Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-09-2019 Ran by Utilizador (15-09-2019 23:15:42) Running from C:\Users\Utilizador\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-03-01 00:28:35) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrador (S-1-5-21-1290997794-435865217-2627226439-500 - Administrator - Enabled) => C:\Users\Administrador Convidado (S-1-5-21-1290997794-435865217-2627226439-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1290997794-435865217-2627226439-1008 - Limited - Enabled) UpdatusUser (S-1-5-21-1290997794-435865217-2627226439-1003 - Limited - Enabled) => C:\Users\UpdatusUser Utilizador (S-1-5-21-1290997794-435865217-2627226439-1000 - Administrator - Enabled) => C:\Users\Utilizador ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1290997794-435865217-2627226439-1000\...\uTorrent) (Version: 3.5.4.44520 - BitTorrent Inc.) Actualizações da NVIDIA 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated) Adobe Flash Player 32 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe) Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.238 - Adobe) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.) ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) Hidden ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.2.8.1 - ASUSTek COMPUTER INC.) ASUS Product Register Program (HKLM-x32\...\{49BE9B8A-E858-4533-A74A-64306C13DB59}) (Version: 1.0.014 - ASUS) AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 19.7.3103 - AVG Technologies) AVG Nation toolbar (HKLM-x32\...\AVG Nation toolbar) (Version: 18.1.0.443 - InfoSpace) AVG Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.155.333 - AVG Technologies) Hidden AZBoxEdit (HKLM-x32\...\{542AFC66-5654-457E-A462-D2607F7B07F2}) (Version: 0.9.2880 - telesat) Catálogo/MadeForYou v1.6.118 (HKLM-x32\...\Made4U_is1) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden dreamboxEDIT -- The one and only settings editor for your Dreambox (HKLM-x32\...\dreamboxEDIT) (Version: - ) EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC) Google Earth Pro (HKLM-x32\...\{9D524A1E-F2FC-444D-B12A-7592CEB56EB5}) (Version: 7.3.2.5776 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000B8301}) (Version: 1.0.0011.131 - Rockstar Games Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8301}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8302}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8303}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8304}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Grand Theft Auto IV (HKLM-x32\...\{5454083B-1308-4485-BF17-1110000D8305}) (Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Groundspeak Wherigo Builder (HKLM-x32\...\{523D8C1B-3309-4F8E-A15B-6C0E8A0B7D72}) (Version: 2.0.5129 - Groundspeak) GSAK 8.2.0.11 (HKLM-x32\...\GSAK_is1) (Version: - CWE computer services) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Mega Codec Pack 9.6.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.5 - ) Malwarebytes versão 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes) Medal of Honor Allied Assault (HKLM-x32\...\{0DEA94ED-915A-4834-A87E-388D012C8E02}) (Version: - ) Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.7.03062 - Microsoft Corporation) Microsoft .NET Framework 4.7.2 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.7.03062 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 69.0 (x64 pt-PT) (HKLM\...\Mozilla Firefox 69.0 (x64 pt-PT)) (Version: 69.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla) MultiCAS-Edit (HKLM-x32\...\{A03CCDAD-BE4B-4D06-BE0F-DE30893EEC28}) (Version: 1.5 - telesat®) NVIDIA Controlador 3D Vision 306.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.23 - NVIDIA Corporation) NVIDIA Controlador gráfico 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA O controlador de 3D Vision 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA O controlador de HD Audio 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA O software do sistema PhysX 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation) Painel de controlo da NVIDIA 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 311.06 - NVIDIA Corporation) Hidden paint.net (HKLM\...