Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by rese (2016-04-12 22:51:46)
Running from C:\Users\Rese\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-11-26 22:08:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3053778313-1092122018-3495075206-500 - Administrator - Enabled) => C:\Users\Administrador
Convidado (S-1-5-21-3053778313-1092122018-3495075206-501 - Limited - Disabled)
sistemas (S-1-5-21-3053778313-1092122018-3495075206-1001 - Administrator - Enabled) => C:\Users\sistemas
UpdatusUser (S-1-5-21-3053778313-1092122018-3495075206-1002 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 for Windows (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Actualizações da NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack for Office system de 2007 (HKLM-x32\...\{90120000-0020-0816-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CrystalReportsRunTime (HKLM-x32\...\{57590AD8-F90A-48BA-9FFA-3728B0BB2D21}) (Version: 1.0.0 - Default Company Name)
DataDirect Connect ODBC 3.10 Driver for Windows 95/NT (HKLM-x32\...\DataDirect Connect ODBC 3.10 Driver for Windows 95/NT) (Version: - )
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.12 - Hewlett-Packard Company)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.79.26218 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\{30734E04-E8D3-4D2E-8379-70DB6F0B793A}) (Version: 5.1.0.1021 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.03.959 - Hewlett-Packard Company)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{1615407C-6560-46C7-820F-394DCAD4799E}) (Version: 12.2.8.17 - Hewlett-Packard Company)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6346.0 - IDT)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Endpoint Security 10 for Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.1.249 - Kaspersky Lab)
Kaspersky Security Center Network Agent (x32 Version: 10.1.249 - Kaspersky Lab) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0816-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM-x32\...\{91CA0816-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 pt-PT)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA Controlador gráfico 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
NVIDIA O controlador de 3D Vision 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation)
NVIDIA O controlador de HD Audio 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.020 - Oracle Corporation)
Painel de controlo da NVIDIA 345.20 (Version: 345.20 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v6.1 (HKLM-x32\...\{B87F4F22-611D-403C-A2A0-55426DE07509}) (Version: 6.1 - Spigot, Inc.) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
TeamViewer 9 Host (HKLM-x32\...\TeamViewer 9 Host) (Version: 9.0.41110 - TeamViewer)
UltraVnc (HKLM\...\{8C5C331A-97D6-46DE-BFF4-8424BD06A888}) (Version: 1.0.962 - uvnc bvba)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {090BAAEF-5F03-43C2-8AEB-DBD4EC1B4265} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {54260655-B97D-46F4-B0CD-14E9F063FE98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {5DB36736-7144-4978-BAAA-0CAABB2159C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {776EC1FB-0E6C-41C9-9DF3-77AC79F1817F} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
Task: {88A03B35-A491-4705-A2B4-865018F238B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {9A1890F9-B843-4228-9ACB-58972335C69A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {A421B0DD-77BF-4052-B545-FC6B9B2739DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {A6A884A0-72C4-45A9-B53C-CAD33E68D273} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
Task: {AED395D0-960B-4679-9B95-43D036AB2BF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B7EA3012-CE03-4E99-88C5-B9E98620248E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-23] (CyberLink)
Task: {C70BE73F-B662-4FF1-AB64-B1EAC8A98024} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {F2BE6C40-8E90-4EAB-A3ED-6275DB0C604D} - System32\Tasks\HPCeeScheduleForrese => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForrese.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-11-27 15:37 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-07-13 00:49 - 2011-07-13 00:49 - 03371520 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2012-08-01 13:57 - 2015-02-04 21:29 - 00115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-13 00:11 - 2011-07-13 00:11 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2011-09-08 16:20 - 2009-02-28 03:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2011-07-13 00:36 - 2011-07-13 00:36 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-09-08 16:19 - 2009-07-02 22:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2011-07-13 00:33 - 2011-07-13 00:33 - 02834432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-07-13 00:10 - 2011-07-13 00:10 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-07-13 00:32 - 2011-07-13 00:32 - 03100672 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-07-13 00:35 - 2011-07-13 00:35 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-07-13 00:34 - 2011-07-13 00:34 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2011-07-13 00:13 - 2011-07-13 00:13 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-07-13 00:14 - 2011-07-13 00:14 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2016-04-06 10:12 - 2016-04-06 10:12 - 03290112 _____ () C:\users\Public\RESERVAS1\RESERVAS1ff.apple
