Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017 Ran by s233864 (25-01-2017 11:51:11) Running from C:\Users\S233864\Downloads Windows 7 Enterprise Service Pack 1 (X64) (2016-03-23 09:44:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-133172730-405593835-1247638868-500 - Administrator - Enabled) Guest1 (S-1-5-21-133172730-405593835-1247638868-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7 Zip 16.0 R01 (HKLM\...\{E98C2365-9997-4ADA-9928-DEA5F3B1ABBA}) (Version: 16.0 - Igor Pavlov) Able2Extract Professional 10.0 (HKLM\...\{06065AB9-5917-42b6-95B0-A62E469456A6}_is1) (Version: 10.0 - Investintech.com Inc.) Adobe Acrobat Reader DC - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated) Adobe Flash Player 24 ActiveX (HKLM-x32\...\{58E533B1-9B29-432D-BB38-25B489C1D53B}) (Version: 24.0.0.186 - Adobe Systems Incorporated) Adobe Flash Player 24 NPAPI (HKLM-x32\...\{D633DF27-FC9E-4FDA-A158-CB36AE83671D}) (Version: 24.0.0.186 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\{C1F3739C-D31D-4062-8788-29261C4A2A68}) (Version: 12.2.4.194 - Adobe Systems, Inc) Atos PKI Basic Client 5.2 English (HKLM\...\{E3D666E2-7BB3-46CF-A71C-DE767FEFA1E7}) (Version: 5.2.015 - Atos IT Solutions and Services GmbH) Atos Screensaver (HKLM-x32\...\{C42F5A69-29C9-48CC-A98B-231EE131C83E}) (Version: 1.0.0.0 - Vogel Juergen) atos_screensaver (HKLM-x32\...\atos_screensaver) (Version: - ) calibre (HKLM-x32\...\{199305C5-5ECD-4248-96DC-F9729A7F8AF8}) (Version: 2.66.0 - Kovid Goyal) CardOS_SmartOTP (HKLM\...\{89619602-D751-49DD-850C-C868E86322F5}) (Version: 1.0.3.0 - Atos IT Solutions and Services GmbH) CCleaner (HKLM\...\CCleaner) (Version: 5.26 - Piriform) Circuit (HKU\S-1-5-21-1014176260-98930707-4043447730-223147\...\Circuit) (Version: 1.1.7702 - Unify) Circuit Contact Card Provider (x32 Version: 1.0.58.1 - Unify Software and Solutions GmbH & Co. KG) Hidden Circuit for Outlook (HKU\S-1-5-21-1014176260-98930707-4043447730-223147\...\{0ec9cd1b-30ad-45f8-938e-4fe2900982be}) (Version: 1.0.58.1 - Unify Software and Solutions GmbH & Co. KG) Circuit for Outlook (x32 Version: 1.0.58.1 - Unify Software and Solutions GmbH & Co. KG) Hidden CircuitRealTimePlugin (HKLM-x32\...\{17125EDE-6254-49E0-A57B-CDC044812E8F}) (Version: 0.8.877 - Unify_inc) Cisco WebEx Meetings (HKU\S-1-5-21-1014176260-98930707-4043447730-223147\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix online plug-in (Web) (HKLM-x32\...\{199C20D6-10D3-4210-B361-4760209F56AE}) (Version: 12.1.0.30 - Citrix Systems, Inc.) Conferencing AppShare Plugin 7.7 (HKLM-x32\...\{960C5CA0-9D6C-406B-A506-CB2044C82A01}) (Version: 7.7 - Conferencing Appshare) Configuration Manager Client (Version: 5.00.8325.1000 - Microsoft Corporation) Hidden Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.6 - Autonomy Corporation plc) CutePDF Writer 3.1 (HKLM\...\CutePDF Writer Installation) (Version: 3.1 - Acro Software Inc.) Deaktivierungs-Add-on für Browser von Google Analytics (HKLM\...\{9F540EA8-086E-4D53-B845-A06E6903DED6}) (Version: 0.9.6.0 - Google Inc.) Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.112 - ALPS ELECTRIC CO., LTD.) FlacSquisher 1.3.6 (HKLM-x32\...\FlacSquisher) (Version: 1.3.6 - FlacSquisher) Free WMA MP3 Converter (HKLM-x32\...\Free WMA MP3 Converter) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GrabIt 1.7.3 Beta (build 1010) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes) Internet Explorer 11 (HKLM\...\{5B8D5E48-C792-4517-B2DA-0A9CEC89D427}) (Version: 11.0.9600.17959 - Microsoft) Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle) Juniper Installer Service (HKLM-x32\...\{447D8B58-880C-4627-BF57-9C408219313E}) (Version: 2.1.2.5973 - Juniper Networks) Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks) Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes) McAfee Agent (HKLM-x32\...\{8A4E2C26-668D-40D1-B2CF-9F0003E6C6BA}) (Version: 4.8.0.1938 - McAfee) McAfee Agent (x32 Version: 4.8.0.1938 - McAfee, Inc.) Hidden McAfee Host Intrusion Prevention (Version: 8.00.0600 - McAfee, Inc.) Hidden McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4521 - Microsoft Corporation) Microsoft Lync 2010, MUI (HKLM\...\{CEECF731-3F08-4210-8073-7E87F58C01D3}) (Version: 4.0.7577.0 - Microsoft Corporation) Microsoft Office Live Meeting 2007 R01 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proofing Tools Kit Compilation 2010 (HKLM-x32\...\Office14.PROOFKIT) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) OS_Settings_for_ZTI_EnergyTaskbarExplorerViewPreferences (HKLM-x32\...