\{B998B716-4001-4919-BA90-BA14B51DFEB5}) (Version: 4.1.6 - dotPDN LLC) Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Hidden Prince of Persia - The Forgotten Sands (HKLM-x32\...\Prince of Persia - The Forgotten Sands_is1) (Version: - R.G. Mechanics, pashtet) Qtracker (HKLM-x32\...\Qtracker) (Version: 4.92 - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.61.612.2012 - Realtek) RevConnect (HKLM-x32\...\ReverseConnect) (Version: - ) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SopCast 3.9.6 (HKLM-x32\...\SopCast) (Version: 3.9.6 - www.sopcast.com) Subtitle Workshop 2.51 (HKLM-x32\...\SubtitleWorkshop) (Version: - ) SUNIX Multi-IO Controller (HKLM-x32\...\{A8D5B39E-815D-44BC-AC52-657FE3D2E21D}) (Version: 7.2.0.0 - SUNIX Co., Ltd.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden System Requirements Lab (HKLM-x32\...\{A92D0DBB-834A-4CAD-A434-F2232C692516}) (Version: 6.1.4.0 - Husdawg, LLC) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - ) TP-LINK Wireless Client Utility (HKLM-x32\...\{44D9C861-7B40-41E4-8A25-C9EBB9A7A59B}) (Version: 1.0.0.0 - TP-LINK) Unity Web Player (HKU\S-1-5-21-1290997794-435865217-2627226439-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS) VIA Gestor de Dispositivo de Plataforma (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN) WinAVI Video Converter (HKLM-x32\...\WinAVI Video Converter) (Version: 11.6.1.4734 - ZJMedia Digital Technology Ltd.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1290997794-435865217-2627226439-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1290997794-435865217-2627226439-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1290997794-435865217-2627226439-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1290997794-435865217-2627226439-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1290997794-435865217-2627226439-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1290997794-435865217-2627226439-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation) ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => -> No File ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => -> No File ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed] ContextMenuHandlers1: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [File not signed] ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed] ContextMenuHandlers2: [TeraCopyS64] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed] ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => -> No File ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed] ContextMenuHandlers4: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [File not signed] ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2013-01-18] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed] ContextMenuHandlers5: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [File not signed] ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShell.dll [2019-09-03] (AVG Technologies USA, Inc. -> AVG Technologies CZ, s.r.o.) ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt.dll [2011-10-26] () [File not signed] ContextMenuHandlers6: [TeraCopyS64] -> {A764EEF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\TeraCopy\TeraCopyExt64.dll [2011-10-26] () [File not signed] ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (win.rar GmbH -> Alexander Roshal) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\":: WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99] WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate] ==================== Loaded Modules (Whitelisted) ============== 2013-01-18 08:16 - 2013-01-18 08:16 - 001204272 _____ (NVIDIA CORPORATION -> NVIDIA Corporation) [File not signed] C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPI64.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-1290997794-435865217-2627226439-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice => regfile ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1290997794-435865217-2627226439-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1290997794-435865217-2627226439-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2018-12-03 16:57 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts 2015-03-02 22:25 - 2015-04-26 23:18 - 000000433 _____ C:\Windows\system32\drivers\etc\hosts.ics ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\ImageMagick-6.9.1-Q16;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Universal Extractor;C:\Program Files (x86)\Universal Extractor\bin HKU\S-1-5-21-1290997794-435865217-2627226439-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Utilizador\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: BstHdLogRotatorSvc => 2 MSCONFIG\Services: BstHdUpdaterSvc => 2 MSCONFIG\Services: MBAMService => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk => C:\Windows\pss\Orbit.