2011-09-08 16:20 - 2009-02-20 01:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2016-04-12 01:54 - 2016-04-06 11:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 01:54 - 2016-04-06 11:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1332329940-4016648922-1987614967-1119\...\travco.co.uk -> hxxp://www.travco.co.uk
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1332329940-4016648922-1987614967-1119\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.188.10.178 - 192.188.10.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9E49D0B0-72A5-4E5F-B2C1-6EFCD3A228B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{07B1AB70-34E9-44B9-82E5-CC8375D3AB8C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{986333EB-16FC-4763-B545-F5C3FCE9697E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{2F396EFB-06AA-47C7-A09A-15ED04389F88}C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe] => (Allow) C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe
FirewallRules: [UDP Query User{A6EE891A-6D89-4FD5-882B-91B8156F28A3}C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe] => (Allow) C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe
FirewallRules: [{8970960F-0A47-45BA-9503-759DF36CDED4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{870F5EBD-6C1E-4113-8AD0-C508868B8765}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{3EEB3A30-F1DD-465E-AEF6-8B274D75C475}] => (Allow) LPort=15000
FirewallRules: [{C397657C-4851-4516-A75D-4CD0EA47B5CE}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{4EFFA2B9-68D6-423F-9918-85D89A8BB070}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{78A4F2F9-5DA7-4FDF-8EBE-26A746A6FB62}] => (Allow) LPort=5900
FirewallRules: [{DB51F247-A09A-4A09-9694-488B9D7974CA}] => (Allow) LPort=5800
FirewallRules: [{A377E93C-BFFB-4BC3-9B38-3B50E6B79680}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\winvnc.exe
FirewallRules: [{6D40A156-2C8D-46CE-830E-E26CA37B1A96}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\winvnc.exe
FirewallRules: [{3ED3E235-7578-48B1-A898-B6F1CB3D85EB}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\vncviewer.exe
FirewallRules: [{C417B34C-98EC-43BF-BBA8-252A9AF3DEE3}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\vncviewer.exe
FirewallRules: [{73E83F36-7FF2-4DC9-B5EC-CCB5ACD54B6D}] => (Allow) LPort=15000
FirewallRules: [{35267862-89E3-4CAA-B02B-6CD8C6988A9D}] => (Allow) LPort=15000
FirewallRules: [{482C0DAE-D960-4B4C-B9C2-DA5E1577AB84}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{570F0DBA-C3BC-414E-BFFB-551AAE5A4DCB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E6CBC885-8C13-474D-BBCF-6E649D1CCA78}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{AE5F53A1-AAF4-4DD6-887A-DDB4C4A6B345}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0A80EB00-21C8-4DDB-BB70-3C08B6FA953A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F489F2A1-E367-4392-91C3-FA0B0565070E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A47EC9CB-2ED8-489C-8E4F-1E55C52CA5B1}] => (Allow) C:\Program Files\firefox.exe
FirewallRules: [{C355330B-B8A7-46F3-960B-370837657098}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9B90A7E1-45A1-4B86-AB0D-1AFB8ECE4944}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E08F17A-1FDB-4557-A88B-1ABC5E6298AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E35853A1-B52A-4D40-ACFD-268EC50CD7A6}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{81F2C013-6C2F-4B59-8D8F-FAB650BE2805}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{715C3264-BE8B-4578-A543-9DA6486AB12F}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{130F86A3-B45A-4AA5-9125-9C78BB1899CD}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{09A8AC18-32E0-4F80-B628-8FC5E65498B0}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{043827F6-9714-4C97-A2FD-0A3483819DF4}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
==================== Restore Points =========================
29-03-2016 17:50:50 Windows Update
01-04-2016 17:53:54 Windows Update
05-04-2016 17:54:50 Windows Update
08-04-2016 20:58:44 Removed Adobe Acrobat Reader DC - Português.
08-04-2016 21:03:53 Configurado LabelPrint
08-04-2016 21:05:45 Removed PlayReady PC Runtime amd64
08-04-2016 21:06:57 Removed Zinio Reader 4
08-04-2016 21:07:32 Windows Live Essentials
08-04-2016 21:08:00 WLSetup
08-04-2016 22:03:58 Configurado Power2Go
08-04-2016 22:41:44 Cartão de Cidadão removido.
