Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-11-2019
Ran by rith_cardoso (19-11-2019 20:39:13)
Running from C:\Users\rith_\Downloads
Windows 10 Home Version 1803 17134.1006 (X64) (2018-06-01 17:25:41)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1700814494-1229485729-3644563354-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1700814494-1229485729-3644563354-503 - Limited - Disabled)
Guest (S-1-5-21-1700814494-1229485729-3644563354-501 - Limited - Disabled)
rith_cardoso (S-1-5-21-1700814494-1229485729-3644563354-1001 - Administrator - Enabled) => C:\Users\rith_
WDAGUtilityAccount (S-1-5-21-1700814494-1229485729-3644563354-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Free (Enabled - Up to date) {0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8}
AS: Kaspersky Free (Enabled - Up to date) {B1D2E896-6D96-7460-F17A-838B9D00DD65}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1700814494-1229485729-3644563354-1001\...\uTorrent) (Version: 3.5.5.45231 - BitTorrent Inc.)
Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 19.021.20056 - Adobe Systems Incorporated)
Ajuda e Suporte da Dell (HKLM\...\{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.) Hidden
Ajuda e Suporte da Dell (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{4B38FF9D-7308-411D-93BF-CCF259B476ED}) (Version: 3.5.2013.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Power Manager Lite (HKLM-x32\...\DpmLite_Iris_2014_is1) (Version: 1.0.4 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\{95BD6E30-2B18-4FB0-B5AE-8250E5584831}) (Version: 3.3.3.13 - Dell Inc.)
Dell Update (HKLM-x32\...\{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2}) (Version: 1.9.4.0 - Dell Inc.)
Digicerto Master 2.3.8 (HKLM-x32\...\Digicerto Master_is1) (Version: - RkSoft Softwares Ltda)
Dirf 2019 - Declaração do Imposto sobre a Renda Retido na Fonte (HKLM-x32\...\9DE236F5-BCEB-C709-8760-2669204C5BAF) (Version: 1.1 - SERPRO)
Dropbox (HKLM-x32\...\Dropbox) (Version: 85.4.155 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.97 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbM176DSService (HKLM-x32\...\{713783F8-91A6-4334-B79F-011844F326F6}) (Version: 001.001.08254 - Hewlett-Packard) Hidden
hppLaserJetService (HKLM-x32\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM176LaserJetService (HKLM-x32\...\{C79999B9-4522-470B-8A71-2355AA0C8B9B}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{60c073df-e736-4210-9c3a-5fc2b651cef3}) (Version: 10.1.1.7 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4463 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel(R) WiDi Software Asset Manager (HKLM-x32\...\{5B5CD20C-29F0-4857-A4FA-A4F4C716B019}) (Version: 1.1.347 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{C345A462-2044-47D6-81F6-A4416453A514}) (Version: 17.1.1529.1613 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{88540041-fd0c-4588-9b2f-251e29f7c5a1}) (Version: 18.40.4 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
IRPF2018 (HKLM-x32\...\IRPF2018) (Version: 1.4 - Receita Federal do Brasil)
IRPF2019 (HKLM-x32\...\IRPF2019) (Version: 1.2 - Receita Federal do Brasil)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kaspersky Free (HKLM-x32\...\{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{718613F4-492D-4272-ACC3-D04A8EF0F883}) (Version: 19.0.0.1088 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F10AA188-7166-430E-8810-FEAB2AD73DE3}) (Version: 19.0.0.1088 - Kaspersky Lab)
K-Lite Mega Codec Pack 12.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.9.0 - KLCP)
LibreOffice 6.2.4.2 (HKLM\...\{B8FF8670-C6F4-4868-9DB2-C23324C0E575}) (Version: 6.2.4.2 - The Document Foundation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.9060.3 - Waves Audio Ltd.) Hidden
Microsoft Office Professional 2016 - pt-br (HKLM\...\ProfessionalRetail - pt-br) (Version: 16.0.12130.20344 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1700814494-1229485729-3644563354-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.12130.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0416-1000-0000000FF1CE}) (Version: 16.0.12130.20344 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0416-0000-0000000FF1CE}) (Version: 16.0.9126.2152 - Microsoft Corporation) Hidden
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1930.429 - Trusteer)
Rapport (HKLM-x32\...\{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}) (Version: 3.5.1930.429 - Trusteer) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8142 - Realtek Semiconductor Corp.)
