Publicité
Publicité
Format du document : text/plain
Prévisualisation
Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 27-11-2016
Executado por AlVi (28-11-2016 17:24:33)
Executando a partir de C:\Users\AlVi\Desktop
Windows 8.1 Pro (X64) (2016-09-09 17:41:46)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-2816190866-2250199910-3499201908-500 - Administrator - Disabled)
AlVi (S-1-5-21-2816190866-2250199910-3499201908-1001 - Administrator - Enabled) => C:\Users\AlVi
Convidado (S-1-5-21-2816190866-2250199910-3499201908-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2816190866-2250199910-3499201908-1003 - Limited - Enabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
AceMoney (HKLM-x32\...\AceMoney_is1) (Version: - MechCAD Software)
Ashampoo Burning Studio 2010 (HKLM-x32\...\Ashampoo Burning Studio 2010_is1) (Version: 9.1.0 - ashampoo GmbH & Co. KG)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BDE 5.2 (HKLM-x32\...\BDE_is1) (Version: - )
BR (x32 Version: 13.0 - Corel Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.91 - Broadcom Corporation)
CalcTape (HKLM-x32\...\{D9D971AD-8D2C-43D6-8395-B6B3D05DC55D}) (Version: 5.2.1 - schoettler Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.27.61 - Conexant)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{63218538-4A69-497F-8455-904261B0E9E4}) (Version: 13.0 - Corel Corporation)
DMM Uninstall (HKLM-x32\...\DMM) (Version: - )
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Endereçador Escritório v2.2.5 (HKLM-x32\...\Enderecador) (Version: - )
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
FormatFactory 3.9.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Image Analyzer (HKLM-x32\...\Image Analyzer) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1053 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
K-Lite Mega Codec Pack 11.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
Lenovo Power Management Driver (Version: 1.67.12.16 - Lenovo) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 pt-BR)) (Version: 45.1.1 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
Rapport (x32 Version: 3.5.1609.103 - Trusteer) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29048 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Software SIC versão 5.1 (HKLM-x32\...\SIC_is1) (Version: - SICNET Tecnologia de Soluções Ltda.)
TagScanner 6.0.17 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
Warsaw 1.12.4.14 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.4.14 - GAS Tecnologia)
WoLoSoft Raduga 3.9.6 (HKLM-x32\...\Raduga_is1) (Version: 3.9.6 - WoLoSoft International)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {11AA47E2-C585-4EE7-8A98-CFFB21131A28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {2531EC37-028D-4372-BEAD-1D81B8C2A962} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: {49ADD25B-F91D-4948-BCBF-EF98472763F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {6989DC97-8FC6-4ED9-8300-504B5A4E30BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {6BE6B56A-B644-486A-A74C-FE8E34E1A08B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {78BD27CE-38C3-4B8C-A65C-2781CE805C83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {8634AD08-9B67-4030-B8E6-6A344B258362} - System32\Tasks\{2B05C630-15AC-C7C1-427E-0C3FD9EEE22C} => C:\Users\TEMP\AppData\Local\{98CCA~1\Sync.exe <==== ATENÇÃO
Task: {CB0FF8E5-0A41-4AC3-BA75-199BF4F65219} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {E250AD67-BBCC-48C9-B2BA-749A4A3D007E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{2B05C630-15AC-C7C1-427E-0C3FD9EEE22C}.job => C:\Users\TEMP\AppData\Local\{98CCA~1\Sync.exe <==== ATENÇÃO
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --new-window "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --new-window "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Módulos Carregados (Whitelisted) ==============
2015-03-27 12:18 - 2012-12-07 12:42 - 03695616 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1120SU.DLL
2015-03-27 12:18 - 2012-12-07 12:42 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1120GC.dll
2014-05-01 12:13 - 2016-11-14 08:14 - 00592384 _____ () C:\Users\AlVi\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-12 10:24 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2016-09-11 16:34 - 2016-11-07 10:20 - 03955712 _____ () C:\Program Files (x86)\TagScanner\Tagscan.exe
2015-03-27 12:18 - 2012-12-07 12:43 - 00396288 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1120SD.DLL
2015-01-06 19:40 - 2015-01-06 19:40 - 00107008 _____ () C:\Program Files (x86)\MusicBrainz Picard\picard.exe
2016-11-15 09:39 - 2016-11-08 19:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 09:39 - 2016-11-08 19:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-08 19:00 - 2016-11-08 19:00 - 31067840 _____ () C:\Users\AlVi\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