08-04-2016 22:48:18 Configurado Power2Go
08-04-2016 23:04:41 Configurado Power2Go
09-04-2016 00:12:02 Windows Update
09-04-2016 22:14:25 09/04/2016
11-04-2016 22:39:46 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/12/2016 10:00:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0xc04
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/12/2016 09:59:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0xc04
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/12/2016 08:53:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0x13dc
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/12/2016 08:53:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0x13dc
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/11/2016 10:36:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0x498
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/11/2016 10:36:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0x498
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/11/2016 09:15:27 AM) (Source: MsiInstaller) (EventID: 11714) (User: HOTELALIF)
Description: Product: pdfforge Toolbar v24.4 -- Error 1714.The older version of pdfforge Toolbar v24.4 cannot be removed. Contact your technical support group. System Error 1612.
Error: (04/10/2016 08:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: FOXIT READER.EXE, versão: 5.1.0.1021, carimbo de data/hora: 0x4ea79d64
Nome do módulo com falha: facebook_plugin.fpi_unloaded, versão: 0.0.0.0, carimbo de data/hora: 0x4ea7b753
Código de excepção: 0xc0000005
Desvio de falha: 0x05db68b8
ID do processo com falha: 0xfac
Data/hora de início da aplicação com falha: 0xFOXIT READER.EXE0
Caminho da aplicação com falha: FOXIT READER.EXE1
Caminho do módulo com falha: FOXIT READER.EXE2
ID do Relatório: FOXIT READER.EXE3
Error: (04/08/2016 11:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0x1104
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/08/2016 11:03:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0x1104
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
System errors:
=============
Error: (04/12/2016 10:44:30 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: O cliente Kerberos recebeu um erro KRB_AP_ERR_MODIFIED do servidor recepcao2$. O nome de destino utilizado foi cifs/Recepcao1.hotelalif.local. Isto indica que o servidor de destino não conseguiu desencriptar a permissão fornecida pelo cliente. Isto pode ocorrer quando o nome principal do servidor (SPN) de destino está registado noutra conta que não aquela que o serviço de destino está a utilizar. Certifique-se de que o SPN de destino está registado, e apenas registado, na conta utilizada pelo servidor. Este erro pode também ocorrer quando o serviço de destino está a utilizar uma palavra-passe diferente para a conta de serviço de destino do que aquela que o Centro de Distribuição de Chaves Kerberos (KDC) utiliza para a conta de serviço de destino. Certifique-se de que o serviço no servidor e o KDC estão ambos actualizados para utilizar a palavra-passe actual. Se o nome do servidor não for completamente qualificado, e se o domínio de destino (HOTELALIF.LOCAL) for diferente do domínio do cliente (HOTELALIF.LOCAL), verifique se existem contas de servidor com nomes idênticos nestes dois domínios ou utilize o nome completamente qualificado para identificar o servidor.
Error: (04/12/2016 10:44:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço NVIDIA Update Service Daemon falhou o arranque devido ao seguinte erro:
%%1069
Error: (04/12/2016 10:44:02 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: O serviço nvUpdatusService não conseguiu registar como .\UpdatusUser com a palavra-passe configurada actualmente devido ao seguinte erro:
%%1330
Para assegurar que o serviço está configurado correctamente, utilize o snap-in 'Serviços' na 'Consola de gestão da Microsoft' (MMC).
Error: (04/12/2016 10:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço LogMeIn Kernel Information Provider falhou o arranque devido ao seguinte erro:
%%3
Error: (04/12/2016 10:22:17 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: O cliente Kerberos recebeu um erro KRB_AP_ERR_MODIFIED do servidor recepcao2$. O nome de destino utilizado foi cifs/Recepcao1.hotelalif.local. Isto indica que o servidor de destino não conseguiu desencriptar a permissão fornecida pelo cliente. Isto pode ocorrer quando o nome principal do servidor (SPN) de destino está registado noutra conta que não aquela que o serviço de destino está a utilizar. Certifique-se de que o SPN de destino está registado, e apenas registado, na conta utilizada pelo servidor. Este erro pode também ocorrer quando o serviço de destino está a utilizar uma palavra-passe diferente para a conta de serviço de destino do que aquela que o Centro de Distribuição de Chaves Kerberos (KDC) utiliza para a conta de serviço de destino. Certifique-se de que o serviço no servidor e o KDC estão ambos actualizados para utilizar a palavra-passe actual. Se o nome do servidor não for completamente qualificado, e se o domínio de destino (HOTELALIF.LOCAL) for diferente do domínio do cliente (HOTELALIF.LOCAL), verifique se existem contas de servidor com nomes idênticos nestes dois domínios ou utilize o nome completamente qualificado para identificar o servidor.
