Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017 Ran by I063859 (03-12-2017 10:07:18) Running from C:\Users\i063859\Desktop Windows 10 Enterprise Version 1511 10586.1176 (X64) (2016-08-30 10:29:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= DefaultAccount (S-1-5-21-4062798422-3929470720-3195758788-503 - Limited - Disabled) Guest (S-1-5-21-4062798422-3929470720-3195758788-501 - Limited - Disabled) Raccount (S-1-5-21-4062798422-3929470720-3195758788-500 - Administrator - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Endpoint Security (Enabled - Up to date) {1006DC03-1FB1-9E52-7C81-F2FAB48962E3} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Endpoint Security (Enabled - Up to date) {AB673DE7-398B-91DC-4631-C988CF0E285E} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Endpoint Security (Enabled) {283D5D26-55DE-9F0A-57DE-5BCF4A5A2598} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Microsoft Office 2013“ tikrinimo įrankiai – lietuvių k. (HKLM-x32\...\{90150000-001F-0427-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Adobe Flash Player 27 NPAPI (HKLM-x32\...\{34D4D627-00A1-4C0D-BF68-576C146B9ED6}) (Version: 27.0.0.187 - Adobe Systems Incorporated) Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated) Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.44.0 - Alcor Micro Corp.) Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.) Atom (HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\atom) (Version: 1.19.5 - GitHub Inc.) Belgium e-ID middleware 4.1.18 (build 1730) (HKLM\...\{DB942AEA-93D6-4FE4-8862-180D35A71730}) (Version: 4.1.1730 - Belgian Government) BIG-IP Edge Client (HKLM-x32\...\{6D4839CB-28B4-4070-8CA7-612CA92CA3D0}) (Version: 71.2017.0404.2206 - F5 Networks, Inc.) BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 71.2017.0404.2206 - F5 Networks, Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Receiver 4.9 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.9.0.2539 - Citrix Systems, Inc.) CitrixReceiver_SAP (HKLM-x32\...\{C6BCE15B-495B-4FA6-A395-FBFF115AACD4}) (Version: 4.9 - SAP IT) Cloud Foundry CLI version 6.32.0 (HKLM\...\Cloud Foundry CLI_is1) (Version: 6.32.0 - Cloud Foundry Foundation) Comptes&Mots édition 2017 (HKLM-x32\...\{4437E29A-996C-440A-9227-1126EE75C0AD}_is1) (Version: 2017 - Comptes&Mots) Configuration Manager Client (HKLM\...\{3926E6CB-FD37-4E8D-8B08-7F485E118C2D}) (Version: 5.00.8498.1000 - Microsoft Corporation) Hidden Công cụ Soát lỗi Microsoft Office 2013 - Tiếng Việt (HKLM-x32\...\{90150000-001F-042A-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.8.5.0 - Autonomy Corporation plc) DIGIPASS Native Bridge 2.2.2 (HKLM-x32\...\{28A6E867-4D45-4023-8DD0-09FC196C2892}) (Version: 2.2.2 - VASCO Data Security) Hidden DIGIPASS Native Bridge 2.2.2 (HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\{9ba9a46c-c5ee-4711-9d40-15adb327bdd0}) (Version: 2.2.2 - VASCO Data Security) Eines de correcció del Microsoft Office 2013: català (HKLM-x32\...\{90150000-001F-0403-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Ferramentas de Verificação do Microsoft Office 2013 - Português (HKLM-x32\...\{90150000-001F-0816-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM-x32\...\{90160000-001F-0816-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Ferramentas de verificación de Microsoft Office 2013 - Galego (HKLM-x32\...\{90150000-001F-0456-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Git version 2.9.3-rebase-i (HKLM\...\Git_is1) (Version: 2.9.3-rebase-i - The Git Development Community) GitHub Desktop (HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\GitHubDesktop) (Version: 0.9.1 - GitHub, Inc.) Global Corporate Access (HKLM-x32\...\{38ACB2B6-0957-4C6A-BB53-351F55B5C4B4}) (Version: - ipass) Google Chrome (HKLM-x32\...\{E59DE535-1B5C-35B2-BA45-E99E29548A1C}) (Version: 62.0.3202.94 - Google, Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) HP Universal Discovery Agent (x86) (HKLM-x32\...\{B7643B11-A60E-4A33-A465-263FEB32113A}) (Version: 10.31.000.155 - Hewlett-Packard Development Company, L.P.) Instrumente de verificare Microsoft Office 2016 - Română (HKLM-x32\...\{90160000-001F-0418-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.5.7.22 - SunplusIT) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 19.5 - Intel) Intel® Hardware Accelerated Execution Manager (HKLM\...