2016-09-09 17:22 - 2016-09-09 17:22 - 00482304 _____ () C:\Users\AlVi\AppData\Local\MEGAsync\libsodium.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-09-09 15:54 - 2016-09-09 15:55 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2016-09-09 15:54 - 2016-10-30 12:29 - 01009856 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-09-09 15:56 - 2016-11-22 17:50 - 00521408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2016-09-09 15:54 - 2016-10-30 18:33 - 00143040 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLCTL.DLL
2014-05-01 12:15 - 2016-11-14 08:14 - 00564736 _____ () C:\Users\AlVi\AppData\Local\MEGAsync\ShellExtX32.dll
2013-08-21 05:46 - 2013-08-21 05:46 - 00075264 _____ () C:\Program Files (x86)\MusicBrainz Picard\sip.pyd
2013-08-21 06:06 - 2013-08-21 06:06 - 05998080 _____ () C:\Program Files (x86)\MusicBrainz Picard\PyQt4.QtGui.pyd
2013-08-21 05:55 - 2013-08-21 05:55 - 01698304 _____ () C:\Program Files (x86)\MusicBrainz Picard\PyQt4.QtCore.pyd
2013-11-10 17:24 - 2013-11-10 17:24 - 00686080 _____ () C:\Program Files (x86)\MusicBrainz Picard\unicodedata.pyd
2013-11-10 17:24 - 2013-11-10 17:24 - 00087552 _____ () C:\Program Files (x86)\MusicBrainz Picard\_ctypes.pyd
2013-08-21 06:08 - 2013-08-21 06:08 - 00507392 _____ () C:\Program Files (x86)\MusicBrainz Picard\PyQt4.QtNetwork.pyd
2013-11-10 17:24 - 2013-11-10 17:24 - 00358400 _____ () C:\Program Files (x86)\MusicBrainz Picard\_hashlib.pyd
2015-01-06 19:39 - 2015-01-06 19:39 - 00006656 _____ () C:\Program Files (x86)\MusicBrainz Picard\picard.util.astrcmp.pyd
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2526]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br
==================== Hosts Conteúdo: ===============================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2013-08-22 11:25 - 2016-11-15 19:20 - 00000891 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.15.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{758369B5-7547-4BFE-AC76-9B837ADBF4AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4026ABD5-A598-41AA-B8F8-1B0148D21CD1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B6DCC107-EAB5-47D8-92C3-0B60756EA9D1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D49537F0-801D-4C20-97BA-AB274DA823B0}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5A7B7E48-6704-4308-B20E-11F7E50D7D0E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{88DE0326-127D-42C7-9A78-5A4491388820}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{17540C30-4BC5-45B1-A40B-2B0941951BC5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DA40821B-2819-4679-B2DC-BCCB616D786A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6D1CAC3C-AF84-49C4-B32C-CE93568ECF33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CFA5010F-3702-491D-B5C9-A40F2DD1D06C}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{CA299192-CD6D-495A-BE0A-27018B29DD50}] => (Allow) C:\Program Files (x86)\Sienzo\DMM\DMM.exe
FirewallRules: [{8060F284-8707-43B6-B180-734F66D0AA6A}] => (Allow) C:\Program Files (x86)\Sienzo\DMM\DMM.exe
FirewallRules: [{1FFEB457-BE79-4284-8A7A-B7F535E2DE05}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00AAC2EF-9A21-4D83-BC0C-BA9F2E76B514}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BACF5675-0D0D-4DD5-A2B7-48D71FADB0D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4A762653-3110-4617-8616-2499CE2179CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{DB759C04-AB2C-41CB-A76B-CCBB2C7C11CE}C:\winsic\backup.exe] => (Block) C:\winsic\backup.exe
FirewallRules: [UDP Query User{6F8373C0-45C9-41E7-A60D-6D1BA678D5AA}C:\winsic\backup.exe] => (Block) C:\winsic\backup.exe
FirewallRules: [{ACDD653A-0827-493E-9483-0CB389715BF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Pontos de Restauração =========================
12-11-2016 15:21:31 Installed Rapport
19-11-2016 18:57:02 Ponto de Verificação Agendado
28-11-2016 15:40:32 Ponto de Verificação Agendado
==================== Dispositivos Apresentando Falhas No Gerenciador =============
Name: Dispositivo Bluetooth (Rede Pessoal)
Description: Dispositivo Bluetooth (Rede Pessoal)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (11/28/2016 05:15:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de data/hora: 0x576a791a
Nome do módulo com falha: wsbrmu.dll, versão: 1.12.1.15176, carimbo de data/hora: 0x576aee6b
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000010ce3b
ID do processo com falha: 0x964
Hora de início do aplicativo com falha: 0x01d249a37113e4af
Caminho do aplicativo com falha: C:\Program Files\Diebold\Warsaw\core.exe
Caminho do módulo com falha: C:\Program Files\Diebold\Warsaw\wsbrmu.dll
ID do Relatório: 103cb4d8-b59f-11e6-82c3-b888e3e5516c
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (11/28/2016 04:18:39 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (11/28/2016 03:42:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (11/28/2016 03:28:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (11/28/2016 02:16:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (11/28/2016 02:16:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\AlVi\AppData\Local\chromium\Application\chrome.exe".
