Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Administrator (15-02-2019 15:50:32)
Running from C:\Users\Administrator\Desktop
Windows Server 2012 R2 Standard (X64) (2017-11-05 12:50:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3531997757-2375627638-2511237956-500 - Administrator - Enabled)
Guest (S-1-5-21-3531997757-2375627638-2511237956-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
VVV (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
SpiceWorks (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
BU_Admin (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Sacha (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Lara (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Mélanie (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
svc.sqladmin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
DC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SPICEWORKS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W10-001$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VIDEO$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
PRTG$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W7-TEMPLATE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
TSGATEWAY$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
DC02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LANSWEEPER$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUSHOME$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2008$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2014$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2016$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2017$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WKS-VVV$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
GATE01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LAB$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Administrative Templates (.admx) for Windows 10 Fall Creators Update (HKLM-x32\...\{4EB5CC28-4B50-4EE5-A24A-725C4714EFE9}) (Version: 1.0 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
SharePoint Online Management Shell (HKLM\...\{95160000-115B-0409-1000-0000000FF1CE}) (Version: 16.0.6906.1200 - Microsoft Corporation)
VMware Tools (HKLM\...\{092CAFE8-7A43-4C32-82C6-A5547F93417F}) (Version: 10.2.1.8267844 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe (Microsoft Windows -> Microsoft Corporation)
Task: {E17CE1E2-2876-42D3-B6F5-40A269D1D3C4} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Daily Collector => %systemroot%\system32\cscript.exe %systemroot%\system32\sildailycollector.vbs
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-14 08:58 - 2018-04-14 08:58 - 000454584 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp
DNS Servers: 127.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VVNET)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VVNET)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: VVNET)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VVNET)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VVNET)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: VVNET)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Error: (02/15/2019 03:41:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (02/15/2019 03:40:25 PM) (Source: MSOIDSVC.EXE) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (02/15/2019 03:40:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Alias Manager and Ticket Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
Percentage of memory in use: 86%
Total physical RAM: 1023.49 MB
Available physical RAM: 133.3 MB
Total Virtual: 1487.46 MB
Available Virtual: 267.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:19.66 GB) (Free:9.42 GB) NTFS
\\?\Volume{adef0c4e-c21b-11e7-80b4-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 20 GB) (Disk ID: B49B87CE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Administrator (15-02-2019 15:50:32)
Running from C:\Users\Administrator\Desktop
Windows Server 2012 R2 Standard (X64) (2017-11-05 12:50:48)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3531997757-2375627638-2511237956-500 - Administrator - Enabled)
Guest (S-1-5-21-3531997757-2375627638-2511237956-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
VVV (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
SpiceWorks (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
BU_Admin (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Sacha (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Lara (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Mélanie (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
svc.sqladmin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
DC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SPICEWORKS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W10-001$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VIDEO$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
PRTG$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W7-TEMPLATE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
TSGATEWAY$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
DC02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LANSWEEPER$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUSHOME$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2008$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2014$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2016$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2017$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WKS-VVV$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
GATE01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LAB$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Administrative Templates (.admx) for Windows 10 Fall Creators Update (HKLM-x32\...\{4EB5CC28-4B50-4EE5-A24A-725C4714EFE9}) (Version: 1.0 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{D8AB93B0-6FBF-44A0-971F-C0669B5AE6DD}) (Version: 7.250.4556.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
SharePoint Online Management Shell (HKLM\...\{95160000-115B-0409-1000-0000000FF1CE}) (Version: 16.0.6906.1200 - Microsoft Corporation)
VMware Tools (HKLM\...\{092CAFE8-7A43-4C32-82C6-A5547F93417F}) (Version: 10.2.1.8267844 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {22F8933B-6077-471D-A4C3-56C7647164AD} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
Task: {651FF2A7-84D4-4AE6-9231-BB0411D3A64F} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Server\ServerCeipAssistant => C:\Windows\system32\ceipdata.exe (Microsoft Windows -> Microsoft Corporation)
Task: {787E2442-1350-4D4B-B3DF-F73EDF626879} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {9536335E-476B-42F7-8624-2308CA0F222B} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe (Microsoft Windows -> Microsoft Corporation)
Task: {E17CE1E2-2876-42D3-B6F5-40A269D1D3C4} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Daily Collector => %systemroot%\system32\cscript.exe %systemroot%\system32\sildailycollector.vbs
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-14 08:58 - 2018-04-14 08:58 - 000454584 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMINI~1\AppData\Local\Temp\2\BGInfo.bmp
DNS Servers: 127.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC] => (Allow) %systemroot%\system32\scshost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SCW-Allow-Inbound-Access-To-ScsHost-TCP-RPC-EndPointMapper] => (Allow) %systemroot%\system32\scshost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VVNET)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VVNET)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (02/15/2019 03:49:07 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: VVNET)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1500) (User: VVNET)
Description: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.
Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: VVNET)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Error: (02/15/2019 03:42:35 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: VVNET)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
Error: (02/15/2019 03:41:17 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (02/15/2019 03:40:25 PM) (Source: MSOIDSVC.EXE) (EventID: 0) (User: )
Description: Event-ID 0
System errors:
=============
Error: (02/15/2019 03:40:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Alias Manager and Ticket Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer VC.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
Error: (02/15/2019 03:29:49 PM) (Source: DCOM) (EventID: 10028) (User: VVNET)
Description: DCOM was unable to communicate with the computer SpiceWorks.VVNET.local using any of the configured protocols; requested by PID 3c8 (C:\Windows\system32\ServerManager.exe).
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
Percentage of memory in use: 86%
Total physical RAM: 1023.49 MB
Available physical RAM: 133.3 MB
Total Virtual: 1487.46 MB
Available Virtual: 267.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:19.66 GB) (Free:9.42 GB) NTFS
\\?\Volume{adef0c4e-c21b-11e7-80b4-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 20 GB) (Disk ID: B49B87CE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=19.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================