Resultado do exame Adicional Farbar Recovery Scan Tool (x64) Versão: 26-06-2016 02
Executado por sergio (2016-06-26 21:39:37)
Executando a partir de C:\Users\sergio\Desktop
Windows 10 Home Single Language Versão 1511 (X64) (2016-02-23 21:15:24)
Modo da Inicialização: Normal
==========================================================


==================== Contas: =============================

Administrador (S-1-5-21-2518590045-3561568936-4235645554-500 - Administrator - Disabled)
Convidado (S-1-5-21-2518590045-3561568936-4235645554-501 - Limited - Disabled)
DefaultAccount (S-1-5-21-2518590045-3561568936-4235645554-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2518590045-3561568936-4235645554-1003 - Limited - Enabled)
sergio (S-1-5-21-2518590045-3561568936-4235645554-1001 - Administrator - Enabled) => C:\Users\sergio

==================== Central de Segurança ========================

(Se uma entrada for incluída na fixlist, será removida.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Programas Instalados ======================

(Somente os programas adwares com a indicação "Oculto" podem ser adicionados à fixlist para desocultá-los. Os programas adwares devem ser desinstalados manualmente.)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Ares (HKLM-x32\...\Ares) (Version: 2.3.9-Build#3063 - Seekar Ltd)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ControlAP II 1.3.5 (HKLM-x32\...\{A75A2559-40B0-4C25-A7ED-19D593F2A6E9}) (Version: 1.3.5 - OEM)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver 1.4.1 (HKLM\...\{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}) (Version: 1.4.1 - OEM)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 1.2.1.0 - Solvusoft Corporation)
FormatFactory 3.6.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.6.0.0 - Format Factory)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
H829 USB Hybrid ISDB-Tb 10.2.64.105 (HKLM-x32\...\H829 USB Hybrid ISDB-Tb) (Version: 10.2.64.105 - )
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Malwarebytes Anti-Malware versão 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - pt-br (HKLM\...\O365HomePremRetail - pt-br) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movavi Video Editor 11 (HKLM-x32\...\Movavi Video Editor 11) (Version: 11.2.0 - Movavi)
Mozilla Firefox 47.0 (x86 pt-BR) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 pt-BR)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
Mundo Positivo Gerenciador de Inicialização (HKLM\...\{E365D4D7-BD51-4A7F-8ECA-0B6C0C42D3CF}_is1) (Version: 1.1.5.0 - Positivo Informática S.A.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
POSITIVO TV (HKLM-x32\...\InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}) (Version: 6.0.21 - POSITIVO)
POSITIVO TV (x32 Version: 6.0.21 - POSITIVO) Hidden
Promoção Vivo (HKLM\...\{674e54ef-d593-4d80-8be2-35d0d8192a23}}_is1) (Version: 2.1.0.2 - Positivo Informática S.A.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.27040 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0231 - REALTEK Semiconductor Corp.)
Sim Plus (HKLM-x32\...\Sim Plus) (Version:  - )
VCW VicMan's Photo Editor 8.1 (HKLM-x32\...\VCW VicMan's Photo Editor_is1) (Version:  - VicMan Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warsaw 1.11.1.24 64 bits (HKLM\...\{20E60725-16C8-4FB9-8BC2-AF92C5F8D06D}_is1) (Version: 1.11.1.24 - GAS Tecnologia)
Web Photo Album 1.1 (HKLM-x32\...\Web Photo Album_is1) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinThruster (HKLM-x32\...\WinThruster_is1) (Version: 1.79 - solvusoft Corporation) <==== ATENÇÃO
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Wondershare Filmora(Build 6.8.2) (HKLM-x32\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)

==================== Exame Personalizado CLSID (Whitelisted): ==========================

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

CustomCLSID: HKU\S-1-5-21-2518590045-3561568936-4235645554-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\sergio\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2518590045-3561568936-4235645554-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Tarefas Agendadas (Whitelisted) =============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