Assembly dependente 51.0.2681.0,language="*",type="win32",version="51.0.2681.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
Error: (11/28/2016 02:16:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/28/2016 02:15:52 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/28/2016 02:15:52 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/28/2016 02:15:52 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0
Erros de Sistema:
=============
Error: (11/28/2016 05:15:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 3 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.
Error: (11/28/2016 04:15:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.
Error: (11/28/2016 03:44:01 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: Alerta fatal recebido do ponto de extremidade remoto. O código de alerta fatal definido do protocolo TLS é 40.
Error: (11/28/2016 03:28:19 PM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 03:27:48 PM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 03:15:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.
Error: (11/28/2016 02:15:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Gbp Service suspenso ao iniciar.
Error: (11/28/2016 11:42:45 AM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 11:42:14 AM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 11:18:47 AM) (Source: DCOM) (EventID: 10016) (User: E430)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
e APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
ao usuário E430\AlVi SID (S-1-5-21-2816190866-2250199910-3499201908-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentagem de memória em uso: 71%
RAM física total: 3671.44 MB
RAM física disponível: 1033.55 MB
Virtual Total: 5015.44 MB
Virtual disponível: 2077.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:194.97 GB) (Free:155.56 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:240.44 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B2754E54)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 968.8 MB) (Disk ID: 00000000)
Partition: GPT.
==================== Fim de Addition.txt ============================
Executado por AlVi (28-11-2016 17:24:33)
Executando a partir de C:\Users\AlVi\Desktop
Windows 8.1 Pro (X64) (2016-09-09 17:41:46)
Modo da Inicialização: Normal
==========================================================
==================== Contas: =============================
Administrador (S-1-5-21-2816190866-2250199910-3499201908-500 - Administrator - Disabled)
AlVi (S-1-5-21-2816190866-2250199910-3499201908-1001 - Administrator - Enabled) => C:\Users\AlVi
Convidado (S-1-5-21-2816190866-2250199910-3499201908-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2816190866-2250199910-3499201908-1003 - Limited - Enabled)
==================== Central de Segurança ========================
(Se uma entrada for incluída na fixlist, será removida.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Programas Instalados ======================
(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
AceMoney (HKLM-x32\...\AceMoney_is1) (Version: - MechCAD Software)
Ashampoo Burning Studio 2010 (HKLM-x32\...\Ashampoo Burning Studio 2010_is1) (Version: 9.1.0 - ashampoo GmbH & Co. KG)
aTube Catcher versão 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
BDE 5.2 (HKLM-x32\...\BDE_is1) (Version: - )
BR (x32 Version: 13.0 - Corel Corporation) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.91 - Broadcom Corporation)
CalcTape (HKLM-x32\...\{D9D971AD-8D2C-43D6-8395-B6B3D05DC55D}) (Version: 5.2.1 - schoettler Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.27.61 - Conexant)
CorelDRAW Graphics Suite X3 (HKLM-x32\...\{63218538-4A69-497F-8455-904261B0E9E4}) (Version: 13.0 - Corel Corporation)
DMM Uninstall (HKLM-x32\...\DMM) (Version: - )
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Endereçador Escritório v2.2.5 (HKLM-x32\...\Enderecador) (Version: - )
FontNav (x32 Version: 5.0 - Corel Corporation) Hidden
FormatFactory 3.9.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.9.0.1 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Image Analyzer (HKLM-x32\...\Image Analyzer) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1053 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
K-Lite Mega Codec Pack 11.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
Lenovo Power Management Driver (Version: 1.67.12.16 - Lenovo) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 - pt-br (HKLM\...\ProPlusRetail - pt-br) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.1.1 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 pt-BR) (HKLM-x32\...\Mozilla Thunderbird 45.1.1 (x86 pt-BR)) (Version: 45.1.1 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
Rapport (x32 Version: 3.5.1609.103 - Trusteer) Hidden
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29048 - Realtek Semiconductor Corp.)