\{4690AC28-8ABD-41B5-AD9F-22C2ECF63AC6}) (Version: 1.0.0.0 - atos) PKCS#11-Wrapper for Windows 7 (HKLM\...\{FD6BCDD9-505F-403F-929D-BAA59C5C6BE9}) (Version: 1.0.0 - Atos) PKI card activation (HKLM\...\{BC76ACCC-66DF-456D-83FA-A28B9AD27861}) (Version: 1.0.0.1 - ATOS) Process Stopper (x32 Version: 1.0.58.1 - Unify Software and Solutions GmbH & Co. KG) Hidden Python 3.5.2 (64-bit) (HKU\S-1-5-21-1014176260-98930707-4043447730-223147\...\{d46281ac-f66b-4246-8cfe-34f61512982f}) (Version: 3.5.2150.0 - Python Software Foundation) Python 3.5.2 Core Interpreter (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Development Libraries (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Documentation (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Executables (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 pip Bootstrap (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Standard Library (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Tcl/Tk Support (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Test Suite (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python 3.5.2 Utility Scripts (64-bit) (Version: 3.5.2150.0 - Python Software Foundation) Hidden Python Launcher (HKLM-x32\...\{0276F61C-30FC-46D4-BEFE-0EA959C4D691}) (Version: 3.5.2121.0 - Python Software Foundation) QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements) Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6049 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Proofing Tools Kit (KB2687458) 32-Bit Edition (HKLM-x32\...\{90140000-004B-0000-0000-0000000FF1CE}_Office14.PROOFKIT_{C380F832-0AA6-42C4-BB48-E92C91EE814E}) (Version: - Microsoft) Siemens Settings for Office Professional Plus 2010 (x32 Version: 1.0.0.0 - Microsoft) Hidden Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) SuperCopier2 (HKLM-x32\...\SuperCopier2) (Version: - ) SWI Software Package Runtime (HKLM-x32\...\{7E1469E8-126D-4EB0-989C-7B4F274A1030}) (Version: 1.0.0.0 - Siemens AG) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1014176260-98930707-4043447730-223147\...\ChromeHTML: -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02FDB563-A1B9-4CCC-A0C1-9E4F02BFE227} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-02-16] (Realtek Semiconductor) Task: {3DFD06D9-E855-40DA-B857-A972EB543194} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2015-10-27] (Microsoft Corporation) Task: {4598ECD4-43AC-42FD-B226-AF0B0B00681D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-21] (Piriform Ltd) Task: {690C5F67-6113-47B6-AA2B-51DD09B025C3} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {C085C434-FFF3-4059-B8A8-82C565566C00} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated) Task: {C58925FE-4A9C-4105-8CE3-6226B7FE2EB3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-29] (Adobe Systems Incorporated) Task: {D80876FB-7CE5-4CA7-B8E0-A0D62F68797E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-03] (Google Inc.) Task: {E54C427F-986B-4DE8-9D1F-AA99C5A65D47} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-03] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) WMI_ActiveScriptEventConsumer_DellCommandPowerManagerAlertEventConsumer: WMI_ActiveScriptEventConsumer_DellCommandPowerManagerPolicyChangeEventConsumer: ShortcutWithArgument: C:\Users\S233864\Desktop\Pre_Scan_Donate.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxps://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN ShortcutWithArgument: C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Circuit Headset Integration by Unify.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=nbleppgjjifiggbhoeejbmdhfjjliain ShortcutWithArgument: C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Google Hangouts.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=knipolnnllmklapflnccelgolnpehhpl ShortcutWithArgument: C:\Users\S233864\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl ==================== Loaded Modules (Whitelisted) ============== 2011-08-05 05:36 - 2011-08-05 05:36 - 00229376 _____ () C:\Windows\system32\gmp4_2_1_64.dll 2016-06-16 10:21 - 2016-01-22 15:57 - 00089008 _____ () C:\Windows\System32\cpwmon64.dll 2017-01-25 10:10 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2017-01-25 10:10 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2017-01-25 10:10 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2016-10-20 00:35 - 2016-10-20 00:35 - 00600584 _____ () C:\Program Files (x86)\Unify\Circuit Contact