Rezultaty skanu uzupełniającego Farbar Recovery Scan Tool (x64) Wersja:02-05-2016 Uruchomiony przez Ronierison (2016-05-02 15:54:55) Uruchomiony z C:\Users\Ronierison\Downloads Windows 7 Ultimate (X64) (2015-07-13 05:43:59) Tryb startu: Normal ========================================================== ==================== Konta użytkowników: ============================= Administrador (S-1-5-21-674213604-390439482-516652079-500 - Administrator - Disabled) Convidado (S-1-5-21-674213604-390439482-516652079-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-674213604-390439482-516652079-1002 - Limited - Enabled) Ronierison (S-1-5-21-674213604-390439482-516652079-1001 - Administrator - Enabled) => C:\Users\Ronierison ==================== Centrum zabezpieczeń ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Zainstalowane programy ====================== (W fixlist dozwolone tylko załączanie programów adware z flagą "Hidden" w celu ich uwidocznienia. Programy adware powinny zostać w poprawny sposób odinstalowane.) Adobe Acrobat Reader DC - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated) CPN Tools (HKLM-x32\...\CPN Tools 3.4.0) (Version: 3.4.0 - AIS Group, Eindhoven University of Technology) EasyFit 5.6 (HKLM-x32\...\EasyFit_is1) (Version: 5.6 - MathWave Technologies) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.) Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation) Mozilla Firefox 31.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 pt-BR)) (Version: 31.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla) Oracle VM VirtualBox Guest Additions 4.3.30 (HKLM\...\Oracle VM VirtualBox Guest Additions) (Version: 4.3.30.0 - Oracle Corporation) Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Snoopy (HKLM\...\{209AF861-88E0-4566-BC5B-500B9701C18C}) (Version: 3.21.2 - BTU-Cottbus) Statdisk 12.0.2 (HKLM-x32\...\{1F582FEC-511A-43F7-BB37-99E2F314C2F3}_is1) (Version: - Marc Triola) WinRAR 4.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.3 - win.rar GmbH) ==================== Niestandardowe rejestracje CLSID (filtrowane): ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Zaplanowane zadania (filtrowane) ============= (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) Task: {3B1B3174-61C7-455D-B373-4BBC2F88045B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Ronierison-PC-Ronierison Ronierison-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation) Task: {3F9841F1-F338-4E98-A209-67FC06DAE25D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.) Task: {92619D91-373D-4F55-B60A-FC3A344D522D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {9B653F36-270C-48EC-8A28-752A15F41B32} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-15] (Google Inc.) Task: {C5C67778-8AA4-44C3-8098-3C24F4D0AD8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation) Task: {D651874B-D278-403E-802F-E5A18BBB181E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {E5CA339B-614D-45A8-94EE-87990A38C0B3} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\OatTask => (Załączenie wejścia w fixlist spowoduje przesunięcie pliku zadania (.job). Plik uruchamiany docelowo przez zadanie nie zostanie przeniesiony.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Skróty ============================= (Wybrane wejścia mogą zostać załączone w celu ich zresetowania lub usunięcia.) ==================== Załadowane moduły (filtrowane) ============== 2016-04-26 14:07 - 2016-04-26 14:07 - 21233152 _____ () C:\Program Files\BTU-Cottbus\Snoopy\snoopy.exe 2016-04-23 11:02 - 2012-11-27 02:16 - 00078848 _____ () C:\Program Files\Microsoft Office\Office15\MSIMG32.dll 2016-04-28 10:38 - 2016-04-28 10:38 - 01456128 _____ () C:\Users\Ronierison\AppData\Local\Temp\mdi064.dll ==================== Alternate Data Streams (filtrowane) ========= (Załączenie wejścia w fixlist spowoduje usunięcie strumienia ADS.) ==================== Tryb awaryjny (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Wartość "AlternateShell" zostanie przywrócona.) ==================== EXE - Powiązania (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci.) ==================== Internet Explorer - Witryny zaufane i z ograniczeniami =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru.) ==================== Hosts - zawartość: =============================== (Użycie dyrektywy Hosts: w fixlist spowoduje reset pliku Hosts.) 2009-07-13 23:34 - 2009-06-10 18:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Inne obszary ============================ (Obecnie brak automatycznej naprawy dla tej sekcji.) HKU\S-1-5-21-674213604-390439482-516652079-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ronierison\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.2.