Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by administrator (15-02-2019 16:06:43)
Running from \\192.168.1.22\public\SOSVIRUS\Soft
Windows Server 2016 Standard (X64) (2018-11-10 13:16:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2128993047-2488024704-32700118-500 - Administrator - Enabled)
Guest (S-1-5-21-2128993047-2488024704-32700118-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
VVV (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
SpiceWorks (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
BU_Admin (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Sacha (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Lara (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Mélanie (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
svc.sqladmin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
DC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SPICEWORKS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W10-001$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VIDEO$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
PRTG$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W7-TEMPLATE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
TSGATEWAY$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
DC02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LANSWEEPER$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUSHOME$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2008$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2014$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2016$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2017$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WKS-VVV$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
GATE01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LAB$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Administrative Templates (ADMX) for Windows 10 (HKLM-x32\...\{166A4A62-D19E-4DFB-8499-FBA08716D847}) (Version: 1.0 - Microsoft Corporation)
Administrative Templates (ADMX) for Windows 10 Version 1511 (HKLM-x32\...\{39E58F1A-1DE1-4B60-8ECF-B54E2580D59C}) (Version: 1.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
VMware Tools (HKLM\...\{092CAFE8-7A43-4C32-82C6-A5547F93417F}) (Version: 10.2.1.8267844 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {18CFC687-ED43-4982-9DE7-FBC9E36BFEF6} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {35ECAB80-112B-41D6-848D-F81316F38B41} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {3E08592F-DD5E-4277-90D5-33D7FD84E0B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {41600EBB-B4B7-472A-9F58-8AA04A7F8984} - System32\Tasks\Microsoft\Windows\Network Controller\SDN Diagnostics Task
Task: {423523CC-C7A9-46CD-B449-0C6C806C3F8D} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {6C4B3AC3-D155-4118-A777-F006EB7D1D98} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7601C950-8C68-4D6C-9351-788E74E39B0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C17C986F-BE76-456F-9803-49510F0BBD62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DF1BA6A6-82D9-4DF9-A787-7804CDFA74B5} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe (Microsoft Windows -> Microsoft Corporation)
Task: {E0A67649-21C8-4620-81A8-EACF01A98AC3} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {F0240DDF-FDD2-46B9-8664-34A1B0825CD3} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-14 08:40 - 2018-04-14 08:40 - 000454584 _____ () C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll
2018-04-14 08:58 - 2018-04-14 08:58 - 000454584 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
2016-07-16 14:18 - 2016-07-16 14:18 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2018-10-18 20:44 - 2018-10-10 09:31 - 002681616 _____ () C:\Windows\system32\CoreUIComponents.dll
2018-02-02 19:36 - 2018-02-02 19:36 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2018-02-02 19:37 - 2018-02-02 19:37 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2018-10-18 18:48 - 2018-08-07 05:12 - 009847808 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-10-18 18:50 - 2018-08-07 05:03 - 001402368 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-18 18:51 - 2018-08-07 05:03 - 000757760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-10-18 18:48 - 2018-08-07 05:04 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-10-18 18:48 - 2018-08-07 05:11 - 004854272 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 14:23 - 2016-07-16 14:21 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.10.10 - 192.168.11.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe No File
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2019 08:02:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c0b765fd-6e2e-42f9-80d7-4a7ca0d118cf;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/14/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/13/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/12/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/11/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/10/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/09/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/08/2019 08:41:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=UserLogon;SessionId=4
System errors:
=============
Error: (02/15/2019 03:06:09 PM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer VIDEO failed to authenticate.
The name(s) of the account(s) referenced in the security database is
VIDEO$. The following error occurred:
Access is denied.
Error: (02/15/2019 03:06:09 PM) (Source: NETLOGON) (EventID: 5805) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The following error occurred:
Access is denied.
Error: (02/15/2019 03:01:17 PM) (Source: NETLOGON) (EventID: 5723) (User: )
Description: The session setup from computer 'TEMPLATE-W10' failed because the security database
does not contain a trust account 'TEMPLATE-W10$' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer
and account, this may be a transient issue that doesn't require any action
at this time.