Remove Empty Directories version 2.2 (HKLM-x32\...\{06F25DC8-71E2-44E2-805A-F15E15B51C74}_is1) (Version: 2.2 - Jonas John)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Software SIC versão 5.1 (HKLM-x32\...\SIC_is1) (Version: - SICNET Tecnologia de Soluções Ltda.)
TagScanner 6.0.17 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VBA (x32 Version: 6.2 - Corel Corporation) Hidden
Warsaw 1.12.4.14 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.12.4.14 - GAS Tecnologia)
WoLoSoft Raduga 3.9.6 (HKLM-x32\...\Raduga_is1) (Version: 3.9.6 - WoLoSoft International)
==================== Exame Personalizado CLSID (Whitelisted): ==========================
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
CustomCLSID: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Tarefas Agendadas (Whitelisted) =============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
Task: {11AA47E2-C585-4EE7-8A98-CFFB21131A28} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {2531EC37-028D-4372-BEAD-1D81B8C2A962} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: {49ADD25B-F91D-4948-BCBF-EF98472763F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {6989DC97-8FC6-4ED9-8300-504B5A4E30BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {6BE6B56A-B644-486A-A74C-FE8E34E1A08B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-11-01] (Microsoft Corporation)
Task: {78BD27CE-38C3-4B8C-A65C-2781CE805C83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {8634AD08-9B67-4030-B8E6-6A344B258362} - System32\Tasks\{2B05C630-15AC-C7C1-427E-0C3FD9EEE22C} => C:\Users\TEMP\AppData\Local\{98CCA~1\Sync.exe <==== ATENÇÃO
Task: {CB0FF8E5-0A41-4AC3-BA75-199BF4F65219} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {E250AD67-BBCC-48C9-B2BA-749A4A3D007E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{2B05C630-15AC-C7C1-427E-0C3FD9EEE22C}.job => C:\Users\TEMP\AppData\Local\{98CCA~1\Sync.exe <==== ATENÇÃO
==================== Atalhos =============================
(As entradas podem ser listadas para serem restauradas ou removidas.)
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --new-window "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --new-window "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://www.searchxp.com/"
ShortcutWithArgument: C:\Users\AlVi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
==================== Módulos Carregados (Whitelisted) ==============
2015-03-27 12:18 - 2012-12-07 12:42 - 03695616 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1120SU.DLL
2015-03-27 12:18 - 2012-12-07 12:42 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1120GC.dll
2014-05-01 12:13 - 2016-11-14 08:14 - 00592384 _____ () C:\Users\AlVi\AppData\Local\MEGAsync\ShellExtX64.dll
2016-09-12 10:24 - 2010-10-26 13:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2016-09-11 16:34 - 2016-11-07 10:20 - 03955712 _____ () C:\Program Files (x86)\TagScanner\Tagscan.exe
2015-03-27 12:18 - 2012-12-07 12:43 - 00396288 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1120SD.DLL
2015-01-06 19:40 - 2015-01-06 19:40 - 00107008 _____ () C:\Program Files (x86)\MusicBrainz Picard\picard.exe
2016-11-15 09:39 - 2016-11-08 19:03 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 09:39 - 2016-11-08 19:03 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-11-08 19:00 - 2016-11-08 19:00 - 31067840 _____ () C:\Users\AlVi\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
2016-09-09 17:22 - 2016-09-09 17:22 - 00482304 _____ () C:\Users\AlVi\AppData\Local\MEGAsync\libsodium.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-09-09 15:54 - 2016-09-09 15:55 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\tmpod.dll
2016-09-09 15:54 - 2016-10-30 12:29 - 01009856 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-09-09 15:56 - 2016-11-22 17:50 - 00521408 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
2016-09-09 15:54 - 2016-10-30 18:33 - 00143040 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\OUTLCTL.DLL
2014-05-01 12:15 - 2016-11-14 08:14 - 00564736 _____ () C:\Users\AlVi\AppData\Local\MEGAsync\ShellExtX32.dll
2013-08-21 05:46 - 2013-08-21 05:46 - 00075264 _____ () C:\Program Files (x86)\MusicBrainz Picard\sip.pyd
2013-08-21 06:06 - 2013-08-21 06:06 - 05998080 _____ () C:\Program Files (x86)\MusicBrainz Picard\PyQt4.QtGui.pyd
2013-08-21 05:55 - 2013-08-21 05:55 - 01698304 _____ () C:\Program Files (x86)\MusicBrainz Picard\PyQt4.QtCore.pyd
2013-11-10 17:24 - 2013-11-10 17:24 - 00686080 _____ () C:\Program Files (x86)\MusicBrainz Picard\unicodedata.pyd
2013-11-10 17:24 - 2013-11-10 17:24 - 00087552 _____ () C:\Program Files (x86)\MusicBrainz Picard\_ctypes.pyd
2013-08-21 06:08 - 2013-08-21 06:08 - 00507392 _____ () C:\Program Files (x86)\MusicBrainz Picard\PyQt4.QtNetwork.pyd
2013-11-10 17:24 - 2013-11-10 17:24 - 00358400 _____ () C:\Program Files (x86)\MusicBrainz Picard\_hashlib.pyd
2015-01-06 19:39 - 2015-01-06 19:39 - 00006656 _____ () C:\Program Files (x86)\MusicBrainz Picard\picard.util.astrcmp.pyd
==================== Alternate Data Streams (Whitelisted) =========
(Se uma entrada for incluída na fixlist, somente o ADS será removido.)