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TP-LINK Wireless Client Utility.lnk => C:\Windows\pss\TP-LINK Wireless Client Utility.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Utilizador^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recortes de Ecrã e Iniciador do OneNote 2010.lnk => C:\Windows\pss\Recortes de Ecrã e Iniciador do OneNote 2010.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{63039210-8CC1-491F-8789-CDBDC983AAA5}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed] FirewallRules: [UDP Query User{A84C1C3A-73C1-4993-8B87-46E177C19BC0}C:\program files (x86)\sopcast\sopcast.exe] => (Allow) C:\program files (x86)\sopcast\sopcast.exe (www.sopcast.com) [File not signed] FirewallRules: [TCP Query User{F69F2977-8531-44B2-82E6-BC17BB45F865}C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe] => (Allow) C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe (telesat) [File not signed] FirewallRules: [UDP Query User{B0ED8CFA-3509-4C3A-B465-3A24B3F39937}C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe] => (Allow) C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe (telesat) [File not signed] FirewallRules: [{2B141101-FDF3-405D-A412-A4A78CA8B70D}] => (Allow) LPort=443 FirewallRules: [{DF588F43-A3EF-4501-B4DE-E523EF8FA265}] => (Allow) LPort=443 FirewallRules: [{A85CFCF3-EAF4-4792-9447-9C30B3E86472}] => (Allow) LPort=37674 FirewallRules: [{9D13CC4F-CC81-4AF5-9C6B-02CA14C35204}] => (Allow) LPort=37674 FirewallRules: [{39AB965D-1CDB-4190-8D4E-36EF135BE22D}] => (Allow) LPort=37675 FirewallRules: [TCP Query User{46C48117-00FE-4966-B4DF-19559F6C4432}C:\program files (x86)\dreambox control center dcc\dcc.exe] => (Allow) C:\program files (x86)\dreambox control center dcc\dcc.exe (BernyR) [File not signed] FirewallRules: [UDP Query User{4D076224-9FAB-4055-BA9E-1C9E7E68EE8F}C:\program files (x86)\dreambox control center dcc\dcc.exe] => (Allow) C:\program files (x86)\dreambox control center dcc\dcc.exe (BernyR) [File not signed] FirewallRules: [TCP Query User{E0645B04-58E0-4FC3-B96A-DDC7842133F0}C:\program files (x86)\maz_3.2\maz.exe] => (Allow) C:\program files (x86)\maz_3.2\maz.exe (morser) [File not signed] FirewallRules: [UDP Query User{2FFF62AA-2A2D-4959-A25D-0FCD0A9AF83D}C:\program files (x86)\maz_3.2\maz.exe] => (Allow) C:\program files (x86)\maz_3.2\maz.exe (morser) [File not signed] FirewallRules: [TCP Query User{EC0A4AC2-E131-484C-85BC-7400453D5467}C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe] => (Allow) C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe (telesat) [File not signed] FirewallRules: [UDP Query User{F2586C78-4E69-4CB8-B6D1-1A21679E78AE}C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe] => (Allow) C:\program files (x86)\telesat®\multicas-edit\multicasedit.exe (telesat) [File not signed] FirewallRules: [{D076B083-F1BB-4C2A-87CD-C3DE5AEA765C}] => (Allow) LPort=443 FirewallRules: [{ADC90025-B112-439F-B518-96B80649971E}] => (Allow) LPort=443 FirewallRules: [{D32398E0-1699-4C31-8BED-5B410768D869}] => (Allow) LPort=37674 FirewallRules: [{9D572E40-3011-477E-99EE-6DCBB8134EFB}] => (Allow) LPort=37674 FirewallRules: [{327E989A-E950-4747-A7E5-1DDC95B069D0}] => (Allow) LPort=37675 FirewallRules: [TCP Query User{CD1D9301-1CB6-472E-B9C3-C05BFFFEB7C7}C:\program files (x86)\ea games\mohaa\mohaa.exe] => (Allow) C:\program files (x86)\ea games\mohaa\mohaa.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{15F82558-7418-4650-AFC3-01F6FBADF918}C:\program files (x86)\ea games\mohaa\mohaa.exe] => (Allow) C:\program files (x86)\ea games\mohaa\mohaa.