SmartByte Drivers and Services (HKLM\...\{EC62F71A-6CFA-4918-9EBC-99BFF86DB3C9}) (Version: 1.2.600 - Rivet Networks)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Warsaw 2.9.2.2 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 2.9.2.2 - GAS Tecnologia)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Packages:
=========
Bradesco -> C:\Program Files\WindowsApps\Bradesco.Bradesco_1.1.0.35_neutral__fdq02r035jhmp [2018-11-26] (Bradesco)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-07] (king.com)
Complemento de Fotos -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2017.39121.36610.0_x64__8wekyb3d8bbwe [2018-09-15] (Microsoft Corporation)
Complemento do Mecanismo de Mídia de Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-19] (Microsoft Corporation)
Complemento para Telefone Microsoft -> C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1802.311.0_x64__8wekyb3d8bbwe [2018-02-13] (Microsoft Corporation)
CyberLink Media Suite Essentials -> C:\Program Files\WindowsApps\DB6EA5DB.CyberLinkMediaSuiteEssentials_1.0.10.0_x86__mcezb6ze687jp [2018-03-18] (CYBERLINK CORPORATION.)
Dell Shop -> C:\Program Files\WindowsApps\DellInc.DellShop_2.2.1.0_neutral__htrsf667h5kn2 [2017-01-14] (Dell Inc)
Dell SupportAssist for PCs -> C:\Program Files\WindowsApps\DellInc.DellSupportAssistforPCs_3.3.8.0_x64__htrsf667h5kn2 [2019-11-06] (Dell Inc)
Email e Calendário -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12026.20368.0_x64__8wekyb3d8bbwe [2019-11-06] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-19] (Microsoft Corporation) [MS Ad]
Microsoft Notícias -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-19] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-08] (Microsoft Studios) [MS Ad]
MSN Clima -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-19] (Microsoft Corporation) [MS Ad]
MSN Dinheiro -> C:\Program Files\WindowsApps\Microsoft.BingFinance_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
MSN Esportes -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.31.11905.0_x64__8wekyb3d8bbwe [2019-08-03] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-26] (Netflix, Inc.)
OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.22.5.0_x64__8wekyb3d8bbwe [2019-11-06] (Microsoft Corporation)
Telefone Microsoft -> C:\Program Files\WindowsApps\Microsoft.CommsPhone_3.43.20002.1000_x64__8wekyb3d8bbwe [2018-09-15] (Microsoft Corporation)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-15] (Twitter Inc.)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2018-11-10] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1700814494-1229485729-3644563354-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\rith_\Dropbox [2016-12-18 16:25]
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-04-27] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers2: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-06-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [Kaspersky Anti-Virus 19.0.0] -> {755D388B-420B-4692-A974-84AAF0E577D3} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\ShellEx.dll [2019-04-14] (Kaspersky Lab -> AO Kaspersky Lab)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3642880 2016-05-08] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [vidc.pDAD] => C:\Windows\SysWOW64\prodad-codec.dll [506392 2016-04-27] (proDAD GmbH -> proDAD GmbH)
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3613696 2016-05-08] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.FMVC] => C:\Windows\SysWOW64\fmcodec.dll [77824 2008-08-18] (Fox Magic Software) [File not signed]
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [File not signed] C:\WINDOWS\System32\hpzjrd01.dll
2015-06-23 20:00 - 2015-06-23 20:00 - 000562688 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2015-06-23 20:00 - 2015-06-23 20:00 - 000285696 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\System32\HPTcpMUI.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [2410]
AlternateDataStreams: C:\Users\rith_\OneDrive\Documents\C-Esp_ComSoc-PR:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\rith_\OneDrive\Documents\Modelos Personalizados do Office:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
AlternateDataStreams: C:\Users\rith_\OneDrive\Documents\Primeiros Socorros - CAV-T:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.Metadata [194]
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 04:24 - 2015-10-30 04:21 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-07-08 16:27 - 2018-07-08 16:28 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1700814494-1229485729-3644563354-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: DbxSvc => 2