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Zapora systemu Windows [funkcja włączona] ==================== MSCONFIG/TASK MANAGER - Wyłączone elementy == (Obecnie brak automatycznej naprawy dla tej sekcji.) ==================== Reguły Zapory systemu Windows (filtrowane) =============== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) FirewallRules: [{C0C9D108-8D58-490D-BA1E-9C88C15B17B7}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [{53DDB2D3-ECB8-4425-8A42-15197C936DE7}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe FirewallRules: [TCP Query User{C36BD63C-2467-4EB9-B716-13D0EDB994BC}C:\program files (x86)\cpn tools\cpnsim\cpnmld.x86-cygwin.exe] => (Allow) C:\program files (x86)\cpn tools\cpnsim\cpnmld.x86-cygwin.exe FirewallRules: [UDP Query User{E27A2A57-877A-4E79-B643-2CED51389AAF}C:\program files (x86)\cpn tools\cpnsim\cpnmld.x86-cygwin.exe] => (Allow) C:\program files (x86)\cpn tools\cpnsim\cpnmld.x86-cygwin.exe FirewallRules: [{1417303E-FF41-467A-AA3B-C66BD7FCE279}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Punkty Przywracania systemu ========================= 06-08-2015 00:00:01 Ponto de Verificação Agendado 13-08-2015 03:20:10 Ponto de Verificação Agendado 24-08-2015 00:36:37 Ponto de Verificação Agendado 22-09-2015 02:50:20 Ponto de Verificação Agendado 02-10-2015 01:02:16 Ponto de Verificação Agendado 10-10-2015 00:33:33 Ponto de Verificação Agendado 22-10-2015 18:04:21 Ponto de Verificação Agendado 03-11-2015 14:12:05 Ponto de Verificação Agendado 16-11-2015 15:28:52 Ponto de Verificação Agendado 01-12-2015 20:59:17 Ponto de Verificação Agendado 09-12-2015 15:39:51 Ponto de Verificação Agendado 22-12-2015 00:21:17 Ponto de Verificação Agendado 29-12-2015 01:42:02 Ponto de Verificação Agendado 22-03-2016 01:42:13 Ponto de Verificação Agendado 08-04-2016 00:29:04 Ponto de Verificação Agendado 28-04-2016 10:32:22 Installed Snoopy ==================== Wadliwe urządzenia w Menedżerze urządzeń ============= ==================== Błędy w Dzienniku zdarzeń: ========================= Dziennik Aplikacja: ================== Error: (04/28/2016 11:43:01 AM) (Source: Microsoft Office 15) (EventID: 2001) (User: ) Description: Microsoft Excel: Rejected Safe Mode action : O Excel está encontrando problemas com o suplemento 'c:\program files (x86)\mathwave\easyfit 5.6 professional\easyfitxl64.xll'. Se isso continuar acontecendo, desabilite esse suplemento e verifique se há atualizações disponíveis. Quer desabilitá-lo agora?. Rejected Safe Mode action : Microsoft Excel. Error: (04/28/2016 11:41:14 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: EXCEL.EXE, versão: 15.0.4420.1017, carimbo de hora: 0x506741b5 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5be02b Código de exceção: 0xc0000374 Deslocamento com falha: 0x00000000000c6cd2 Identificação do processo com falha: 0x8bc Hora de início do aplicativo com falha: 0xEXCEL.EXE0 Caminho do aplicativo com falha: EXCEL.EXE1 FCaminho do módulo de falhas: EXCEL.EXE2 Identificação do Relatório: EXCEL.EXE3 Error: (04/28/2016 11:41:13 AM) (Source: Microsoft Office 15) (EventID: 2000) (User: ) Description: Microsoft Excel: Accepted Safe Mode action : O Excel está encontrando problemas com o suplemento 'c:\program files (x86)\mathwave\easyfit 5.6 professional\easyfitxl64.xll'. Se isso continuar acontecendo, desabilite esse suplemento e verifique se há atualizações disponíveis. Quer desabilitá-lo agora?. Accepted Safe Mode action : Microsoft Excel. Error: (04/28/2016 11:40:41 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nome de aplicativo com falha: EXCEL.EXE, versão: 15.0.4420.1017, carimbo de hora: 0x506741b5 Nome do módulo de falhas: ntdll.dll, versão: 6.1.7600.16385, carimbo de hora: 0x4a5be02b Código de exceção: 0xc0000374 Deslocamento com falha: 0x00000000000c6cd2 Identificação do processo com falha: 0x41c Hora de início do aplicativo com falha: 0xEXCEL.EXE0 Caminho do aplicativo com falha: EXCEL.EXE1 FCaminho do módulo de falhas: EXCEL.EXE2 Identificação do Relatório: EXCEL.EXE3 Error: (04/20/2016 09:32:23 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (04/08/2016 01:42:21 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (04/08/2016 12:02:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (03/22/2016 01:07:35 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (03/20/2016 01:54:52 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Error: (03/17/2016 05:16:56 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -1073418225 Dziennik System: ============= Error: (03/14/2016 09:53:06 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 21:36:21 às ‎10/‎03/‎2016 não era esperado. Error: (08/02/2015 11:40:51 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: O desligamento anterior do sistema em 23:36:08 às ‎02/‎08/‎2015 não era esperado. ==================== Statystyki pamięci =========================== Procesor: Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz Procent pamięci w użyciu: 39% Całkowita pamięć fizyczna: 2999.55 MB Dostępna pamięć fizyczna: 1800.3 MB Całkowita pamięć wirtualna: 5997.26 MB Dostępna pamięć wirtualna: 4855.16 MB ==================== Dyski ================================ Drive c: (Sistema Operacional) (Fixed) (Total:270.76 GB) (Free:242.02 GB) NTFS Drive e: (VBOX_0_Win_x_Linux_0) (Network) (Total:612.62 GB) (Free:494.49 GB) VBoxSharedFolderFS ==================== MBR & Tablica partycji ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 270.9 GB) (Disk ID: 5FD7411D) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=270.8 GB) - (Type=07 NTFS) ==================== Koniec Addition.txt ============================