\{6F73FF93-0B55-4194-AE45-C19DA1F33E97}) (Version: 6.0.3 - Intel Corporation) IntelliJ IDEA 2017.2.6 (HKLM-x32\...\IntelliJ IDEA 2017.2.6) (Version: 172.4574.11 - JetBrains s.r.o.) Internet Explorer 11 Settings (HKLM-x32\...\{68525C36-EE3B-479E-BE2D-9FEC7C8DB134}) (Version: 11.0 - Microsoft Corporation) Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation) Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle) Java SE Development Kit 8 Update 111 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180111}) (Version: 8.0.1110.14 - Oracle Corporation) Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation) Korrekturredskaber til Microsoft Office 2013 – Dansk (HKLM-x32\...\{90150000-001F-0406-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM-x32\...\{90160000-001F-0406-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Korrekturverktøy for Microsoft Office 2013 – Norsk (nynorsk) (HKLM-x32\...\{90150000-001F-0814-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Lenovo On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.80.02 - Lenovo) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.11.08 - Lenovo) McAfee Agent (HKLM\...\{80684F9A-6B01-4F3F-A8C7-C4B7BDF072F1}) (Version: 5.0.6.220 - McAfee, Inc.) McAfee Data Exchange Layer (HKLM\...\{48F152B8-17F4-467F-A65B-49A2A271FA27}) (Version: 3.1.601.0 - McAfee, Inc.) Hidden McAfee Data Exchange Layer (HKLM-x32\...\{d14da861-f859-4506-8497-ebcb682bbca8}) (Version: 3.1.0.601 - McAfee, Inc.) McAfee Endpoint Security Adaptive Threat Protection (HKLM\...\{80B1F696-3C8F-4BBC-BD07-86CF0E37FDD2}) (Version: 10.5.2 - McAfee, Inc.) McAfee Endpoint Security Firewall (HKLM\...\{23E52C73-A84B-47C2-8D8D-24C5C04181B3}) (Version: 10.5.2 - McAfee, Inc.) McAfee Endpoint Security Platform (HKLM\...\{6D20F37F-05CB-401E-83A3-DEB93B29196E}) (Version: 10.5.2 - McAfee, Inc.) McAfee Endpoint Security Threat Prevention (HKLM\...\{4F574B83-3AE0-419F-8A3B-985C389334B4}) (Version: 10.5.2 - McAfee, Inc.) MDOP MBAM (HKLM\...\{1B0FF767-2365-4E2B-91D1-93D442944055}) (Version: 2.5.0244.0 - Microsoft Corporation) Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4945.1001 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2016 – Deutsch (HKLM-x32\...\{90160000-001F-0407-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office Nyelvi ellenőrző eszközök 2016 – magyar (HKLM-x32\...\{90160000-001F-040E-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office Proofing Tools 2016 - Afrikaans (HKLM-x32\...\{90160000-001F-0436-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office Proofing Tools 2016 - Bahasa Melayu (HKLM-x32\...\{90160000-001F-043E-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office Proofing Tools 2016 – български (HKLM-x32\...\{90160000-001F-0402-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office Proofing Tools 2016 - اللغة العربية (HKLM-x32\...\{90160000-001F-0401-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office Proofing Tools 2016 - हिंदी (HKLM-x32\...\{90160000-001F-0439-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office Proofing Tools Kit Compilation 2013 (HKLM-x32\...\Office15.PROOFKIT) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office 언어 교정 도구 2016 - 한국어 (HKLM-x32\...\{90160000-001F-0412-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office 校对工具 2016 - 简体中文 (HKLM-x32\...\{90160000-001F-0804-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office 校正ツール 2016 - 日本語 (HKLM-x32\...\{90160000-001F-0411-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft Office 校訂工具 2016 - 繁體中文 (HKLM-x32\...\{90160000-001F-0404-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation) Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP) Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG) Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation) Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.17.1 - Microsoft Corporation) Mozilla Firefox 54.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 fr)) (Version: 54.0.1 - Mozilla) Mozilla Firefox 55.0.3 (x64 fr) (HKLM\...\Mozilla Firefox 55.0.3 (x64 fr)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla) Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski (HKLM-x32\...\{90150000-001F-0415-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM-x32\...