MSCONFIG\Services: Dell Foundation Services => 2
MSCONFIG\Services: Dell Help & Support => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: HP DS Service => 2
MSCONFIG\Services: HP LaserJet Service => 2
MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 2
MSCONFIG\Services: RegSrvc => 2
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RmSvc => 3
MSCONFIG\Services: RNDBWM => 2
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: RtkAudioService => 2
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SEMgrSvc => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: SharedAccess => 3
MSCONFIG\Services: SharedRealitySvc => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SmartByte Network Service x64 => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: spectrum => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: stisvc => 3
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TokenBroker => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WarpJITSvc => 3
MSCONFIG\Services: WavesSysSvc => 2
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WFDSConMgrSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: wisvc => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wlpasvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: WpnService => 2
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxGipSvc => 3
MSCONFIG\Services: XboxNetApiSvc => 3
MSCONFIG\Services: ZeroConfigService => 2
HKLM\...\StartupApproved\Run: => "TNOD UP"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-1700814494-1229485729-3644563354-1001\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{259AC105-5163-4874-8F74-E4A856E4ED90}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel(R) Wireless Display -> Intel)
FirewallRules: [UDP Query User{B514BD5E-2C12-4FDC-B652-29A317F0940F}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [TCP Query User{026E5228-CEBA-4837-82D3-8EEC3E9DA1CD}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
FirewallRules: [{844D8A3C-A057-4CDD-A930-06DA00E75C1D}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe (Gas Informatica Ltda -> GAS Tecnologia LTDA)
FirewallRules: [{8D4274CF-E05C-4278-B276-F5F76F5A0211}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{E2D53BC9-066C-4A4B-8AA8-5391A0B84402}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{FC7E2FCF-FE17-48EB-8F57-7A899A70C340}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{C469A218-0DB1-452D-8425-B00CEE195567}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{2FE6AB49-809D-4535-9725-46C0FC8035C3}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe (Intel(R) Wireless Display -> Intel)
FirewallRules: [{05D92069-8DB7-41ED-A37A-E9466B813C71}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe (Intel(R) Wireless Display -> )
FirewallRules: [{13C4F66D-B75C-49CE-A4EB-E4FDC9939E16}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe (Intel(R) Wireless Display -> Intel Corporation)
FirewallRules: [{591AEAEF-4F5B-46B8-B6D8-9277C7A33821}] => (Allow) C:\Users\rith_\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4DBBEF4A-5FAB-41E2-A566-84BF41DCDD0C}] => (Allow) C:\Users\rith_\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{CF7D3B76-7458-45B0-A2AA-2089CDF3B42E}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{9C9A0CBD-4471-4A06-9644-8451BE4A7008}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{0F4C2A41-A318-4D73-8A0B-0E8CCFDA41F3}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{7C90D21A-39E4-4D20-901F-F34D3AFF253D}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{FF76A1B3-B15C-4D37-B752-673D5BEC6E1A}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{03E8AA77-BDEF-478F-A210-D2BF3F432E90}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{A53EAFC1-1002-43DE-B97F-D5FA709E8A7E}] => (Allow) %systemroot%\system32\alg.exe No File
FirewallRules: [{8A8D20AD-0641-4636-90A5-C0DD2E65E584}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{D47A33B6-D27F-4A79-9811-9D56753F924D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [TCP Query User{FC7DF381-3BD4-4860-9699-225B0B4D8846}C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45291.exe No File
FirewallRules: [UDP Query User{C8156E6E-139F-45A2-B632-3AC505EE43FD}C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45291.exe] => (Block) C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45291.exe No File
FirewallRules: [TCP Query User{ABE7F1E5-DB70-4605-BED9-EE34B94CB69B}C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45311.exe] => (Block) C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45311.exe No File
FirewallRules: [UDP Query User{7ED3A0D2-C9C1-4EEA-BD1A-F5839F888D85}C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45311.exe] => (Block) C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45311.exe No File