Task: {069F3F58-74CB-4E93-91ED-D064E2C4CC6A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO
Task: {111CC5C5-12F1-4007-9A6C-4143D12557FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {15A943E8-EE7C-40E0-8168-B8A944232404} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {1A757AA5-1D10-4EA3-AC32-A4F8835BF296} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO
Task: {32C3B51B-931F-4FF7-970F-B3B29692E8E3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {38F5D42B-BD32-4EBA-BABB-C8C067423B22} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {63A71D28-F4EA-44BC-8F4D-3D6BC296A6DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO
Task: {6FE35E1C-BB6A-44DF-AFEC-28EF17B1CFA3} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Nenhum Arquivo <==== ATENÇÃO
Task: {76E52DC8-F18E-4446-B1CE-C8BEE4FB6FA3} - System32\Tasks\WinThruster_UPDATES => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-11-25] (Solvusoft Corporation) <==== ATENÇÃO
Task: {78B9AA7D-FA88-4A31-83FA-B3DC958C16AB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {7F4469D3-8B17-43B4-A062-42C7B3E0273E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-06-24] (Microsoft Corporation)
Task: {872AFC86-E1D6-4626-966A-397DBD303739} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-10] (Microsoft Corporation)
Task: {889AF5EE-FF12-4B80-AA73-8DA7E5145FA4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {8D2ECA42-8E73-4051-9A7E-817E826D4C18} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO
Task: {8FFFD1B4-0611-4F1A-835B-BCAFFFBD599E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Nenhum Arquivo <==== ATENÇÃO
Task: {A0E8B414-FC03-41C0-A56D-40524B8421E2} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-11] (AVAST Software)
Task: {BAF35465-5AFA-4BCF-8B2E-E325190497E2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-01] (AVAST Software)
Task: {CE7C89BC-62F3-4F10-BA4C-0A4F934E2B76} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18] (Google Inc.)
Task: {E0499C99-692E-4344-8EE7-4078BB96362A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {F2268109-7574-414B-9454-E037FBE63ABF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-21] (Adobe Systems Incorporated)
Task: {FAC3BEBC-8674-4EFB-B2AF-E02FCDF192AD} - System32\Tasks\WinThruster_DEFAULT => C:\Program Files (x86)\WinThruster\WinThruster.exe [2015-11-25] (Solvusoft Corporation) <==== ATENÇÃO
Task: {FC171A1D-66A1-43B9-88EA-6867EECA4CEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO
Task: {FC3FA20C-2C8B-4885-81E3-47E72B005F45} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18] (Google Inc.)
Task: {FD2F9328-F797-4DB8-8611-3B56E0263181} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO

(Se uma entrada for incluída na fixlist, o arquivo da tarefa (.job) será movido. O arquivo que está sendo executado pela tarefa não será movido.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\WinThruster_DEFAULT.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATENÇÃO
Task: C:\WINDOWS\Tasks\WinThruster_UPDATES.job => C:\Program Files (x86)\WinThruster\WinThruster.exe <==== ATENÇÃO

==================== Atalhos =============================

(As entradas podem ser listadas para serem restauradas ou removidas.)

==================== Módulos Carregados (Whitelisted) ==============

2015-10-30 04:18 - 2015-10-30 04:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-07-30 21:52 - 2009-12-06 12:13 - 00397312 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2016-04-17 19:58 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-19 22:33 - 2016-04-19 22:34 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-07-30 21:52 - 2014-02-12 11:33 - 00159744 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
2016-04-17 19:58 - 2016-03-29 07:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-23 11:04 - 2016-02-23 11:04 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 23:11 - 2016-04-23 01:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-06-22 18:51 - 2016-05-28 00:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-06-22 18:50 - 2016-05-28 00:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-22 18:51 - 2016-05-28 00:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-06-22 18:51 - 2016-05-28 00:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-01 19:08 - 2016-02-01 19:08 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-01 19:08 - 2016-02-01 19:08 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-01 19:09 - 2016-02-01 19:09 - 02990080 _____ () C:\Program Files\AVAST Software\Avast\defs\15110499\algo.dll
2016-02-01 19:08 - 2016-02-01 19:08 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-07-30 21:52 - 2012-06-09 07:33 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2016-04-19 22:33 - 2016-04-19 22:34 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 22:33 - 2016-04-19 22:34 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-01 19:08 - 2016-02-01 19:08 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

==================== Alternate Data Streams (Whitelisted) =========

(Se uma entrada for incluída na fixlist, somente o ADS será removido.)

AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt [10]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg== [32]
AlternateDataStreams: C:\WINDOWS\System32:63510A1A_Cef.gbp [2]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wsddfac.sys:X5ZN8aGXs4 [1434]

==================== Modo de Segurança (Whitelisted) ===================

(Se uma entrada for incluída na fixlist, será removida do Registro. O valor "AlternateShell" será restaurado.)


==================== Associação (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, o ítem no Registro será restaurado para o padrão ou removido.)

HKLM\...\.scr: PhEdit.scr => C:\Program Files (x86)\VCW VicMan's Photo Editor\vcwphoto.exe %1 <===== ATENÇÃO

==================== Internet Explorer confiável/restrito ===============

(Se uma entrada for incluída na fixlist, será removida do Registro.)

IE trusted site: HKU\S-1-5-21-2518590045-3561568936-4235645554-1001\...\caixa.gov.br -> hxxps://imagem.caixa.gov.br
IE trusted site: HKU\S-1-5-21-2518590045-3561568936-4235645554-1001\...\caixa.gov.br -> imagem.caixa.gov.br

==================== Hosts Conteúdo: ===============================

(Se necessário, a diretiva Hosts: pode ser incluída na fixlist para redefinir o Hosts.)

2013-08-22 10:25 - 2016-02-09 12:07 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Outras Áreas ============================

(Atualmente não há nenhuma correção automática para esta seção.)

HKU\S-1-5-21-2518590045-3561568936-4235645554-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sergio\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{aafa2378-591b-44f8-87d6-f54e5d756c1c}.jpg
DNS Servers: 168.235.146.56 - 52.26.172.153
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Firewall do Windows está habilitado.

==================== MSCONFIG/TASK MANAGER ítens desabilitados ==

(Atualmente não há nenhuma correção automática para esta seção.)

HKLM\...\StartupApproved\StartupFolder: => "AVer HID Receiver.lnk"
HKLM\...\StartupApproved\StartupFolder: => "ControlAP II.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "HotKeysCmds"
HKLM\...\StartupApproved\Run: => "Persistence"
HKLM\...\StartupApproved\Run: => "Diebold - Warsaw"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "StartUpManagerPositivo"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SIMPlus"
HKU\S-1-5-21-2518590045-3561568936-4235645554-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2518590045-3561568936-4235645554-1001\...\StartupApproved\Run: => "DelayShred"
HKU\S-1-5-21-2518590045-3561568936-4235645554-1001\...\StartupApproved\Run: => "ares"
HKU\S-1-5-21-2518590045-3561568936-4235645554-1001\...\StartupApproved\Run: => "PC-NVR.exe"

==================== Regras do Firewall (Whitelisted) ===============

(Se uma entrada for incluída na fixlist, será removida do Registro. O arquivo não será movido, a menos que seja colocado separadamente.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{7AAEAE1B-86A3-49E9-AEAF-940533023CAA}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [TCP Query User{8A06F244-B7BF-455A-B637-7910D527FB5B}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{818ADFB6-560E-4A94-8601-BCEE28289E6C}C:\program files (x86)\intelbras\sim plus\pc-nvr\challenge.exe] => (Block) C:\program files (x86)\intelbras\sim plus\pc-nvr\challenge.exe
FirewallRules: [TCP Query User{459D0100-C9E2-4941-8CFD-631B3FF313B7}C:\program files (x86)\intelbras\sim plus\pc-nvr\challenge.exe] => (Block) C:\program files (x86)\intelbras\sim plus\pc-nvr\challenge.exe
FirewallRules: [UDP Query User{62A6DFE8-19B6-4F0D-A1B4-3E614D5D966F}C:\program files (x86)\intelbras\sim plus\sim plus\simplus.exe] => (Allow) C:\program files (x86)\intelbras\sim plus\sim plus\simplus.exe
FirewallRules: [TCP Query User{9B85C7B1-83C8-47C1-BDD2-D6EF7B2D780E}C:\program files (x86)\intelbras\sim plus\sim plus\simplus.exe] => (Allow) C:\program files (x86)\intelbras\sim plus\sim plus\simplus.exe
FirewallRules: [{C71EE132-D702-4988-9D81-DA18D21E30D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56925827-C4D7-4F89-91FB-99D5758185F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E66F359F-09A1-4CFE-8515-F6753FBBE39A}] => (Allow) C:\Users\sergio\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{4B5F3FB9-1B5B-462C-9387-069E95CB1022}] => (Allow) LPort=1900
FirewallRules: [{77849442-5BED-433C-8738-9612E575DF42}] => (Allow) LPort=2869
FirewallRules: [{0B868557-8542-434C-9D57-0F21A0BA62C4}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4F2F8A0B-1B63-494E-9395-77A7D1010B55}] => (Allow) C:\Program Files\Diebold\Warsaw\core.exe
FirewallRules: [{24DB85B6-0678-43BE-BD36-39B67E5777DD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{616B5965-8A78-40EA-976F-1FB48D880F6A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Pontos de Restauração =========================