\{90160000-001F-0415-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM-x32\...\{90160000-001F-0405-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Nástroje korektúry balíka Microsoft Office 2013 - slovenčina (HKLM-x32\...\{90150000-001F-041B-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Node.js (HKLM\...\{9CB432A8-2DC4-4AA3-BF63-9A2AE489B167}) (Version: 6.11.4 - Node.js Foundation) Office 15 Click-to-Run Extensibility Component (HKLM-x32\...\{90150000-008C-0000-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (HKLM-x32\...\{90150000-008C-0409-0000-0000000FF1CE}) (Version: 15.0.4945.1001 - Microsoft Corporation) Hidden Online Plug-in (HKLM-x32\...\{5C38E4A7-9778-4C51-8021-61759600D96A}) (Version: 14.9.0.2539 - Citrix Systems, Inc.) Hidden Orodja za preverjanje za Microsoft Office 2013 – slovenščina (HKLM-x32\...\{90150000-001F-0424-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) PDF-XChange PRO x64 6.0.317.1 (HKLM\...\{FDEE9B63-F8FF-459D-96D0-115138EB6C72}) (Version: 6.0.317.1 - Tracker Software Products (Canada) Ltd.) Python 3.4.0 (64-bit) (HKLM\...\{863162a8-ecc2-35ea-bdf7-e09ac456e164}) (Version: 3.4.150 - Python Software Foundation) Python 3.5.0 (64-bit) (HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\{e599f76f-2b95-44da-a280-77548b1b2a21}) (Version: 3.5.150.0 - Python Software Foundation) Python 3.5.0 Add to Path (64-bit) (HKLM\...\{810503AC-4E50-4A21-BD5A-BFA973480B35}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Core Interpreter (64-bit) (HKLM\...\{9D059C5B-80A5-46AA-BC8A-FD41E89D0A49}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Development Libraries (64-bit) (HKLM\...\{6EA6724A-71C6-43EE-BE9F-80E3C0DC8A4F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Documentation (64-bit) (HKLM\...\{3B016F3B-917E-477F-920A-BBBA12E09F8B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Executables (64-bit) (HKLM\...\{9C67D7CC-26D3-4535-9D0A-F4591AD9B11F}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Launcher (32-bit) (HKLM-x32\...\{A095BD6B-4F39-46A4-9AA1-8F7296492974}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 pip Bootstrap (64-bit) (HKLM\...\{6ADAF31E-EEE6-4251-BE5A-EFD7868D3930}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Standard Library (64-bit) (HKLM\...\{5741118B-D61A-4F27-BB80-0CAED22FE20B}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Tcl/Tk Support (64-bit) (HKLM\...\{47483182-8783-45CB-9120-77FDB241E2FF}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Test Suite (64-bit) (HKLM\...\{B2AB1292-01D1-4972-BF56-43531A2AA3BA}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Python 3.5.0 Utility Scripts (64-bit) (HKLM\...\{2B5129D0-C4C1-4322-8888-D0B6CDA6DCD2}) (Version: 3.5.150.0 - Python Software Foundation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7746 - Realtek Semiconductor Corp.) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (HKLM-x32\...\{90150000-001F-0416-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM-x32\...\{90160000-001F-0416-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Samsung Kies (HKLM-x32\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.4.17113.1 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.) SAP Business Explorer (HKLM-x32\...\SAPBI) (Version: 7.30 - SAP AG) SAP Communication PPT Presentation Wizard 2017.3 (HKLM-x32\...\{DECD9416-9049-45E9-888E-31BDB76D7802}) (Version: 2017.3 - SAP Communication) SAP Fonts 2013 (HKLM-x32\...\{2AE73D57-0FDB-47D5-B195-00C9BF3098B2}) (Version: 2013 - SAP) SAP GUI for Windows 7.40 (Patch 12) (HKLM-x32\...\SAPGUI) (Version: 7.40 Compilation 3 - SAP SE) SAP HANA Cloud Connector (HKLM\...\{018F5128-1795-4573-9528-F842531A46DE}) (Version: 2.9.0.2 - SAP) SAP IT Client Migration Wizard 2016 2.0.2 (HKLM-x32\...\{3BA8A814-8207-468C-8067-43F7BF50693A}) (Version: 2.0.2 - SAP IT) SAP IT MusicOnHoldFileForLync 1.0 (HKLM\...\{8AB1E204-BE7E-450F-B6D2-2E711A48CD71}) (Version: 1.0 - SAP IT) SAP IT Raccount SE (HKLM\...\{C5CE7B4B-9F72-474D-A8EA-7C2F7592FCE4}) (Version: 1.4 - SAP IT) SAP IT Windows 8 Logon Icon 1.0 (HKLM-x32\...\{268C2CDE-A133-420E-8958-7C2512C6F767}) (Version: 1.0 - SAP IT) SAP Mobile Platform SDK 3.0 SP13 (HKLM\...\570a03218011079f3aee0f2964c764ba920482880) (Version: 3.0.13.0 - SAP SE) SAP Secure Login Client (x64) (HKLM\...