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [TCP Query User{D101723C-D768-4D45-A499-47DEB540979F}C:\program files (x86)\dreambox control center dcc\dcc.exe] => (Allow) C:\program files (x86)\dreambox control center dcc\dcc.exe (BernyR) [File not signed] FirewallRules: [UDP Query User{287341C9-735A-4AF9-BCCC-8CB6E5C1C222}C:\program files (x86)\dreambox control center dcc\dcc.exe] => (Allow) C:\program files (x86)\dreambox control center dcc\dcc.exe (BernyR) [File not signed] FirewallRules: [TCP Query User{3B5825D4-F37F-45D4-83BF-05D29FE76166}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe No File FirewallRules: [UDP Query User{BA354CB5-4FEC-426F-96CD-883F793AA957}C:\programdata\electronic arts\need for speed world\data\nfsw.exe] => (Allow) C:\programdata\electronic arts\need for speed world\data\nfsw.exe No File FirewallRules: [TCP Query User{459BC072-EB73-4C38-9762-4475542FDFEA}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File FirewallRules: [UDP Query User{B0697BCF-C8BC-46FC-831A-0A592167FDBF}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe No File FirewallRules: [TCP Query User{0CC2F11E-92A3-4400-B028-E5E7BCB6965E}C:\program files (x86)\telesat\azboxedit\azboxedit.exe] => (Allow) C:\program files (x86)\telesat\azboxedit\azboxedit.exe (telesat) [File not signed] FirewallRules: [UDP Query User{C5DCA6B8-8ED2-421B-A882-9E174B286061}C:\program files (x86)\telesat\azboxedit\azboxedit.exe] => (Allow) C:\program files (x86)\telesat\azboxedit\azboxedit.exe (telesat) [File not signed] FirewallRules: [TCP Query User{736986DC-8505-464C-8AD5-3E1960E539D8}C:\program files (x86)\ea games\mohaa\mohaa.exe] => (Allow) C:\program files (x86)\ea games\mohaa\mohaa.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [UDP Query User{13EA6815-B681-4117-8376-ADBFCE0D9E36}C:\program files (x86)\ea games\mohaa\mohaa.exe] => (Allow) C:\program files (x86)\ea games\mohaa\mohaa.exe (Electronic Arts Inc.) [File not signed] FirewallRules: [TCP Query User{953E2917-5FEE-4434-BAC3-274AA851BA56}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe (Ronald E. Mercer) [File not signed] FirewallRules: [UDP Query User{692ED1E5-EC04-4DEA-9C41-F78B1F351CF9}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe (Ronald E. Mercer) [File not signed] FirewallRules: [TCP Query User{253A593D-D77B-43FE-9DAA-2CD04C5FB415}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe No File FirewallRules: [UDP Query User{AD56AB47-1B41-4DF2-80E7-B089DA8C8B56}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe No File FirewallRules: [TCP Query User{C6920627-639C-44C2-BD1D-491F5A2546CD}C:\program files (x86)\revconnect\dcplusplus.exe] => (Allow) C:\program files (x86)\revconnect\dcplusplus.exe () [File not signed] FirewallRules: [UDP Query User{A475FE76-48D0-4577-B40A-EB10B0D70A2D}C:\program files (x86)\revconnect\dcplusplus.exe] => (Allow) C:\program files (x86)\revconnect\dcplusplus.exe () [File not signed] FirewallRules: [TCP Query User{51181989-E0F1-42AF-BEDD-59FF86695775}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe (Ronald E. Mercer) [File not signed] FirewallRules: [UDP Query User{379603DC-D715-45BA-9F06-7DA010AF2647}C:\program files (x86)\qtracker\qtracker.exe] => (Allow) C:\program files (x86)\qtracker\qtracker.exe (Ronald E. Mercer) [File not signed] FirewallRules: [TCP Query User{9717F2D0-5070-4F01-A778-7718529DD48E}F:\os meus documentos\backup geral\fabrica\lonati\appgr6\sendco.exe] => (Allow) F:\os meus documentos\backup geral\fabrica\lonati\appgr6\sendco.exe No File FirewallRules: [UDP Query User{2D7BED2C-16BF-4B9C-91A7-8B7EE595A6F3}F:\os meus documentos\backup geral\fabrica\lonati\appgr6\sendco.exe] => (Allow) F:\os meus documentos\backup geral\fabrica\lonati\appgr6\sendco.exe No File FirewallRules: [{E9AD80BF-1FEC-4924-B234-6DFCD0B4D3CC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{A0C9F386-7A90-4A4B-8D56-339FD2ADAAD8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{59DE166E-BCF1-436C-84A2-BBC485EDBC77}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{D21282FE-A631-459B-A9AC-9B0095F6C745}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{F2DDD84F-89E5-4A14-8FBF-5599CC60B0AA}C:\program files (x86)\tp-link\common\apui.exe] => (Allow) C:\program files (x86)\tp-link\common\apui.exe (TP-LINK Technology, Corp.) [File not signed] FirewallRules: [UDP Query User{E9C3B074-1EF4-4A50-9172-A5D6F3B7B840}C:\program files (x86)\tp-link\common\apui.exe] => (Allow) C:\program files (x86)\tp-link\common\apui.exe (TP-LINK Technology, Corp.) [File not signed] FirewallRules: [{B87B8434-FF6A-4A12-AFCF-14D2C58D3DD6}] => (Block) C:\program files (x86)\tp-link\common\apui.exe (TP-LINK Technology, Corp.) [File not signed] FirewallRules: [{F6262840-5EBD-4098-9496-710FA0E132CA}] => (Block) C:\program files (x86)\tp-link\common\apui.exe (TP-LINK Technology, Corp.) [File not signed] FirewallRules: [TCP Query User{DBC5EDB3-C8ED-4DE7-B7B6-9903367D2372}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe No File FirewallRules: [UDP Query User{85A4FA0A-D527-4871-8B0F-AFA97ABF1ED7}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackops.exe No File FirewallRules: [TCP Query User{BC2FEB86-140F-417C-AD6D-30F51BA36273}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe No File FirewallRules: [UDP Query User{04E6A18E-239F-4275-9C13-DAC812E307FE}C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe] => (Allow) C:\program files (x86)\activision\call of duty - black ops\blackopsmp.exe No File FirewallRules: [TCP Query User{9A25E5DB-A975-49A8-9FAB-653EC0AF8152}C:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe] => (Block) C:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed] FirewallRules: [UDP Query User{F73CBE5A-3E93-42EE-B99A-35EB7A40FE89}C:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe] => (Block) C:\program files (x86)\r.g. mechanics\prince of persia - the forgotten sands\prince of persia.exe (UBISOFT ENTERTAINMENT INC. -> ) [File not signed] FirewallRules: [TCP Query User{47EA2BC5-1BC1-4AE3-BB16-3FDAE7C90E37}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe No File FirewallRules: [UDP Query User{57D84AE7-7714-4B0C-B125-F3CA479B6DD2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe No File FirewallRules: [TCP Query User{38D8325F-BB80-490D-8C9B-A035B5F2A7E9}D:\diversos\sammywidgets\sammywidgets.exe] => (Allow) D:\diversos\sammywidgets\sammywidgets.exe () [File not signed] FirewallRules: [UDP Query User{2CC5834E-7438-40A0-9874-E78679BF7609}D:\diversos\sammywidgets\sammywidgets.exe] => (Allow) D:\diversos\sammywidgets\sammywidgets.exe () [File not signed] FirewallRules: [TCP Query User{329A014B-61F7-4BCF-9164-1E468F8B271C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{FC48E5CB-47E6-4FE2-8732-4D9045E028CF}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F174A04F-7192-4A2D-92B2-0680236A9060}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{06375292-BEB3-4105-BDC4-4F9B5EE35F52}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5F6F07B7-9F99-4F56-AC3C-577FDE76D285}] => (Allow) LPort=7878 FirewallRules: [{138D8187-5842-4021-89F1-2B27CAB89038}] => (Allow) LPort=20102 FirewallRules: [{283C2FB4-6523-4240-9106-2C90EDF2A4ED}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{04A10025-8DCC-4C2A-80A8-72374CEDB962}C:\users\utilizador\desktop\azboxedit\azboxedit.exe] => (Allow) C:\users\utilizador\desktop\azboxedit\azboxedit.exe No File FirewallRules: [UDP Query User{C8ACFC3E-EDAE-4A94-AA7D-63D18EAA6B07}C:\users\utilizador\desktop\azboxedit\azboxedit.exe] => (Allow) C:\users\utilizador\desktop\azboxedit\azboxedit.exe No File FirewallRules: [TCP Query User{77C69C6A-51CA-4672-AEEA-59772DE7414E}D:\diversos\azbox oficial para enigma 2\azup2-2-7\azup.exe] => (Allow) D:\diversos\azbox oficial para enigma 2\azup2-2-7\azup.exe (Microsoft) [File not signed] FirewallRules: [UDP Query User{8876157B-3A05-42E7-BB72-156C64B15B7C}D:\diversos\azbox oficial para enigma 2\azup2-2-7\azup.exe] => (Allow) D:\diversos\azbox oficial para enigma 2\azup2-2-7\azup.exe (Microsoft) [File not signed] FirewallRules: [TCP Query User{72B186D0-5229-46C5-8446-C3FDCB81848F}D:\diversos\azbox oficial para enigma 2\mat_v2.4.3-1_win\mat_v2.4.3.1.exe] => (Allow) D:\diversos\azbox oficial para enigma 2\mat_v2.4.3-1_win\mat_v2.4.3.1.exe () [File not signed] FirewallRules: [UDP Query User{9FFBEC53-0B73-446C-B129-7187DD1EA680}D:\diversos\azbox oficial para enigma 2\mat_v2.4.3-1_win\mat_v2.4.3.1.exe] => (Allow) D:\diversos\azbox oficial para enigma 2\mat_v2.4.3-1_win\mat_v2.4.3.1.exe () [File not signed] FirewallRules: [TCP Query User{7F8F5D84-40F2-400A-B848-A8EDC8FE05B2}C:\users\utilizador\desktop\mat_v2.4.2_win\mat_v2.4.2.exe] => (Allow) C:\users\utilizador\desktop\mat_v2.4.2_win\mat_v2.4.2.exe No