Smtpsvc-Service-In-TCP] => (Allow) %windir%\system32\inetsrv\inetinfo.exe FirewallRules: [{55A184F8-D29D-4814-8526-EA310E056DBE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/28/2017 08:12:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme CKScanner.exe version 0.0.0.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : e64 Heure de début : 01d33851a9a1373e Heure de fin : 94 Chemin d’accès de l’application : P:\Sebastien\nETTOYAGE\CKScanner.exe ID de rapport : 4e5bf92d-a446-11e7-8e37-000c29df97fd Error: (09/28/2017 07:39:59 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Le programme SDFiles.exe version 2.6.46.135 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance. ID de processus : 868 Heure de début : 01d3384b0f0c6d34 Heure de fin : 47 Chemin d’accès de l’application : C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe ID de rapport : bf35d542-a441-11e7-8e37-000c29df97fd Error: (09/28/2017 04:12:38 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\Tools.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\Tools.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. Error: (09/28/2017 04:12:37 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\SDWinLogon.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. Error: (09/28/2017 04:12:36 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\SDTasks.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. Error: (09/28/2017 04:12:33 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\SDResources.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\SDResources.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. Error: (09/28/2017 04:12:32 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\SDLists.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\SDLists.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. Error: (09/28/2017 04:12:32 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\SDLicense.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. Error: (09/28/2017 04:12:31 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\SDImmunizeLibrary.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. Error: (09/28/2017 04:12:30 AM) (Source: SideBySide) (EventID: 9) (User: ) Description: La création du contexte d’activation a échoué pour « c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll ». Erreur dans le fichier de manifeste ou de stratégie « c:\program files (x86)\spybot - search & destroy 2\SDFileScanLibrary.dll » à la ligne 2. L’élément racine du fichier manifeste doit être assembly. System errors: ============= Error: (09/28/2017 08:44:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: L’alerte fatale suivante a été générée : 10. L’état d’erreur interne est 1203. Error: (09/28/2017 08:44:19 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: L’alerte fatale suivante a été générée : 10. L’état d’erreur interne est 1203. Error: (09/28/2017 08:44:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: L’alerte fatale suivante a été générée : 10. L’état d’erreur interne est 1203. Error: (09/28/2017 08:44:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: L’alerte fatale suivante a été générée : 10. L’état d’erreur interne est 1203. Error: (09/28/2017 07:07:53 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Le pilote Send to Microsoft OneNote 15 Driver requis pour l’imprimante Send To OneNote 2013 est inconnu. Contactez l’administrateur pour installer le pilote avant de vous reconnecter. Error: (09/28/2017 07:07:46 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Le pilote HP Universal Printing PS (v5.0) requis pour l’imprimante !!DC01!HP_ETIQ_2 est inconnu. Contactez l’administrateur pour installer le pilote avant de vous reconnecter. Error: (09/28/2017 07:07:43 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Le pilote HP Universal Printing PS (v5.0) requis pour l’imprimante !!Bouletsrv!HP_ETIQ_2 est inconnu. Contactez l’administrateur pour installer le pilote avant de vous reconnecter. Error: (09/28/2017 07:07:27 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Le pilote HP Universal Printing PS (v5.0) requis pour l’imprimante !!BOULETSRV!HP_Job_2 est inconnu. Contactez l’administrateur pour installer le pilote avant de vous reconnecter. Error: (09/28/2017 07:07:15 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Le pilote Datamax-O'Neil M-4206 Mark II requis pour l’imprimante !!PASCAL-PC!Datamax-O'Neil M-4206 Mark II est inconnu. Contactez l’administrateur pour installer le pilote avant de vous reconnecter. Error: (09/28/2017 07:07:13 AM) (Source: UmrdpService) (EventID: 1111) (User: ) Description: Le pilote HP LaserJet Professional P1606dn requis pour l’imprimante !!PVANIER-PC!HP LaserJet Professional P1606dn est inconnu. Contactez l’administrateur pour installer le pilote avant de vous reconnecter. ==================== Memory info =========================== Processor: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz Percentage of memory in use: 75% Total physical RAM: 4095.55 MB Available physical RAM: 1013.33 MB Total Virtual: 8189.29 MB Available Virtual: 4082.55 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:179.9 GB) (Free:11.04 GB) NTFS Drive f: () (Network) (Total:179.9 GB) (Free:11.04 GB) NTFS Drive h: () (Network) (Total:179.9 GB) (Free:11.04 GB) NTFS Drive p: () (Network) (Total:179.9 GB) (Free:11.04 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 180 GB) (Disk ID: 54C1B2A4) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=179.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================