26-05-2016 22:31:36 WinThruster qui, mai 26, 16  22:31
24-06-2016 20:32:52 Windows Update

==================== Dispositivos Apresentando Falhas No Gerenciador =============


==================== Erros no Log de eventos: =========================

Erros em Aplicativos:
==================
Error: (06/26/2016 08:27:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Microsoft.Photos.exe, versão: 16.526.11240.0, carimbo de data/hora: 0x574744f3
Nome do módulo com falha: SharedLibrary.dll, versão: 1.4.24201.0, carimbo de data/hora: 0x574e6cd1
Código de exceção: 0x8007007e
Deslocamento da falha: 0x000000000041cf48
ID do processo com falha: 0x1770
Hora de início do aplicativo com falha: 0xMicrosoft.Photos.exe0
Caminho do aplicativo com falha: Microsoft.Photos.exe1
Caminho do módulo com falha: Microsoft.Photos.exe2
ID do Relatório: Microsoft.Photos.exe3
Nome completo do pacote com falha: Microsoft.Photos.exe4
ID do aplicativo relativo ao pacote com falha: Microsoft.Photos.exe5

Error: (06/26/2016 07:39:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Microsoft.Photos.exe, versão: 16.526.11240.0, carimbo de data/hora: 0x574744f3
Nome do módulo com falha: SharedLibrary.dll, versão: 1.4.24201.0, carimbo de data/hora: 0x574e6cd1
Código de exceção: 0x8007007e
Deslocamento da falha: 0x000000000041cf48
ID do processo com falha: 0x350
Hora de início do aplicativo com falha: 0xMicrosoft.Photos.exe0
Caminho do aplicativo com falha: Microsoft.Photos.exe1
Caminho do módulo com falha: Microsoft.Photos.exe2
ID do Relatório: Microsoft.Photos.exe3
Nome completo do pacote com falha: Microsoft.Photos.exe4
ID do aplicativo relativo ao pacote com falha: Microsoft.Photos.exe5

Error: (06/26/2016 06:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Microsoft.Photos.exe, versão: 16.526.11240.0, carimbo de data/hora: 0x574744f3
Nome do módulo com falha: SharedLibrary.dll, versão: 1.4.24201.0, carimbo de data/hora: 0x574e6cd1
Código de exceção: 0x8007007e
Deslocamento da falha: 0x000000000041cf48
ID do processo com falha: 0x10e4
Hora de início do aplicativo com falha: 0xMicrosoft.Photos.exe0
Caminho do aplicativo com falha: Microsoft.Photos.exe1
Caminho do módulo com falha: Microsoft.Photos.exe2
ID do Relatório: Microsoft.Photos.exe3
Nome completo do pacote com falha: Microsoft.Photos.exe4
ID do aplicativo relativo ao pacote com falha: Microsoft.Photos.exe5

Error: (06/26/2016 05:02:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302

Error: (06/25/2016 03:44:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Microsoft.Photos.exe, versão: 16.526.11240.0, carimbo de data/hora: 0x574744f3
Nome do módulo com falha: SharedLibrary.dll, versão: 1.4.24201.0, carimbo de data/hora: 0x574e6cd1
Código de exceção: 0x8007007e
Deslocamento da falha: 0x000000000041cf48
ID do processo com falha: 0x1484
Hora de início do aplicativo com falha: 0xMicrosoft.Photos.exe0
Caminho do aplicativo com falha: Microsoft.Photos.exe1
Caminho do módulo com falha: Microsoft.Photos.exe2
ID do Relatório: Microsoft.Photos.exe3
Nome completo do pacote com falha: Microsoft.Photos.exe4
ID do aplicativo relativo ao pacote com falha: Microsoft.Photos.exe5