File FirewallRules: [UDP Query User{407E69CB-5835-4744-BC87-93D9F2B8D2F4}C:\users\utilizador\desktop\mat_v2.4.2_win\mat_v2.4.2.exe] => (Allow) C:\users\utilizador\desktop\mat_v2.4.2_win\mat_v2.4.2.exe No File FirewallRules: [TCP Query User{BF77914B-6E6F-4585-9D58-868A0EBF2F6D}C:\users\utilizador\desktop\dcc296\dcc.exe] => (Allow) C:\users\utilizador\desktop\dcc296\dcc.exe No File FirewallRules: [UDP Query User{335754CB-7EB7-4DC1-AC8D-592AC1FFC81A}C:\users\utilizador\desktop\dcc296\dcc.exe] => (Allow) C:\users\utilizador\desktop\dcc296\dcc.exe No File FirewallRules: [TCP Query User{980B220A-E407-45A1-A76C-8BB055F875D3}C:\program files (x86)\dreamstream-e2\dreamstream.exe] => (Allow) C:\program files (x86)\dreamstream-e2\dreamstream.exe No File FirewallRules: [UDP Query User{38570583-B08A-41B3-B2D2-77FC193532BF}C:\program files (x86)\dreamstream-e2\dreamstream.exe] => (Allow) C:\program files (x86)\dreamstream-e2\dreamstream.exe No File FirewallRules: [{D6B3ECE0-E760-4B48-AB52-AE8D4A3ECBE2}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [{03864ADE-4716-440F-B0D1-6CBD16CD86E7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd) FirewallRules: [TCP Query User{A998975F-2289-4444-AFC9-571A79F5F989}C:\users\utilizador\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\utilizador\appdata\local\programs\lnv\stremio\stremio.exe No File FirewallRules: [UDP Query User{70E93F62-DB7C-4E14-AAA2-8FAA9AA330CB}C:\users\utilizador\appdata\local\programs\lnv\stremio\stremio.exe] => (Allow) C:\users\utilizador\appdata\local\programs\lnv\stremio\stremio.exe No File FirewallRules: [{0691FB85-627F-4478-BD8E-9C65AF52452C}] => (Allow) LPort=7878 FirewallRules: [{190D65E4-ADE7-43D5-A6BA-EEE11C2A8D7F}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe No File FirewallRules: [{96CD67E5-22B0-447E-93B4-A0EB2BD7498C}] => (Allow) C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe No File FirewallRules: [TCP Query User{3992B6A9-C757-430F-B864-217D5921310A}C:\program files (x86)\qtracker\applications\qtuplink.exe] => (Block) C:\program files (x86)\qtracker\applications\qtuplink.exe () [File not signed] FirewallRules: [UDP Query User{3103F2AD-F133-4D18-B732-A4BBEC3D9624}C:\program files (x86)\qtracker\applications\qtuplink.exe] => (Block) C:\program files (x86)\qtracker\applications\qtuplink.exe () [File not signed] FirewallRules: [{36DBB793-F9C2-4793-A7CE-23335B4BD213}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{B5897C4C-777C-4693-BD6B-66C5B30EB1BA}] => (Allow) C:\Users\Utilizador\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{A4F4AC47-1115-4636-9B11-3CEF68F9DB6D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 26-08-2019 20:33:10 Ponto de Verificação Agendado 09-09-2019 21:01:55 Ponto de Verificação Agendado 10-09-2019 23:45:49 Windows Update 11-09-2019 20:27:07 Windows Update 11-09-2019 23:15:30 Windows Update 12-09-2019 08:59:48 Windows Update 12-09-2019 11:11:30 Windows Update 12-09-2019 16:51:39 Windows Update ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/15/2019 08:29:00 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/15/2019 05:35:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/15/2019 05:23:06 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/14/2019 08:20:34 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2019 09:37:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/13/2019 03:01:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/12/2019 08:33:44 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (09/12/2019 04:08:04 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (09/15/2019 08:30:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço NVIDIA Update Service Daemon falhou o arranque devido ao seguinte erro: O serviço não foi iniciado devido a um erro de início de sessão. Error: (09/15/2019 08:30:13 PM) (Source: Service Control Manager) (EventID: 7041) (User: ) Description: O serviço nvUpdatusService não conseguiu iniciar sessão como .\UpdatusUser com a palavra-passe configurada actualmente devido ao seguinte erro: Falha de início de sessão: Não foi concedido ao utilizador o tipo de início de sessão pedido neste computador. Serviço: nvUpdatusService Domínio e conta: .