FirewallRules: [{E4079F46-EDF7-4289-88CD-9D3A44A652EC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{05548A0B-A90C-4E2B-A74F-7D6470BDCFBF}C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45395.exe] => (Allow) C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45395.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{3A5BF586-E3DB-4FCE-B0FC-57C2149302B2}C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45395.exe] => (Allow) C:\users\rith_\appdata\roaming\utorrent\updates\3.5.5_45395.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4965052D-0395-484D-AC07-4227931F79A9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{4344C9AF-7AB7-4245-94E8-0FE31963CBEE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
06-11-2019 17:02:39 Windows Update
19-11-2019 15:40:51 Windows Update
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (11/19/2019 08:24:46 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} foi rejeitada
Error: (11/19/2019 08:24:46 PM) (Source: COM) (EventID: 10031) (User: )
Description: Uma verificação de política de unmarshaling foi executada ao realizar unmarshaling em um objeto de marshaling personalizado, e a classe {41FD88F7-F295-4D39-91AC-A85F3149A05B} foi rejeitada
Error: (11/19/2019 07:43:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: DeliveryService.exe, versão: 3.5.2013.0, carimbo de data/hora: 0x5d025c33
Nome do módulo com falha: KERNELBASE.dll, versão: 10.0.17134.1006, carimbo de data/hora: 0x3c7d79a4
Código de exceção: 0xe0434352
Deslocamento da falha: 0x00112cd2
ID do processo com falha: 0x24d4
Hora de início do aplicativo com falha: 0x01d59f2ac0438ec5
Caminho do aplicativo com falha: C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
Caminho do módulo com falha: C:\WINDOWS\System32\KERNELBASE.dll
ID do Relatório: 8ef873c7-8aeb-4a92-98fe-f01c8f0e26ea
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (11/19/2019 07:43:25 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: DeliveryService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Dell.ClientFulfillmentService.ClientFulfillmentService.RetrieveAppConfig()
at Dell.ClientFulfillmentService.ClientFulfillmentService.ProcessAppConfig()
at Dell.ClientFulfillmentService.ClientFulfillmentService.InitializeService(System.Object)
at System.Threading.TimerQueueTimer.CallCallbackInContext(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.TimerQueueTimer.CallCallback()
at System.Threading.TimerQueueTimer.Fire()
at System.Threading.TimerQueue.FireNextTimers()
at System.Threading.TimerQueue.AppDomainTimerCallback(Int32)
Error: (11/19/2019 03:46:41 PM) (Source: Microsoft Office 16) (EventID: 2000) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Falha ao inicializar Word no modo de segurança. Deseja começar a reparar?.
Accepted Safe Mode action : Microsoft Word.
Error: (11/19/2019 03:34:09 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Falha ao criar ponto de restauração (Processo = c:\windows\system32\svchost.exe -k netsvcs -p; Descrição = Windows Update; Erro = 0x80042319).
Error: (11/19/2019 03:34:09 PM) (Source: SPP) (EventID: 16387) (User: )
Description: O gravador MSSearch Service Writer apresentou erro durante a criação de instantâneo.
Mais informações: .
Error: (11/19/2019 03:25:19 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Cannot find object or property.
System errors:
=============
Error: (11/19/2019 08:22:29 PM) (Source: DCOM) (EventID: 10016) (User: DELL)
Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário DELL\rith_cardoso SID (S-1-5-21-1700814494-1229485729-3644563354-1001) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (11/19/2019 08:03:28 PM) (Source: DCOM) (EventID: 10016) (User: DELL)
Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário DELL\rith_cardoso SID (S-1-5-21-1700814494-1229485729-3644563354-1001) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (11/19/2019 07:50:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (11/19/2019 07:48:52 PM) (Source: DCOM) (EventID: 10016) (User: DELL)
Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário DELL\rith_cardoso SID (S-1-5-21-1700814494-1229485729-3644563354-1001) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (11/19/2019 07:46:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Falha na Instalação: o Windows não pôde instalar a seguinte atualização com o erro 0x80070103: Synaptics - Mouse - 9/19/2018 12:00:00 AM - 19.2.17.70.
Error: (11/19/2019 07:43:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: O serviço Dell Digital Delivery Service foi encerrado inesperadamente. Isso aconteceu 1 vez(es).