Card Provider\circuitcontactcard.exe 2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll 2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2016-12-14 09:52 - 2016-12-08 08:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll 2016-12-14 09:52 - 2016-12-08 08:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1014176260-98930707-4043447730-223147\Control Panel\Desktop\\Wallpaper -> C:\Program Files\ManagedPC\Customer\images\Wallpaper_Atos_16x9.jpg DNS Servers: 213.244.0.15 - 213.244.0.16 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 4) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe FirewallRules: [{6B18EC5F-3B3B-48ED-B6DA-7F74088CA776}] => C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [{D892D8DE-D684-4749-AE02-AD124932DAAD}] => C:\Program Files (x86)\Microsoft Lync\UcMapi.exe FirewallRules: [{F8A85157-4153-4094-B88E-F180F160F0B2}] => C:\Program Files\Microsoft Lync\UcMapi64.exe FirewallRules: [{F6D74C7E-49EC-418E-9746-4E4ADF59BC30}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{1F354E18-4DAD-441F-99F1-55278845194C}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{E2CA9FB9-79E4-4E81-9037-DB180E3E9C67}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{EB1133C4-84DF-40BD-90BB-4A5DA5511679}] => C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe FirewallRules: [{52E2EA7F-5877-4ACF-B7E9-6003CFF32B74}] => C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{373A5F0B-E653-464E-8B74-4464261271C1}] => C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{756F7C68-B79B-4F33-BB23-994D3FC3C8F4}] => C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{2EE8E1E4-676A-4775-BC67-25035A1FE99B}] => C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{120F87B6-3ABF-43AA-B945-E39EF62E1185}] => C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{8F33B07B-188D-4427-8A3C-5F0D8FEC0F8B}] => C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{72A881B8-D348-4E1E-80E3-90F39FF15193}] => C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{E67EFAE0-4C7B-4854-A362-376A8C2F4694}] => C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{47176573-CEBE-48AE-8597-A079E90407CD}] => C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{9C8A379A-93C0-4B50-BC64-F557D1608876}] => C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{65CC9694-3184-4303-8769-A93B2F386C20}] => C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [{6797785A-8F09-4BB4-8F59-423574976054}] => C:\Program Files (x86)\Microsoft Lync\communicator.exe FirewallRules: [{B554C917-99A1-4EBD-B22F-B70A5C6180D0}] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe FirewallRules: [{A89FA4BB-96B3-472C-A6C7-082CA51CA55C}] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe FirewallRules: [{A6A904FA-BC20-405B-A029-89D68DF8D3CF}] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe FirewallRules: [{675FEC7A-F808-4E30-BE43-5ED1200A2A5A}] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe FirewallRules: [{2384BA6D-FF3D-41B7-8955-5F4D6A54E0BE}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{6868ECB6-EB68-4C0D-A7BB-538DA24DA984}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 25-12-2016 18:09:55 Windows Update 29-12-2016 17:31:38 Windows Update 19-01-2017 12:59:56 Scheduled Checkpoint 22-01-2017 14:31:08 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/25/2017 11:09:48 AM) (Source: McLogEvent) (EventID: 5051) (User: NT AUTHORITY) Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 30000 ms to complete a request. The process will be terminated. Thread id : 5108 (0x13f4) Thread address : 0x0000000070E0F06C Thread message : Build VSCORE.15.4.0.583 / 5800.7501 Object being scanned = \Device\HarddiskVolume2\Windows\Installer\383fe2.msi by C:\Windows\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0) Error: (01/25/2017 11:05:49 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème n’est pas corrigé. Error: (01/25/2017 11:05:41 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 Error: (01/25/2017 11:05:41 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 Error: (01/25/2017 11:05:41 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 Error: (01/25/2017 11:05:41 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 Error: (01/25/2017 11:05:41 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 Error: (01/25/2017 11:05:41 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 Error: (01/25/2017 10:16:13 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 Error: (01/25/2017 10:16:13 AM) (Source: DPTF) (EventID: 256) (User: ) Description: Event-ID 256 System errors: ============= Error: (01/25/2017 11:09:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Le service McAfee McShield s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 5000 millisecondes : Restart the service. Error: (01/25/2017 11:08:16 AM) (Source: TermService) (EventID: 1067) (User: ) Description: Le serveur Terminal Server ne peut pas inscrire « TERMSRV » comme nom principal du service pour l’authentification du serveur. L’erreur suivante s’est produite : The specified domain either does not exist or could not be contacted. . Error: (01/25/2017 11:06:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: Les paramètres d’autorisation application-specific n’accordent pas d’autorisation Local Launch pour l’application serveur COM avec le CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} et l’APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} au SID NT AUTHORITY\SYSTEM de l’utilisateur (S-1-5-18) depuis l’adresse LocalHost (Using LRPC). Cette autorisation de sécurité peut être modifiée à l’aide de l’outil d’administration Services de composants. Error: (01/25/2017 11:06:03 AM) (Source: WudfUsbccidDriver) (EventID: 6) (User: NT AUTHORITY) Description: Event-ID 6 Error: (01/25/2017 11:06:03 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Le lecteur de carte à puce « Broadcom Corp Contacted SmartCard 0 » a rejeté le contrôle d’E/S 0x313520 : Incorrect function.. Si cette erreur persiste, votre carte à puce ou lecteur présente peut-être un dysfonctionnement. En-tête de commande : XX XX XX XX Error: (01/25/2017 11:06:00 AM) (Source: WudfUsbccidDriver) (EventID: 6) (User: NT AUTHORITY) Description: Event-ID 6 Error: (01/25/2017 11:06:00 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Le lecteur de carte à puce « Broadcom Corp Contacted SmartCard 0 » a rejeté le contrôle d’E/S 0x313520 : Incorrect function.. Si cette erreur persiste, votre carte à puce ou lecteur présente peut-être un dysfonctionnement. En-tête de commande : XX XX XX XX Error: (01/25/2017 11:05:58 AM) (Source: WudfUsbccidDriver) (EventID: 6) (User: NT AUTHORITY) Description: Event-ID 6 Error: (01/25/2017 11:05:58 AM) (Source: SCardSvr) (EventID: 610) (User: ) Description: Le lecteur de carte à puce « Broadcom Corp Contacted SmartCard 0 » a rejeté le contrôle d’E/S 0x313520 : Incorrect function.. Si cette erreur persiste, votre carte à puce ou lecteur présente peut-être un dysfonctionnement. En-tête de commande : XX XX XX XX Error: (01/25/2017 11:05:54 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: WW930) Description: Échec du traitement de la stratégie de groupe en raison d’une absence de connectivité réseau vers un contrôleur de domaine. Il peut s’agir d’un problème temporaire. Un message de réussite est généré une fois que l’ordinateur est connecté au contrôleur de domaine et que la stratégie de groupe est correctement traitée. Si aucun message de réussite ne s’affiche pendant plusieurs heures, contactez votre administrateur. CodeIntegrity: =================================== Date: 2017-01-24 18:33:57.441 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-24 15:59:42.649 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-23 17:58:01.535 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-22 23:20:42.688 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-19 17:59:30.424 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-19 10:15:12.532 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-19 10:05:27.934 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-16 18:31:16.139 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-14 10:24:19.295 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. Date: 2017-01-11 14:29:06.929 Description: Le module d’intégrité du code ne peut pas vérifier l’intégrité image du fichier \Device\HarddiskVolume2\Windows\System32\SensorsApi.dll car le jeu de hachages d’images par page n’a pas été trouvé sur le système. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz Percentage of memory in use: 66% Total physical RAM: 3984.42 MB Available physical RAM: 1330.42 MB Total Virtual: 13942.61 MB Available Virtual: 10529.91 MB ==================== Drives ================================ Drive c: (SYSTEM) (Fixed) (Total:237.97 GB) (Free:108.83 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 42CEDB23) Partition 1: (Active) - (Size=512 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================