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4 [2526]
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddreg64.sys:X5ZN8aGvT4 [686]
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1198]
AlternateDataStreams: C:\ProgramData\GbPlugin:IncompleteStartGbprcm.cnt [10]
AlternateDataStreams: C:\Users\Todos os Usuários\GbPlugin:IncompleteStartGbprcm.cnt [10]
==================== Modo de Segurança (Whitelisted) ===================
(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)
==================== Associação (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)
==================== Internet Explorer confiável/restrito ===============
(Se uma entrada for incluída na fixlist, será removida do Registro.)
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\bancobrasil.com.br -> www.bancobrasil.com.br
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\bb.com.br -> aapj.bb.com.br
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\gastecnologia.com.br -> cloud.gastecnologia.com.br
==================== Hosts Conteúdo: ===============================
(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)
2013-08-22 11:25 - 2016-11-15 19:20 - 00000891 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Outras Áreas ============================
(Atualmente não há nenhuma correção automática para esta seção.)
HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.15.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.
==================== MSCONFIG/TASK MANAGER ítens desabilitados ==
HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2816190866-2250199910-3499201908-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
==================== Regras do Firewall (Whitelisted) ===============
(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{758369B5-7547-4BFE-AC76-9B837ADBF4AC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4026ABD5-A598-41AA-B8F8-1B0148D21CD1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{B6DCC107-EAB5-47D8-92C3-0B60756EA9D1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D49537F0-801D-4C20-97BA-AB274DA823B0}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{5A7B7E48-6704-4308-B20E-11F7E50D7D0E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{88DE0326-127D-42C7-9A78-5A4491388820}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe
FirewallRules: [{17540C30-4BC5-45B1-A40B-2B0941951BC5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DA40821B-2819-4679-B2DC-BCCB616D786A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6D1CAC3C-AF84-49C4-B32C-CE93568ECF33}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{CFA5010F-3702-491D-B5C9-A40F2DD1D06C}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{CA299192-CD6D-495A-BE0A-27018B29DD50}] => (Allow) C:\Program Files (x86)\Sienzo\DMM\DMM.exe
FirewallRules: [{8060F284-8707-43B6-B180-734F66D0AA6A}] => (Allow) C:\Program Files (x86)\Sienzo\DMM\DMM.exe
FirewallRules: [{1FFEB457-BE79-4284-8A7A-B7F535E2DE05}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{00AAC2EF-9A21-4D83-BC0C-BA9F2E76B514}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BACF5675-0D0D-4DD5-A2B7-48D71FADB0D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4A762653-3110-4617-8616-2499CE2179CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{DB759C04-AB2C-41CB-A76B-CCBB2C7C11CE}C:\winsic\backup.exe] => (Block) C:\winsic\backup.exe
FirewallRules: [UDP Query User{6F8373C0-45C9-41E7-A60D-6D1BA678D5AA}C:\winsic\backup.exe] => (Block) C:\winsic\backup.exe
FirewallRules: [{ACDD653A-0827-493E-9483-0CB389715BF2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Pontos de Restauração =========================
12-11-2016 15:21:31 Installed Rapport
19-11-2016 18:57:02 Ponto de Verificação Agendado
28-11-2016 15:40:32 Ponto de Verificação Agendado
==================== Dispositivos Apresentando Falhas No Gerenciador =============
Name: Dispositivo Bluetooth (Rede Pessoal)
Description: Dispositivo Bluetooth (Rede Pessoal)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Erros no Log de eventos: =========================
Erros em Aplicativos:
==================
Error: (11/28/2016 05:15:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: core.exe, versão: 2.8.3.15131, carimbo de data/hora: 0x576a791a
Nome do módulo com falha: wsbrmu.dll, versão: 1.12.1.15176, carimbo de data/hora: 0x576aee6b
Código de exceção: 0xc0000005
Deslocamento da falha: 0x000000000010ce3b
ID do processo com falha: 0x964
Hora de início do aplicativo com falha: 0x01d249a37113e4af
Caminho do aplicativo com falha: C:\Program Files\Diebold\Warsaw\core.exe