\Secure Login Client (x64)) (Version: 3.0.2.1.0 - SAP AG) SAP Workforce Performance Builder SLC Player 9.4.0.111 (HKLM-x32\...\{DA46712E-B8B6-4466-8003-9B5CDCF78F31}) (Version: 9.4.0111 - SAP AG) SAPscript Legacy Text Editor (HKLM-x32\...\SAPScriptEditorControls) (Version: - SAP SE) Self-Service Plug-in (HKLM-x32\...\{C7E328BE-E4FF-4D07-B848-1179C42C8AD4}) (Version: 4.9.0.2528 - Citrix Systems, Inc.) Hidden Skype Quality Adviser (HKLM-x32\...\{BD1C5F81-2AE5-477B-8BC5-8D52394DD0CF}) (Version: 4.0.4.3 - SAP) Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM-x32\...\{90160000-001F-0410-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Sublime Text Build 3143 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.85 - Synaptics Incorporated) Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.2.32002 - Telerik) Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM-x32\...\{90160000-001F-083C-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN) Windows Driver Package - Fedict SmartCard (08/08/2015 4.1.5) (HKLM\...\9F46F7AB1E3B1B5F5482EA8D97F401B04FBF7958) (Version: 08/08/2015 4.1.5 - Fedict) WinRAR (64-bit) 5.31.0 (HKLM\...\{F8B0145A-8891-47EA-8160-E0CA22B851F7}) (Version: 5.31.0 - win.rar GmbH) Yarn (HKLM-x32\...\{918E1EC4-5148-4150-B711-8A69AE9BAF37}) (Version: 1.3.2 - Yarn Contributors) YTD Video Downloader 5.9.0 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.0 - GreenTree Applications SRL) <==== ATTENTION Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2013 - Ελληνικά (HKLM-x32\...\{90150000-001F-0408-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Засоби перевірки правопису Microsoft Office 2013 – українська мова (HKLM-x32\...\{90150000-001F-0422-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) כלי ההגהה של Microsoft Office 2013 - עברית (HKLM-x32\...\{90150000-001F-040D-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden כלי ההגהה של Microsoft Office 2016 - עברית (HKLM-x32\...\{90160000-001F-040D-0000-0000000FF1CE}) (Version: 16.0.4393.1001 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\RarExt.dll [2016-02-03] (Alexander Roshal) ContextMenuHandlers1: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\RarExt32.dll [2016-02-03] (Alexander Roshal) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-07-30] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-11-05] (NVIDIA Corporation) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\RarExt.dll [2016-02-03] (Alexander Roshal) ContextMenuHandlers6: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\RarExt32.dll [2016-02-03] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2003EF10-A7A7-4904-9521-44E8FA08AF84} - System32\Tasks\SAP IT\SAP-NAP => powershell.exe -NoProfile -WindowStyle Hidden -ExecutionPolicy AllSigned -File "%programfiles%\SAP-IT\SAP-NAP\SAP-NAP.ps1" <==== ATTENTION Task: {2A4F95CC-8AB1-46B9-8E88-FD7CC0070BDD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2017-09-12] (Microsoft Corporation) Task: {35A73488-2B14-44B2-B0CE-9AF570121C7C} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-23] (Realtek Semiconductor) Task: {362BA806-2178-46F0-824B-0E59F358CF8F} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\Windows\system32\wbem\wmic.exe [2015-10-30] (Microsoft Corporation) Task: {3AA5C15D-97EA-4561-BBAE-343B472129D1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-09-12] (Microsoft Corporation) Task: {3B63BC48-B31B-46E3-997F-0CB645B0DB7A} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {45659455-D9F5-4022-8B2B-661248F206C8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-29] (Adobe Systems Incorporated) Task: {49B0D527-742B-43D4-A536-2D9B1027E709} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} Task: {66C12B49-8480-43C4-A862-5124B4AB6D36} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-30] (Google Inc.) Task: {67CFFCEB-A430-4BDB-BA32-406784FA57B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-30] (Google Inc.) Task: {6F72DB16-773E-4C20-A04A-2BEE5577232B} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-23] (Realtek Semiconductor) Task: {848F81D8-1B12-4CE4-BF9E-5665EEC4A3B9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) Task: {9671028C-34A1-4EB7-8504-5F5B384C778E} - System32\Tasks\HF_BOOT_TASK_JOB (INSTALL_STATE_UPDATE) => C:\ProgramData\Shavlik\Installation\InstallationSandbox#2016-09-06-T-19-11-53\SafeReboot.exe [2014-07-28] (LANDESK Software, Inc.) Task: {96C62F12-57C6-45BA-BFD4-BC2F6600BAAA} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2017-04-11] (Microsoft Corporation) Task: {B09D2202-5408-45A0-93FA-EF50FD1247F8} - System32\Tasks\Credmanager => powershell.exe -noprofile -command "&{cd C:\Users\Public\SAP-IT\CredentialManager; C:\Users\Public\SAP-IT\CredentialManager\AddCredential.ps1}" Task: {B6C6D522-FEB9-4293-B003-6D56CE659C1E} - System32\Tasks\SAP IT\SAP_W10_IT_Firstrun => C:\program files (x86)\SAP IT\FirstRun\run.vbs [2016-03-14] () Task: {BB4C9AFA-0933-45F3-A52D-D49D52F138AB} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-02-23] (Realtek Semiconductor) Task: {BF43D33A-A5B4-4F4F-BD5A-134DE7EA097F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2017-09-12] (Microsoft Corporation) Task: {C507A621-8659-4675-81E1-703EEC4CB565} - System32\Tasks\SAP IT\Set DynDNS => cscript.exe \\global.corp.sap\netlogon\Scripts\Dyndns\_DSSO_AD\setDynDnsAD.vbs Task: {C631CA95-2C71-493D-B448-A851B02C5F33} - System32\Tasks\SAP IT\Reg_DNS_Upd_V4 => powershell -command "& {{Start-Process -F 'cmd' -A '/c ipconfig /registerdns' -N -Wait }; Exit 0}" Task: {D3802E03-6F39-4DC1-924C-BDA92809C7EF} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {ED0912DD-05FF-4756-8A49-6538AD641381} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2017-04-11] (Microsoft Corporation) Task: {F785A48C-4E8A-4681-8E94-E151142FC923} - System32\Tasks\SCCM_Client_Check => powershell.exe -NonInteractive -noprofile -WindowStyle Hidden -ExecutionPolicy bypass -file \\ecs\remediation\SCCM_Tools\Fix-BrokenSCCM.ps1 Task: {FC698EF9-711E-43B0-863A-B09D69F18ADD} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\i063859\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Advanced REST client.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hgmloofddffdnphfgcellkdfbfbjeloo ShortcutWithArgument: C:\Users\i063859\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\mydlink services plugin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ldibdoepbjbkkcbgndfljnphngpglhbb ShortcutWithArgument: C:\Users\i063859\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop ==================== Loaded Modules (Whitelisted) ============== 2016-08-30 12:39 - 2017-01-17 03:25 - 000117440 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2017-06-14 07:47 - 2017-06-14 07:47 - 000152656 _____ () C:\Program Files\McAfee\Agent\libuv.dll 2017-06-14 08:21 - 2017-06-14 08:21 - 000028224 _____ () C:\Program Files\McAfee\Agent\trex.dll 2017-06-14 07:46 - 2017-06-14 07:46 - 000033856 _____ () C:\Program Files\McAfee\Agent\libini.dll 2017-06-14 08:20 - 2017-06-14 08:20 - 000559128 _____ () C:\Program Files\McAfee\Agent\sqlite.dll 2017-06-14 08:23 - 2017-06-14 08:23 - 000121176 _____ () C:\Program Files\McAfee\Agent\zlib.dll 2017-06-14 08:18 - 2017-06-14 08:18 - 000058680 _____ () C:\Program Files\McAfee\Agent\MXML.dll 2016-12-05 06:07 - 2016-12-05 06:07 - 001007560 _____ () C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe 2017-03-28 13:11 - 2017-03-04 06:31 - 000185856 _____ () C:\Windows\SYSTEM32\ism32k.dll 2016-08-30 11:22 - 2015-11-05 12:49 - 000126072 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2017-09-27 16:32 - 2017-09-05 10:31 - 002656960 _____ () C:\Windows\System32\CoreUIComponents.dll 2017-03-17 08:48 - 2017-01-31 13:34 - 008909512 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-08-30 19:51 - 2016-08-30 20:02 - 000144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-13 13:53 - 2016-02-13 13:53 - 000093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-09-27 16:00 - 2016-07-01 04:48 - 000472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2017-03-28 13:10 - 2017-03-04 04:19 - 007992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-28 13:11 - 2017-03-04 04:14 - 000591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-09-27 16:32 - 2017-09-05 05:03 - 002483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-09-27 16:32 - 2017-09-05 05:06 - 004089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-11-16 09:46 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll 2017-11-16 09:46 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll 2015-10-28 12:46 - 2015-10-28 12:46 - 000076528 _____ () C:\Program Files (x86)\Iron Mountain\Connected BackupPC\SDK8.dll 