Error: (04/12/2016 10:18:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço NVIDIA Update Service Daemon falhou o arranque devido ao seguinte erro:
%%1069
Error: (04/12/2016 10:18:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: O serviço nvUpdatusService não conseguiu registar como .\UpdatusUser com a palavra-passe configurada actualmente devido ao seguinte erro:
%%1330
Para assegurar que o serviço está configurado correctamente, utilize o snap-in 'Serviços' na 'Consola de gestão da Microsoft' (MMC).
Error: (04/12/2016 10:14:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço LogMeIn Kernel Information Provider falhou o arranque devido ao seguinte erro:
%%3
Error: (04/12/2016 10:14:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O anterior encerramento do sistema, 12-04-2016 às 22:13:22, foi inesperado.
Error: (04/12/2016 09:58:44 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: O cliente Kerberos recebeu um erro KRB_AP_ERR_MODIFIED do servidor recepcao2$. O nome de destino utilizado foi cifs/Recepcao1.hotelalif.local. Isto indica que o servidor de destino não conseguiu desencriptar a permissão fornecida pelo cliente. Isto pode ocorrer quando o nome principal do servidor (SPN) de destino está registado noutra conta que não aquela que o serviço de destino está a utilizar. Certifique-se de que o SPN de destino está registado, e apenas registado, na conta utilizada pelo servidor. Este erro pode também ocorrer quando o serviço de destino está a utilizar uma palavra-passe diferente para a conta de serviço de destino do que aquela que o Centro de Distribuição de Chaves Kerberos (KDC) utiliza para a conta de serviço de destino. Certifique-se de que o serviço no servidor e o KDC estão ambos actualizados para utilizar a palavra-passe actual. Se o nome do servidor não for completamente qualificado, e se o domínio de destino (HOTELALIF.LOCAL) for diferente do domínio do cliente (HOTELALIF.LOCAL), verifique se existem contas de servidor com nomes idênticos nestes dois domínios ou utilize o nome completamente qualificado para identificar o servidor.
CodeIntegrity:
===================================
Date: 2014-05-28 02:45:02.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-11-06 22:51:53.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-01 09:07:54.040
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\109df.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-01 09:07:54.008
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\109df.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 45%
Total physical RAM: 4076.32 MB
Available physical RAM: 2230.88 MB
Total Virtual: 8150.86 MB
Available Virtual: 6262 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:920.33 GB) (Free:799.97 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.08 GB) (Free:1.35 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
==================== End of Addition.txt ============================
Ran by rese (2016-04-12 22:51:46)
Running from C:\Users\Rese\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-11-26 22:08:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrador (S-1-5-21-3053778313-1092122018-3495075206-500 - Administrator - Enabled) => C:\Users\Administrador
Convidado (S-1-5-21-3053778313-1092122018-3495075206-501 - Limited - Disabled)
sistemas (S-1-5-21-3053778313-1092122018-3495075206-1001 - Administrator - Enabled) => C:\Users\sistemas
UpdatusUser (S-1-5-21-3053778313-1092122018-3495075206-1002 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Endpoint Security 10 for Windows (Disabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Endpoint Security 10 for Windows (Disabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Actualizações da NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Compatibility Pack for Office system de 2007 (HKLM-x32\...\{90120000-0020-0816-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CrystalReportsRunTime (HKLM-x32\...\{57590AD8-F90A-48BA-9FFA-3728B0BB2D21}) (Version: 1.0.0 - Default Company Name)
DataDirect Connect ODBC 3.10 Driver for Windows 95/NT (HKLM-x32\...\DataDirect Connect ODBC 3.10 Driver for Windows 95/NT) (Version: - )
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.0.0.12 - Hewlett-Packard Company)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.79.26218 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Foxit Reader (HKLM-x32\...\{30734E04-E8D3-4D2E-8379-70DB6F0B793A}) (Version: 5.1.0.1021 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connect Solutions (HKLM-x32\...\{BE1C9464-DEBB-4DA6-B19A-8EC634F22D73}) (Version: 1.0.0.4 - Hewlett-Packard)
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.03.959 - Hewlett-Packard Company)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{1615407C-6560-46C7-820F-394DCAD4799E}) (Version: 12.2.8.17 - Hewlett-Packard Company)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6346.0 - IDT)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Kaspersky Endpoint Security 10 for Windows (HKLM\...\{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}) (Version: 10.2.1.23 - Kaspersky Lab)