If this is a Read-Only Domain Controller and 'TEMPLATE-W10$' is a legitimate machine
account for the computer 'TEMPLATE-W10' then 'TEMPLATE-W10' should be marked cacheable for this
location if appropriate or otherwise ensure connectivity to a domain controller
capable of servicing the request (for example a writable domain controller).
Otherwise, the following steps may be taken to resolve this problem:
If 'TEMPLATE-W10$' is a legitimate machine account for the computer 'TEMPLATE-W10', then 'TEMPLATE-W10'
should be rejoined to the domain.
If 'TEMPLATE-W10$' is a legitimate interdomain trust account, then the trust should
be recreated.
Otherwise, assuming that 'TEMPLATE-W10$' is not a legitimate account, the following
action should be taken on 'TEMPLATE-W10':
If 'TEMPLATE-W10' is a Domain Controller, then the trust associated with 'TEMPLATE-W10$' should be deleted.
If 'TEMPLATE-W10' is not a Domain Controller, it should be disjoined from the domain.
Error: (02/15/2019 02:30:52 PM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The name(s) of the account(s) referenced in the security database is
TEMPLATE-W10$. The following error occurred:
Access is denied.
Error: (02/14/2019 02:38:50 PM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The name(s) of the account(s) referenced in the security database is
TEMPLATE-W10$. The following error occurred:
Access is denied.
Error: (01/18/2019 04:24:53 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LAB due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (01/18/2019 04:24:37 AM) (Source: NETLOGON) (EventID: 5783) (User: )
Description: The session setup to the Windows Domain Controller \\DCLAB.vvnet.lab for the domain LAB
is not responsive. The current RPC call from Netlogon on \\DC02 to \\DCLAB.vvnet.lab has been cancelled.
Error: (01/18/2019 04:14:46 AM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The name(s) of the account(s) referenced in the security database is
TEMPLATE-W10$. The following error occurred:
Access is denied.
Windows Defender:
===================================
Date: 2019-01-04 15:12:16.353
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C854291A-9CF7-428C-88B0-D295387B4116}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-10-26 23:49:46.403
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8A1E5137-16CD-4A73-B08F-ABC822DCB3DB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-10-19 05:26:56.669
Description:
Windows Defender has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 57587451
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.64.0, AS: 1.279.64.0
Engine Version: 1.1.15400.4
Fidelity Label: Low
Target File Name:
Date: 2018-11-10 14:03:04.244
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.279.572.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.4
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-10-18 19:29:22.716
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-10-18 19:29:22.713
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
Percentage of memory in use: 46%
Total physical RAM: 4095.42 MB
Available physical RAM: 2196.84 MB
Total Virtual: 4799.42 MB
Available Virtual: 2962.92 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39.51 GB) (Free:17.16 GB) NTFS
\\?\Volume{c380b0e1-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 40 GB) (Disk ID: C380B0E1)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by administrator (15-02-2019 16:06:43)
Running from \\192.168.1.22\public\SOSVIRUS\Soft
Windows Server 2016 Standard (X64) (2018-11-10 13:16:10)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2128993047-2488024704-32700118-500 - Administrator - Enabled)
Guest (S-1-5-21-2128993047-2488024704-32700118-501 - Limited - Disabled)
krbtgt (0 - Limited - Disabled) => %systemroot%\system32\config\systemprofile
VVV (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
SpiceWorks (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
BU_Admin (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Sacha (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Lara (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
Mélanie (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
svc.sqladmin (0 - Administrator - Enabled) => %systemroot%\system32\config\systemprofile
DC01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VC$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SPICEWORKS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W10-001$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
VIDEO$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
PRTG$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
W7-TEMPLATE$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUS$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
TSGATEWAY$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
DC02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LANSWEEPER$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WSUSHOME$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2008$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2014$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2016$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
SQL2017$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
WKS-VVV$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
CS02$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
GATE01$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