Caminho do módulo com falha: C:\Program Files\Diebold\Warsaw\wsbrmu.dll
ID do Relatório: 103cb4d8-b59f-11e6-82c3-b888e3e5516c
Nome completo do pacote com falha:
ID do aplicativo relativo ao pacote com falha:
Error: (11/28/2016 04:18:39 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (11/28/2016 03:42:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (11/28/2016 03:28:28 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Falha na geração de contexto de ativação para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Erro no arquivo de manifesto ou de política C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL", na linha 1.
Identidade do componente localizado no manifesto não corresponde à identidade do componente solicitado.
A referência é UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
A definição é UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use o arquivo sxstrace.exe para obter um dignóstico detalhado.
Error: (11/28/2016 02:16:56 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
Error: (11/28/2016 02:16:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Falha na geração de contexto de ativação para "C:\Users\AlVi\AppData\Local\chromium\Application\chrome.exe".
Assembly dependente 51.0.2681.0,language="*",type="win32",version="51.0.2681.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.
Error: (11/28/2016 02:16:03 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: Falha na Ativação de Licença (slui.exe). Código de erro:
hr=0xC004F074
Argumento de linha de comando:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
Error: (11/28/2016 02:15:52 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/28/2016 02:15:52 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0
Error: (11/28/2016 02:15:52 PM) (Source: irstrtsv) (EventID: 0) (User: )
Description: Event-ID 0
Erros de Sistema:
=============
Error: (11/28/2016 05:15:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 3 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.
Error: (11/28/2016 04:15:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 2 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.
Error: (11/28/2016 03:44:01 PM) (Source: Schannel) (EventID: 4119) (User: AUTORIDADE NT)
Description: Alerta fatal recebido do ponto de extremidade remoto. O código de alerta fatal definido do protocolo TLS é 40.
Error: (11/28/2016 03:28:19 PM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 03:27:48 PM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 03:15:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Warsaw Technology foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 0 milissegundos: Reiniciar o serviço.
Error: (11/28/2016 02:15:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Serviço Gbp Service suspenso ao iniciar.
Error: (11/28/2016 11:42:45 AM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {1B1F472E-3221-4826-97DB-2C2324D389AE} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 11:42:14 AM) (Source: DCOM) (EventID: 10010) (User: E430)
Description: O servidor {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} não se registrou no DCOM dentro do tempo limite necessário.
Error: (11/28/2016 11:18:47 AM) (Source: DCOM) (EventID: 10016) (User: E430)
Description: As configurações de permissão específico do aplicativo não concedem permissão Local Ativação para o aplicativo de Servidor COM com CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
e APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
ao usuário E430\AlVi SID (S-1-5-21-2816190866-2250199910-3499201908-1001) do endereço LocalHost (Usando LRPC) que está sendo executado no contêiner de aplicativos Não Disponível SID (S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394). Essa permissão de segurança pode ser modificada com a ferramenta administrativa Serviços de Componentes.
==================== Informações da Memória ===========================
Processador: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz
Percentagem de memória em uso: 71%
RAM física total: 3671.44 MB
RAM física disponível: 1033.55 MB
Virtual Total: 5015.44 MB
Virtual disponível: 2077.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:194.97 GB) (Free:155.56 GB) NTFS
Drive d: () (Fixed) (Total:270.45 GB) (Free:240.44 GB) NTFS
Drive f: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
==================== MBR & Tabela de Partições ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B2754E54)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 968.8 MB) (Disk ID: 00000000)
Partition: GPT.
==================== Fim de Addition.txt ============================