Kaspersky Security Center Network Agent (HKLM-x32\...\InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}) (Version: 10.1.249 - Kaspersky Lab)
Kaspersky Security Center Network Agent (x32 Version: 10.1.249 - Kaspersky Lab) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware versão 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0816-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM-x32\...\{91CA0816-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 pt-PT) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 pt-PT)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1 - Mozilla)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NVIDIA Controlador gráfico 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
NVIDIA O controlador de 3D Vision 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation)
NVIDIA O controlador de HD Audio 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Oracle Data Provider for .NET Help (HKLM-x32\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 10.2.020 - Oracle Corporation)
Painel de controlo da NVIDIA 345.20 (Version: 345.20 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v6.1 (HKLM-x32\...\{B87F4F22-611D-403C-A2A0-55426DE07509}) (Version: 6.1 - Spigot, Inc.) <==== ATTENTION
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
TeamViewer 9 Host (HKLM-x32\...\TeamViewer 9 Host) (Version: 9.0.41110 - TeamViewer)
UltraVnc (HKLM\...\{8C5C331A-97D6-46DE-BFF4-8424BD06A888}) (Version: 1.0.962 - uvnc bvba)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2 - WildTangent) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {090BAAEF-5F03-43C2-8AEB-DBD4EC1B4265} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: {54260655-B97D-46F4-B0CD-14E9F063FE98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {5DB36736-7144-4978-BAAA-0CAABB2159C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {776EC1FB-0E6C-41C9-9DF3-77AC79F1817F} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-28] ()
Task: {88A03B35-A491-4705-A2B4-865018F238B9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {9A1890F9-B843-4228-9ACB-58972335C69A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {A421B0DD-77BF-4052-B545-FC6B9B2739DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {A6A884A0-72C4-45A9-B53C-CAD33E68D273} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
Task: {AED395D0-960B-4679-9B95-43D036AB2BF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B7EA3012-CE03-4E99-88C5-B9E98620248E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-23] (CyberLink)
Task: {C70BE73F-B662-4FF1-AB64-B1EAC8A98024} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {F2BE6C40-8E90-4EAB-A3ED-6275DB0C604D} - System32\Tasks\HPCeeScheduleForrese => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForrese.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-11-27 15:37 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-07-13 00:49 - 2011-07-13 00:49 - 03371520 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2012-08-01 13:57 - 2015-02-04 21:29 - 00115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-07-13 00:11 - 2011-07-13 00:11 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2011-09-08 16:20 - 2009-02-28 03:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2011-07-13 00:36 - 2011-07-13 00:36 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-09-08 16:19 - 2009-07-02 22:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2011-07-13 00:33 - 2011-07-13 00:33 - 02834432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-07-13 00:10 - 2011-07-13 00:10 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-07-13 00:32 - 2011-07-13 00:32 - 03100672 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-07-13 00:35 - 2011-07-13 00:35 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-07-13 00:34 - 2011-07-13 00:34 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2011-07-13 00:13 - 2011-07-13 00:13 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-07-13 00:14 - 2011-07-13 00:14 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2016-04-06 10:12 - 2016-04-06 10:12 - 03290112 _____ () C:\users\Public\RESERVAS1\RESERVAS1ff.apple
2011-09-08 16:20 - 2009-02-20 01:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2016-04-12 01:54 - 2016-04-06 11:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 01:54 - 2016-04-06 11:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1332329940-4016648922-1987614967-1119\...\travco.co.uk -> hxxp://www.travco.co.uk
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1332329940-4016648922-1987614967-1119\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.188.10.178 - 192.188.10.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{9E49D0B0-72A5-4E5F-B2C1-6EFCD3A228B0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{07B1AB70-34E9-44B9-82E5-CC8375D3AB8C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{986333EB-16FC-4763-B545-F5C3FCE9697E}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{2F396EFB-06AA-47C7-A09A-15ED04389F88}C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe] => (Allow) C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe
FirewallRules: [UDP Query User{A6EE891A-6D89-4FD5-882B-91B8156F28A3}C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe] => (Allow) C:\users\sistemas\appdata\local\temp\orainstall2011-11-27_04-15-39pm\jre\1.4.2\bin\javaw.exe
FirewallRules: [{8970960F-0A47-45BA-9503-759DF36CDED4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{870F5EBD-6C1E-4113-8AD0-C508868B8765}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{3EEB3A30-F1DD-465E-AEF6-8B274D75C475}] => (Allow) LPort=15000
FirewallRules: [{C397657C-4851-4516-A75D-4CD0EA47B5CE}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{4EFFA2B9-68D6-423F-9918-85D89A8BB070}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{78A4F2F9-5DA7-4FDF-8EBE-26A746A6FB62}] => (Allow) LPort=5900
FirewallRules: [{DB51F247-A09A-4A09-9694-488B9D7974CA}] => (Allow) LPort=5800
FirewallRules: [{A377E93C-BFFB-4BC3-9B38-3B50E6B79680}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\winvnc.exe
FirewallRules: [{6D40A156-2C8D-46CE-830E-E26CA37B1A96}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\winvnc.exe
FirewallRules: [{3ED3E235-7578-48B1-A898-B6F1CB3D85EB}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\vncviewer.exe
FirewallRules: [{C417B34C-98EC-43BF-BBA8-252A9AF3DEE3}] => (Allow) C:\Program Files\uvnc bvba\UltraVnc\vncviewer.exe
FirewallRules: [{73E83F36-7FF2-4DC9-B5EC-CCB5ACD54B6D}] => (Allow) LPort=15000
FirewallRules: [{35267862-89E3-4CAA-B02B-6CD8C6988A9D}] => (Allow) LPort=15000
FirewallRules: [{482C0DAE-D960-4B4C-B9C2-DA5E1577AB84}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{570F0DBA-C3BC-414E-BFFB-551AAE5A4DCB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{E6CBC885-8C13-474D-BBCF-6E649D1CCA78}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{AE5F53A1-AAF4-4DD6-887A-DDB4C4A6B345}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{0A80EB00-21C8-4DDB-BB70-3C08B6FA953A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F489F2A1-E367-4392-91C3-FA0B0565070E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A47EC9CB-2ED8-489C-8E4F-1E55C52CA5B1}] => (Allow) C:\Program Files\firefox.exe
FirewallRules: [{C355330B-B8A7-46F3-960B-370837657098}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9B90A7E1-45A1-4B86-AB0D-1AFB8ECE4944}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2E08F17A-1FDB-4557-A88B-1ABC5E6298AA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E35853A1-B52A-4D40-ACFD-268EC50CD7A6}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{81F2C013-6C2F-4B59-8D8F-FAB650BE2805}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{715C3264-BE8B-4578-A543-9DA6486AB12F}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{130F86A3-B45A-4AA5-9125-9C78BB1899CD}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{09A8AC18-32E0-4F80-B628-8FC5E65498B0}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
FirewallRules: [{043827F6-9714-4C97-A2FD-0A3483819DF4}] => (Allow) C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagwds.exe
==================== Restore Points =========================
29-03-2016 17:50:50 Windows Update
01-04-2016 17:53:54 Windows Update
05-04-2016 17:54:50 Windows Update
08-04-2016 20:58:44 Removed Adobe Acrobat Reader DC - Português.
08-04-2016 21:03:53 Configurado LabelPrint
08-04-2016 21:05:45 Removed PlayReady PC Runtime amd64
08-04-2016 21:06:57 Removed Zinio Reader 4
08-04-2016 21:07:32 Windows Live Essentials
08-04-2016 21:08:00 WLSetup
08-04-2016 22:03:58 Configurado Power2Go
08-04-2016 22:41:44 Cartão de Cidadão removido.
08-04-2016 22:48:18 Configurado Power2Go
08-04-2016 23:04:41 Configurado Power2Go
09-04-2016 00:12:02 Windows Update
09-04-2016 22:14:25 09/04/2016
11-04-2016 22:39:46 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/12/2016 10:00:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0xc04
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/12/2016 09:59:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0xc04
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/12/2016 08:53:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0x13dc
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/12/2016 08:53:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0x13dc
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/11/2016 10:36:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0x498
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/11/2016 10:36:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0x498
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/11/2016 09:15:27 AM) (Source: MsiInstaller) (EventID: 11714) (User: HOTELALIF)
Description: Product: pdfforge Toolbar v24.4 -- Error 1714.The older version of pdfforge Toolbar v24.4 cannot be removed. Contact your technical support group. System Error 1612.