Error: (11/19/2019 07:41:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As configurações de permissão application-specific não concedem permissão Local Launch para o aplicativo de Servidor COM com CLSID
Windows.SecurityCenter.WscBrokerManager
e APPID
Unavailable
ao usuário NT AUTHORITY\SYSTEM SID (S-1-5-18) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Error: (11/19/2019 07:40:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: As configurações de permissão application-specific não concedem permissão Local Activation para o aplicativo de Servidor COM com CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
e APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
ao usuário NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) do endereço LocalHost (Using LRPC) que está sendo executado no contêiner de aplicativos Unavailable SID (Unavailable). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
Windows Defender:
===================================
Date: 2019-06-15 13:32:02.949
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nome: HackTool:Win64/AutoKMS
ID: 2147723334
Severidade: High
Categoria: Tool
Caminho: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Proteção em Tempo Real
Usuário: DELL\rith_
Nome do Processo: C:\Users\rith_\Downloads\ZHPCleaner.exe
Versão da Assinatura: AV: 1.295.778.0, AS: 1.295.778.0, NIS: 1.295.778.0
Versão do Mecanismo: AM: 1.1.16000.6, NIS: 1.1.16000.6
Date: 2019-06-15 13:32:02.763
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Nome: HackTool:Win64/AutoKMS
ID: 2147723334
Severidade: High
Categoria: Tool
Caminho: file:_C:\Windows\SECOH-QAD.dll
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Proteção em Tempo Real
Usuário: DELL\rith_
Nome do Processo: C:\Users\rith_\Downloads\ZHPCleaner.exe
Versão da Assinatura: AV: 1.295.778.0, AS: 1.295.778.0, NIS: 1.295.778.0
Versão do Mecanismo: AM: 1.1.16000.6, NIS: 1.1.16000.6
Date: 2019-03-06 16:12:41.278
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nome: HackTool:Win32/AutoKMS
ID: 2147685180
Severidade: High
Categoria: Tool
Caminho: file:_C:\Users\rith_\Desktop\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Sistema
Usuário: NT AUTHORITY\SYSTEM
Nome do Processo: Unknown
Versão da Assinatura: AV: 1.279.182.0, AS: 1.279.182.0, NIS: 1.279.182.0
Versão do Mecanismo: AM: 1.1.15400.4, NIS: 1.1.15400.4
Date: 2018-11-30 13:02:32.745
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nome: HackTool:Win32/AutoKMS
ID: 2147685180
Severidade: High
Categoria: Tool
Caminho: file:_C:\ProgramData\KMSAuto\bin.dat; file:_C:\Users\rith_\Desktop\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe; process:_pid:8580,ProcessStart:131880637038873680
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Proteção em Tempo Real
Usuário: DELL\rith_
Nome do Processo: C:\Windows\explorer.exe
Versão da Assinatura: AV: 1.279.182.0, AS: 1.279.182.0, NIS: 1.279.182.0
Versão do Mecanismo: AM: 1.1.15400.4, NIS: 1.1.15400.4
Date: 2018-11-30 13:02:23.672
Description:
O Windows Defender Antivirus detectou malware ou outros softwares potencialmente indesejados.