2017-02-06 04:27 - 2017-02-06 04:27 - 000889672 _____ () C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\System.Data.SQLite.dll 2017-02-06 04:27 - 2017-02-06 04:27 - 000038728 _____ () C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\ThemisLib.dll 2017-02-06 04:27 - 2017-02-06 04:27 - 000014152 _____ () C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\NetworkAssessLib.dll 2017-02-06 04:27 - 2017-02-06 04:27 - 000024904 _____ () C:\Program Files (x86)\Deutsche Telekom\Global Corporate Access\bin\RTNLib.dll 2017-06-14 07:46 - 2017-06-14 07:46 - 000141800 _____ () C:\Program Files\McAfee\Agent\x86\libuv.dll 2017-06-14 08:20 - 2017-06-14 08:20 - 000027128 _____ () C:\Program Files\McAfee\Agent\x86\trex.dll 2017-06-14 07:46 - 2017-06-14 07:46 - 000029208 _____ () C:\Program Files\McAfee\Agent\x86\libini.dll 2017-06-14 08:20 - 2017-06-14 08:20 - 000434624 _____ () C:\Program Files\McAfee\Agent\x86\sqlite.dll 2017-06-14 08:18 - 2017-06-14 08:18 - 000048848 _____ () C:\Program Files\McAfee\Agent\x86\MXML.dll 2016-08-30 19:51 - 2016-08-30 20:02 - 000141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-08-30 19:51 - 2016-08-30 20:02 - 022284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\corp.sap -> hxxps://*.global.corp.sap IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\*.global -> hxxps://*.global IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\amadeus.com -> hxxps://amadeus.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\ariba.com -> hxxp://sapconcur.procurement-eu.ariba.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\bcdtravel.com -> hxxps://bcdtravel.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\bluebottlebiz.com -> hxxps://bluebottlebiz.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\box.net -> hxxps://sso.services.box.net IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\brainshark.com -> hxxps://www.brainshark.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\btslearning.com -> hxxps://www.btslearning.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\btspulse.com -> hxxps://sap.btspulse.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\checkmytrip.com -> hxxps://checkmytrip.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\concur.com -> hxxp://webmail.concur.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\concurmessaging.com -> hxxps://concurmessaging.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\concursolutions.com -> hxxps://concursolutions.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\concursolutions.com -> hxxp://concursolutions.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\concurtech.org -> hxxps://concur.concurtech.org IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\contgo.com -> hxxps://contgo.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\corp.sap -> hxxps://*.global.corp.sap IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\cubetree.com -> hxxps://cubetree.com IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\datanet.de -> hxxps://datanet.de IE trusted site: HKU\S-1-5-21-74642-3284969411-2123768488-96017\...\datasltn.com -> hxxps://datasltn.com There are 64 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 08:24 - 2017-01-31 12:40 - 000001186 _____ C:\Windows\system32\Drivers\etc\hosts 54.87.174.2 vhcals4hci vhcals4hci.dummy.nodomain ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-74642-3284969411-2123768488-96017\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\sap_wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{13132F38-260E-4282-9799-51D8DA51DD81}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{7673CC42-CD9A-4DFB-B397-FE0F5DDD4788}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{9FB2FAD2-3D59-4864-B558-09DC2C920CDA}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{5343CF97-2A57-43B1-AD9D-03B3A25D1969}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{656F1135-8FCE-4C09-95D6-FA86779DAF73}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{45BAECBF-7431-4F4B-89E7-E733F2EBDCE1}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{95943FD2-C598-442B-BCD9-D589099DF814}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{53DA9224-53E4-453F-8152-B826A4BFFA3F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{98B6B2BB-37C1-427E-A4F5-AB29AD2CE54C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{6D01FEDF-BB53-4AA8-9C01-52513BDEFE60}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{1A0F14AF-C763-4EDB-AB6B-0E95D184CE55}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{A63F4AC4-86AA-476A-AA66-D71ECD92050D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{ADCF5A3F-C987-4CC0-8B1B-9B46E77F465F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe FirewallRules: [{9E0E762E-3163-4B12-8379-43287145CAAC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Discovery Agent\bin32\discagnt.exe FirewallRules: [{E7022EB9-092D-4D1A-B4C5-C07EFA3C56E8}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{6BE11B8C-E618-42D6-936A-CEA12ECFCFF5}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{FD885E50-1A52-4B24-B7EF-A81F66102BEF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{00A7508B-CA25-480C-9FA1-9BB7F3B58D11}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{5A8C89E6-F6C4-4025-88CF-FCE0A8A2654F}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{D0E949FB-5178-4BB2-93F6-7CCA0E532415}] => (Allow) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{33A0BD2A-DB3D-4C55-BC80-545B4114B7D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DC926158-75BE-4444-AAB5-85B05603C2BC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{50CC7977-CEA0-46B8-8BC8-D111F9F5747A}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe FirewallRules: [{E7DF354E-335A-46F5-9AB1-5A1C3E244778}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\RM.exe FirewallRules: [{9BBE30F1-560A-420F-BA34-2A0AA27C7142}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe FirewallRules: [{68415656-8A03-40CD-AF8F-EE8DC4462098}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\umi.exe FirewallRules: [{3EE92078-EF11-4DFC-AA9B-92470CDFF3F0}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe FirewallRules: [{DF9FF965-7F8C-44BC-802D-F2D18F5E6D39}] => (Allow) C:\Program Files (x86)\Pinnacle\VideoSpin\Programs\VideoSpin.exe FirewallRules: [{C2424CDF-52CD-4A7A-977A-EDD88F488BFC}] => (Allow) C:\Users\i063859\Downloads\wizard\autorun.exe FirewallRules: [{EB0CB0EA-91A6-4395-85DF-0B0365ED36DB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{169AFE98-0F3C-4F2D-BA03-98C2CF39CE34}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{002C029E-8C05-4A49-9364-1D0F54E0274E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: TunnelBear Adapter V9 Description: TunnelBear Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TunnelBear Provider V9 Service: tap-tb-0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/03/2017 09:47:54 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY) Description: EventID=18056 ExP:DEP Heap Bloqué une tentative d'exploit de C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE. Error: (12/03/2017 02:13:48 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY) Description: EventID=18056 ExP:DEP Heap Bloqué une tentative d'exploit de C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE. Error: (12/03/2017 02:10:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: GLOBAL) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/03/2017 01:50:52 AM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY) Description: EventID=1095 GLOBAL\I063859 a exécuté CHROME.EXE, qui a accédé à C:\USERS\I063859\DOWNLOADS\KIESSETUP.EXE, d'une manière contraire à la règle « Navigateurs lançant des fichiers depuis le dossier Fichiers programmes téléchargés ». L'accès a été autorisé car la règle n'était pas configurée de sorte à bloquer l'accès. Error: (12/02/2017 09:53:26 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY) Description: EventID=18056 ExP:DEP Heap Bloqué une tentative d'exploit de C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE. Error: (12/02/2017 01:48:20 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY) Description: EventID=1095 GLOBAL\I063859 a exécuté CHROME.EXE, qui a accédé à C:\USERS\I063859\DOWNLOADS\FRST64.EXE, d'une manière contraire à la règle « Navigateurs lançant des fichiers depuis le dossier Fichiers programmes téléchargés ». L'accès a été autorisé car la règle n'était pas configurée de sorte à bloquer l'accès. Error: (12/02/2017 01:37:15 PM) (Source: McAfee Endpoint Security) (EventID: 3) (User: NT AUTHORITY) Description: EventID=1095 GLOBAL\I063859 a exécuté CHROME.EXE, qui a accédé à C:\USERS\I063859\DOWNLOADS\HOUSECALLLAUNCHER64.EXE, d'une manière contraire à la règle « Navigateurs lançant des fichiers depuis le dossier Fichiers programmes téléchargés ». L'accès a été autorisé car la règle n'était pas configurée de sorte à bloquer l'accès. Error: (12/02/2017 01:36:28 PM) (Source: Group Policy Shortcuts) (EventID: 8194) (User: NT AUTHORITY) Description: The client-side extension could not apply user policy settings for 'GPO_UC_IE {62BE36DE-E9C7-490F-A445-ADE698683A0C}' because it failed with error code '0x80070035 The network path was not found.'