Error: (06/24/2016 09:35:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: Microsoft.Photos.exe, versão: 16.526.11240.0, carimbo de data/hora: 0x574744f3
Nome do módulo com falha: SharedLibrary.dll, versão: 1.4.24201.0, carimbo de data/hora: 0x574e6cd1
Código de exceção: 0x8007007e
Deslocamento da falha: 0x000000000041cf48
ID do processo com falha: 0x15d0
Hora de início do aplicativo com falha: 0xMicrosoft.Photos.exe0
Caminho do aplicativo com falha: Microsoft.Photos.exe1
Caminho do módulo com falha: Microsoft.Photos.exe2
ID do Relatório: Microsoft.Photos.exe3
Nome completo do pacote com falha: Microsoft.Photos.exe4
ID do aplicativo relativo ao pacote com falha: Microsoft.Photos.exe5

Error: (06/24/2016 08:44:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome do aplicativo com falha: AdobeARMHelper.exe, versão: 1.824.16.6751, carimbo de data/hora: 0x566e7208
Nome do módulo com falha: AdobeARMHelper.exe, versão: 1.824.16.6751, carimbo de data/hora: 0x566e7208
Código de exceção: 0xc0000005
Deslocamento da falha: 0x00009e55
ID do processo com falha: 0x528
Hora de início do aplicativo com falha: 0xAdobeARMHelper.exe0
Caminho do aplicativo com falha: AdobeARMHelper.exe1
Caminho do módulo com falha: AdobeARMHelper.exe2
ID do Relatório: AdobeARMHelper.exe3
Nome completo do pacote com falha: AdobeARMHelper.exe4
ID do aplicativo relativo ao pacote com falha: AdobeARMHelper.exe5

Error: (06/24/2016 08:33:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.

System Error:
Acesso negado.
.

Error: (06/24/2016 08:06:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: SERGIO)
Description: Falha na ativação do aplicativo Microsoft.WindowsMaps_8wekyb3d8bbwe!App com o erro: -2144927148. Veja o log Microsoft-Windows-TWinUI/Operational para obter informações adicionais.

Error: (06/24/2016 07:44:38 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302


Erros de Sistema:
=============
Error: (06/26/2016 08:23:26 PM) (Source: DCOM) (EventID: 10010) (User: AUTORIDADE NT)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (06/26/2016 08:21:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/26/2016 08:21:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/26/2016 08:21:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/26/2016 08:20:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/26/2016 08:20:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Não foi possível iniciar o serviço Warsaw File Access svc devido ao seguinte erro: 
%%2 = O sistema não pode encontrar o arquivo especificado.


Error: (06/26/2016 08:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Acesso a Dados de Usuário_2fc4d foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/26/2016 08:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Armazenamento de Dados de Usuário_2fc4d foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/26/2016 08:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Dados de Contato_2fc4d foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.

Error: (06/26/2016 08:18:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: O serviço Host de Sincronização_2fc4d foi finalizado inesperadamente. Isto aconteceu 1 vez(es). A seguinte ação corretiva será tomada em 10000 milissegundos: Reiniciar o serviço.


CodeIntegrity:
===================================
  Date: 2016-06-25 03:37:59.084
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-22 18:37:18.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-11 19:26:38.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-01 18:36:47.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 16:32:36.536
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 15:34:54.097
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 15:34:52.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-20 15:16:40.701
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-07 10:09:22.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-03 18:22:52.972
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Informações da Memória =========================== 

Processador: Intel(R) Celeron(R) CPU N2807 @ 1.58GHz
Percentagem de memória em uso: 38%
RAM física total: 3985.11 MB
RAM física disponível: 2464.88 MB
Virtual Total: 4689.11 MB
Virtual disponível: 2981.41 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:449.96 GB) (Free:42.19 GB) NTFS

==================== MBR & Tabela de Partições ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 30525FF0)

Partition: GPT.

==================== Fim de Addition.txt ============================