LAB$ (0 - Limited - Enabled) => %systemroot%\system32\config\systemprofile
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Administrative Templates (ADMX) for Windows 10 (HKLM-x32\...\{166A4A62-D19E-4DFB-8499-FBA08716D847}) (Version: 1.0 - Microsoft Corporation)
Administrative Templates (ADMX) for Windows 10 Version 1511 (HKLM-x32\...\{39E58F1A-1DE1-4B60-8ECF-B54E2580D59C}) (Version: 1.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
VMware Tools (HKLM\...\{092CAFE8-7A43-4C32-82C6-A5547F93417F}) (Version: 10.2.1.8267844 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {18CFC687-ED43-4982-9DE7-FBC9E36BFEF6} - System32\Tasks\Microsoft\Windows\PLA\Server Manager Performance Monitor => %systemroot%\system32\rundll32.exe %systemroot%\system32\pla.dll,PlaHost "Server Manager Performance Monitor" "$(Arg0)"
Task: {35ECAB80-112B-41D6-848D-F81316F38B41} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {3E08592F-DD5E-4277-90D5-33D7FD84E0B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {41600EBB-B4B7-472A-9F58-8AA04A7F8984} - System32\Tasks\Microsoft\Windows\Network Controller\SDN Diagnostics Task
Task: {423523CC-C7A9-46CD-B449-0C6C806C3F8D} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Configuration => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd configure
Task: {6C4B3AC3-D155-4118-A777-F006EB7D1D98} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {7601C950-8C68-4D6C-9351-788E74E39B0A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {C17C986F-BE76-456F-9803-49510F0BBD62} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1901.7-0\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DF1BA6A6-82D9-4DF9-A787-7804CDFA74B5} - System32\Tasks\Microsoft\Windows\Server Manager\ServerManager => C:\Windows\system32\ServerManagerLauncher.exe (Microsoft Windows -> Microsoft Corporation)
Task: {E0A67649-21C8-4620-81A8-EACF01A98AC3} - System32\Tasks\Microsoft\Windows\Software Inventory Logging\Collection => %systemroot%\system32\cmd.exe /d /c %systemroot%\system32\silcollector.cmd publish
Task: {F0240DDF-FDD2-46B9-8664-34A1B0825CD3} - System32\Tasks\Microsoft\Windows\Server Manager\CleanupOldPerfLogs => %systemroot%\system32\cscript.exe /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-14 08:40 - 2018-04-14 08:40 - 000454584 _____ () C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll
2018-04-14 08:58 - 2018-04-14 08:58 - 000454584 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
2016-07-16 14:18 - 2016-07-16 14:18 - 000231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2018-10-18 20:44 - 2018-10-10 09:31 - 002681616 _____ () C:\Windows\system32\CoreUIComponents.dll
2018-02-02 19:36 - 2018-02-02 19:36 - 000134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2018-02-02 19:37 - 2018-02-02 19:37 - 000474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2018-10-18 18:48 - 2018-08-07 05:12 - 009847808 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-10-18 18:50 - 2018-08-07 05:03 - 001402368 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-10-18 18:51 - 2018-08-07 05:03 - 000757760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2018-10-18 18:48 - 2018-08-07 05:04 - 002424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2018-10-18 18:48 - 2018-08-07 05:11 - 004854272 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 14:23 - 2016-07-16 14:21 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2894946948-3597676906-2984582856-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.10.10 - 192.168.11.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [ComPlusRemoteAdministration-DCOM-In] => (Allow) %systemroot%\system32\dllhost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SLBM-MUX-IN-TCP] => (Allow) %SystemRoot%\system32\MuxSvcHost.exe No File
FirewallRules: [NTFRS-NTFRSSvc-In-TCP] => (Allow) %SystemRoot%\system32\NTFRS.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-In] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [ADWS-TCP-Out] => (Allow) %systemroot%\ADWS\Microsoft.ActiveDirectory.WebServices.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DFSR-DFSRSvc-In-TCP] => (Allow) %SystemRoot%\system32\dfsrs.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-DNS-UDP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-RPC-TCP-In] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-TCP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [DNSSrv-UDP-Out] => (Allow) %systemroot%\System32\dns.exe (Microsoft Windows -> Microsoft Corporation)
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2019 08:02:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c0b765fd-6e2e-42f9-80d7-4a7ca0d118cf;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/14/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/13/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/12/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/11/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/10/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/09/2019 08:41:30 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=TimerEvent
Error: (01/08/2019 08:41:31 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007232B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=8c1c5410-9f39-4805-8c9d-63a07706358f;NotificationInterval=1440;Trigger=UserLogon;SessionId=4
System errors:
=============
Error: (02/15/2019 03:06:09 PM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer VIDEO failed to authenticate.