%apply00790275 Error: (12/02/2017 01:36:28 PM) (Source: Group Policy Registry) (EventID: 8194) (User: NT AUTHORITY) Description: The client-side extension could not apply user policy settings for 'GPO_UC_Edge {18F1FECA-5A1B-4588-96D3-B281695DC9FB}' because it failed with error code '0x80070035 The network path was not found.'%apply00790275 Error: (12/02/2017 01:36:28 PM) (Source: Group Policy Files) (EventID: 8194) (User: NT AUTHORITY) Description: The client-side extension could not apply user policy settings for 'GPO_UC_IE {62BE36DE-E9C7-490F-A445-ADE698683A0C}' because it failed with error code '0x80070035 The network path was not found.'%apply00790275 System errors: ============= Error: (12/03/2017 09:43:07 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: GLOBAL) Description: 1 failed. GPO Name : GPO_UC_LogonScripts GPO File System Path : \\global.corp.sap\sysvol\global.corp.sap\Policies\{4D75ECED-B4A7-47DB-85F5-E59B1C8AA8FB}\User Script Name: %LogonServer%\NETLOGON\Logon.bat Error: (12/03/2017 09:43:07 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: GLOBAL) Description: 1 failed. GPO Name : GPO_UC_SSO_CR GPO File System Path : \\global.corp.sap\sysvol\global.corp.sap\Policies\{988A2044-AC1A-443C-A37B-D506852E8751}\User Script Name: Delete-SAP_ALL-SSO_CA-certs.ps1 Error: (12/03/2017 09:43:07 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: GLOBAL) Description: 1 failed. GPO Name : GPO_UC_Printer_Migration GPO File System Path : \\global.corp.sap\sysvol\global.corp.sap\Policies\{1D8A4517-3340-4306-A42B-351FFC58152B}\User Script Name: %logonserver%\netlogon\printerMigration\SAP_Printer.ps1 Error: (12/03/2017 09:43:01 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: GLOBAL) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (12/03/2017 09:43:00 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain GLOBAL due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (12/03/2017 09:42:39 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (12/03/2017 02:14:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_18aaf6 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (12/03/2017 02:14:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_18aaf6 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (12/03/2017 02:11:53 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain GLOBAL due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (12/03/2017 02:11:12 AM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control. CodeIntegrity: =================================== Date: 2017-11-30 14:58:47.294 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-29 04:57:55.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-11-22 18:32:42.694 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-26 13:00:37.314 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-24 21:04:29.165 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-24 12:10:56.804 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-10-23 09:35:29.990 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-29 13:28:13.013 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-27 18:45:53.768 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2017-09-26 14:46:17.957 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4910MQ CPU @ 2.90GHz Percentage of memory in use: 33% Total physical RAM: 16263.54 MB Available physical RAM: 10847.7 MB Total Virtual: 17287.54 MB Available Virtual: 11180.46 MB ==================== Drives ================================ Drive c: (OSDisk) (Fixed) (Total:475.87 GB) (Free:306.41 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 476.9 GB) (Disk ID: 03A644DE) Partition: GPT. ==================== End of Addition.txt ============================