Para obter mais informações, consulte:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Nome: HackTool:Win32/AutoKMS
ID: 2147685180
Severidade: High
Categoria: Tool
Caminho: file:_C:\ProgramData\KMSAuto\bin.dat; file:_C:\Users\rith_\Desktop\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe; process:_pid:8580,ProcessStart:131880637038873680
Origem da Detecção: Computador local
Tipo de Detecção: Concreto
Origem da Detecção: Proteção em Tempo Real
Usuário: DELL\rith_
Nome do Processo: C:\Users\rith_\Desktop\KMSAuto Net 2015 v1.3.8 Portable\KMSAuto Net.exe
Versão da Assinatura: AV: 1.279.182.0, AS: 1.279.182.0, NIS: 1.279.182.0
Versão do Mecanismo: AM: 1.1.15400.4, NIS: 1.1.15400.4
Date: 2018-07-29 13:59:09.174
Description:
O Windows Defender Antivirus encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura:
Versão da Assinatura Anterior: 1.267.1769.0
Origem da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: NT AUTHORITY\NETWORK SERVICE
Versão do Mecanismo Atual:
Versão do Mecanismo Anterior: 1.1.14800.3
Código de erro: 0x80072ee7
Descrição do erro: The server name or address could not be resolved
Date: 2018-07-29 13:59:09.174
Description:
O Windows Defender Antivirus encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura:
Versão da Assinatura Anterior: 1.267.1769.0
Origem da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo de Assinatura: Anti-spyware
Tipo de Atualização: Completa
Usuário: NT AUTHORITY\NETWORK SERVICE
Versão do Mecanismo Atual:
Versão do Mecanismo Anterior: 1.1.14800.3
Código de erro: 0x80072ee7
Descrição do erro: The server name or address could not be resolved
Date: 2018-07-29 13:59:09.174
Description:
O Windows Defender Antivirus encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura:
Versão da Assinatura Anterior: 1.267.1769.0
Origem da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: NT AUTHORITY\NETWORK SERVICE
Versão do Mecanismo Atual:
Versão do Mecanismo Anterior: 1.1.14800.3
Código de erro: 0x80072ee7
Descrição do erro: The server name or address could not be resolved
Date: 2018-07-29 13:59:09.162
Description:
O Windows Defender Antivirus encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura:
Versão da Assinatura Anterior: 1.267.1769.0
Origem da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo de Assinatura: Antivírus
Tipo de Atualização: Completa
Usuário: NT AUTHORITY\NETWORK SERVICE
Versão do Mecanismo Atual:
Versão do Mecanismo Anterior: 1.1.14800.3
Código de erro: 0x80072ee7
Descrição do erro: The server name or address could not be resolved
Date: 2018-07-29 13:59:09.161
Description:
O Windows Defender Antivirus encontrou um erro ao atualizar assinaturas.
Versão da Nova Assinatura:
Versão da Assinatura Anterior: 1.267.1769.0
Origem da Atualização: Centro de Proteção contra Malware da Microsoft
Tipo de Assinatura: Anti-spyware
Tipo de Atualização: Completa
Usuário: NT AUTHORITY\NETWORK SERVICE
Versão do Mecanismo Atual:
Versão do Mecanismo Anterior: 1.1.14800.3
Código de erro: 0x80072ee7
Descrição do erro: The server name or address could not be resolved
CodeIntegrity:
===================================
Date: 2019-11-19 20:32:29.810
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Windows signing level requirements.
Date: 2019-11-19 20:32:29.799
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscr64.dll that did not meet the Windows signing level requirements.
Date: 2019-11-19 20:30:24.172
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Windows signing level requirements.
Date: 2019-11-19 20:30:24.163
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscr64.dll that did not meet the Windows signing level requirements.
Date: 2019-11-19 20:16:29.997
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Windows signing level requirements.
Date: 2019-11-19 20:16:29.977
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscr64.dll that did not meet the Windows signing level requirements.
Date: 2019-11-19 20:03:39.131
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscrwh64.dll that did not meet the Windows signing level requirements.
Date: 2019-11-19 20:03:39.117
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Diebold\Warsaw\wslbscr64.dll that did not meet the Windows signing level requirements.
==================== Memory info ===========================
BIOS: Dell Inc. A17 08/27/2018
Motherboard: Dell Inc. 0Y6RW7
Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 8101.98 MB
Available physical RAM: 3508.13 MB
Total Virtual: 10789.98 MB
Available Virtual: 1342.96 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:917.02 GB) (Free:758.55 GB) NTFS
\\?\Volume{4a6cf46f-9d27-4426-8d2e-f8b364c73460}\ () (Fixed) (Total:0.78 GB) (Free:0.34 GB) NTFS
\\?\Volume{a00b0d7f-44f3-4afa-9811-c78aa4d9f9d6}\ (Image) (Fixed) (Total:13.1 GB) (Free:0.64 GB) NTFS
\\?\Volume{a231af15-c97f-45a1-a615-222e4cd4e0ae}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 69770B2B)
Partition: GPT.
==================== End of Addition.txt =======================