\UpdatusUser Esta conta de serviço não tem o direito de utilizador necessário "Iniciar sessão como um serviço". Acção do Utilizador Atribua "Iniciar sessão como um serviço" à conta de serviço neste computador. Poderá utilizar Definições da segurança local (Secpol.msc) para este efeito. Se este computador for um nó num cluster, verifique se este direito de utilizador está atribuído à conta de serviço do Cluster em todos os nós no cluster. Se já atribuiu este direito do utilizador à conta de serviço e o direito do utilizador aparentar ter sido removido, verifique junto do administrador do domínio se um objecto de Política de Grupo associado a este nó poderá estar a remover o direito. Error: (09/15/2019 08:29:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço Serviço %1!s! Update (avg) falhou o arranque devido ao seguinte erro: O sistema não conseguiu localizar o ficheiro especificado. Error: (09/15/2019 08:27:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: Falhou o carregamento dos seguintes controladores de início de arranque ou de início do sistema: VBoxNetAdp Error: (09/15/2019 08:27:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço haspnt falhou o arranque devido ao seguinte erro: O carregamento deste controlador foi bloqueado Error: (09/15/2019 08:27:26 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: O carregamento de \SystemRoot\SysWow64\DRIVERS\haspnt.sys foi bloqueado devido a incompatibilidade com este sistema. Contacte o fabricante de software para obter uma versão compatível do controlador. Error: (09/15/2019 08:27:06 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Falha na inicialização da imagem de erro! Error: (09/15/2019 05:37:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: O serviço NVIDIA Update Service Daemon falhou o arranque devido ao seguinte erro: O serviço não foi iniciado devido a um erro de início de sessão. CodeIntegrity: =================================== Date: 2019-04-28 22:13:51.097 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Utilizador\Desktop\hardlock AllInOne__ByCalifornia.ppk\Toro Monitor\HardlockFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-28 22:13:50.925 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Utilizador\Desktop\hardlock AllInOne__ByCalifornia.ppk\Toro Monitor\HardlockFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-28 22:13:50.738 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Utilizador\Desktop\hardlock AllInOne__ByCalifornia.ppk\Toro Monitor\HardlockFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-28 22:13:50.567 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Utilizador\Desktop\hardlock AllInOne__ByCalifornia.ppk\Toro Monitor\HardlockFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-28 00:27:54.737 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Utilizador\Desktop\hardlock\hardlock AllInOne__ByCalifornia.ppk\AllInOne__ByCalifornia.ppk\Toro Monitor\HardlockFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-28 00:27:54.565 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Utilizador\Desktop\hardlock\hardlock AllInOne__ByCalifornia.ppk\AllInOne__ByCalifornia.ppk\Toro Monitor\HardlockFilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-27 22:39:07.497 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\XXLHASP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2019-04-27 22:39:07.325 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\XXLHASP.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: American Megatrends Inc. 0802 10/08/2012 Motherboard: ASUSTeK COMPUTER INC. P8H61-M LX3 PLUS R2.0 Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz Percentage of memory in use: 50% Total physical RAM: 8143.76 MB Available physical RAM: 4016.04 MB Total Virtual: 8141.91 MB Available Virtual: 3721.79 MB ==================== Drives ================================ Drive c: (windows 7) (Fixed) (Total:221.62 GB) (Free:130.96 GB) NTFS Drive d: (Dados) (Fixed) (Total:244.04 GB) (Free:81.47 GB) NTFS \\?\Volume{e16ba0c3-825e-11e2-a84e-806e6f6e6963}\ (Sistema Reservado) (Fixed) (Total:0.09 GB) (Free:0.06 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 69BB7206) Partition 1: (Active) - (Size=95 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=244 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================