The name(s) of the account(s) referenced in the security database is
VIDEO$. The following error occurred:
Access is denied.
Error: (02/15/2019 03:06:09 PM) (Source: NETLOGON) (EventID: 5805) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The following error occurred:
Access is denied.
Error: (02/15/2019 03:01:17 PM) (Source: NETLOGON) (EventID: 5723) (User: )
Description: The session setup from computer 'TEMPLATE-W10' failed because the security database
does not contain a trust account 'TEMPLATE-W10$' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer
and account, this may be a transient issue that doesn't require any action
at this time.
If this is a Read-Only Domain Controller and 'TEMPLATE-W10$' is a legitimate machine
account for the computer 'TEMPLATE-W10' then 'TEMPLATE-W10' should be marked cacheable for this
location if appropriate or otherwise ensure connectivity to a domain controller
capable of servicing the request (for example a writable domain controller).
Otherwise, the following steps may be taken to resolve this problem:
If 'TEMPLATE-W10$' is a legitimate machine account for the computer 'TEMPLATE-W10', then 'TEMPLATE-W10'
should be rejoined to the domain.
If 'TEMPLATE-W10$' is a legitimate interdomain trust account, then the trust should
be recreated.
Otherwise, assuming that 'TEMPLATE-W10$' is not a legitimate account, the following
action should be taken on 'TEMPLATE-W10':
If 'TEMPLATE-W10' is a Domain Controller, then the trust associated with 'TEMPLATE-W10$' should be deleted.
If 'TEMPLATE-W10' is not a Domain Controller, it should be disjoined from the domain.
Error: (02/15/2019 02:30:52 PM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The name(s) of the account(s) referenced in the security database is
TEMPLATE-W10$. The following error occurred:
Access is denied.
Error: (02/14/2019 02:38:50 PM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The name(s) of the account(s) referenced in the security database is
TEMPLATE-W10$. The following error occurred:
Access is denied.
Error: (01/18/2019 04:24:53 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LAB due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (01/18/2019 04:24:37 AM) (Source: NETLOGON) (EventID: 5783) (User: )
Description: The session setup to the Windows Domain Controller \\DCLAB.vvnet.lab for the domain LAB
is not responsive. The current RPC call from Netlogon on \\DC02 to \\DCLAB.vvnet.lab has been cancelled.
Error: (01/18/2019 04:14:46 AM) (Source: NETLOGON) (EventID: 5722) (User: )
Description: The session setup from the computer TEMPLATE-W10 failed to authenticate.
The name(s) of the account(s) referenced in the security database is
TEMPLATE-W10$. The following error occurred:
Access is denied.
Windows Defender:
===================================
Date: 2019-01-04 15:12:16.353
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {C854291A-9CF7-428C-88B0-D295387B4116}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-10-26 23:49:46.403
Description:
Windows Defender scan has been stopped before completion.
Scan ID: {8A1E5137-16CD-4A73-B08F-ABC822DCB3DB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2018-10-19 05:26:56.669
Description:
Windows Defender has detected a suspicious behavior.
Name: Informational:Behavior/ModifiedKernel
ID: 57587451
Severity: Low
Category: Suspicious Behavior
Path Found: process:_0
Detection Origin: Unknown
Detection Type: Suspicious
Detection Source: Real-Time Protection
Status: Executing
Process Name: Unknown
Signature ID: 717259538435
Signature Version: AV: 1.279.64.0, AS: 1.279.64.0
Engine Version: 1.1.15400.4
Fidelity Label: Low
Target File Name:
Date: 2018-11-10 14:03:04.244
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.279.572.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.4
Error code: 0x8024001e
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-10-18 19:29:22.716
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2018-10-18 19:29:22.713
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\Drivers\WdBoot.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
Percentage of memory in use: 46%
Total physical RAM: 4095.42 MB
Available physical RAM: 2196.84 MB
Total Virtual: 4799.42 MB
Available Virtual: 2962.92 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39.51 GB) (Free:17.16 GB) NTFS
\\?\Volume{c380b0e1-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 40 GB) (Disk ID: C380B0E1)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=39.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================