Error: (04/10/2016 08:43:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: FOXIT READER.EXE, versão: 5.1.0.1021, carimbo de data/hora: 0x4ea79d64
Nome do módulo com falha: facebook_plugin.fpi_unloaded, versão: 0.0.0.0, carimbo de data/hora: 0x4ea7b753
Código de excepção: 0xc0000005
Desvio de falha: 0x05db68b8
ID do processo com falha: 0xfac
Data/hora de início da aplicação com falha: 0xFOXIT READER.EXE0
Caminho da aplicação com falha: FOXIT READER.EXE1
Caminho do módulo com falha: FOXIT READER.EXE2
ID do Relatório: FOXIT READER.EXE3
Error: (04/08/2016 11:03:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: RESERVAS1ff.apple, versão: 1.0.0.0, carimbo de data/hora: 0x57047ff4
Código de excepção: 0xc0000005
Desvio de falha: 0x001dbc90
ID do processo com falha: 0x1104
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
Error: (04/08/2016 11:03:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nome da aplicação com falha: regsvr32.exe, versão: 6.1.7600.16385, carimbo de data/hora: 0x4a5bca28
Nome do módulo com falha: KERNELBASE.dll, versão: 6.1.7601.19160, carimbo de data/hora: 0x56bcd5c3
Código de excepção: 0x0eedfade
Desvio de falha: 0x0000c52f
ID do processo com falha: 0x1104
Data/hora de início da aplicação com falha: 0xregsvr32.exe0
Caminho da aplicação com falha: regsvr32.exe1
Caminho do módulo com falha: regsvr32.exe2
ID do Relatório: regsvr32.exe3
System errors:
=============
Error: (04/12/2016 10:44:30 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: O cliente Kerberos recebeu um erro KRB_AP_ERR_MODIFIED do servidor recepcao2$. O nome de destino utilizado foi cifs/Recepcao1.hotelalif.local. Isto indica que o servidor de destino não conseguiu desencriptar a permissão fornecida pelo cliente. Isto pode ocorrer quando o nome principal do servidor (SPN) de destino está registado noutra conta que não aquela que o serviço de destino está a utilizar. Certifique-se de que o SPN de destino está registado, e apenas registado, na conta utilizada pelo servidor. Este erro pode também ocorrer quando o serviço de destino está a utilizar uma palavra-passe diferente para a conta de serviço de destino do que aquela que o Centro de Distribuição de Chaves Kerberos (KDC) utiliza para a conta de serviço de destino. Certifique-se de que o serviço no servidor e o KDC estão ambos actualizados para utilizar a palavra-passe actual. Se o nome do servidor não for completamente qualificado, e se o domínio de destino (HOTELALIF.LOCAL) for diferente do domínio do cliente (HOTELALIF.LOCAL), verifique se existem contas de servidor com nomes idênticos nestes dois domínios ou utilize o nome completamente qualificado para identificar o servidor.
Error: (04/12/2016 10:44:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço NVIDIA Update Service Daemon falhou o arranque devido ao seguinte erro:
%%1069
Error: (04/12/2016 10:44:02 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: O serviço nvUpdatusService não conseguiu registar como .\UpdatusUser com a palavra-passe configurada actualmente devido ao seguinte erro:
%%1330
Para assegurar que o serviço está configurado correctamente, utilize o snap-in 'Serviços' na 'Consola de gestão da Microsoft' (MMC).
Error: (04/12/2016 10:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço LogMeIn Kernel Information Provider falhou o arranque devido ao seguinte erro:
%%3
Error: (04/12/2016 10:22:17 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: O cliente Kerberos recebeu um erro KRB_AP_ERR_MODIFIED do servidor recepcao2$. O nome de destino utilizado foi cifs/Recepcao1.hotelalif.local. Isto indica que o servidor de destino não conseguiu desencriptar a permissão fornecida pelo cliente. Isto pode ocorrer quando o nome principal do servidor (SPN) de destino está registado noutra conta que não aquela que o serviço de destino está a utilizar. Certifique-se de que o SPN de destino está registado, e apenas registado, na conta utilizada pelo servidor. Este erro pode também ocorrer quando o serviço de destino está a utilizar uma palavra-passe diferente para a conta de serviço de destino do que aquela que o Centro de Distribuição de Chaves Kerberos (KDC) utiliza para a conta de serviço de destino. Certifique-se de que o serviço no servidor e o KDC estão ambos actualizados para utilizar a palavra-passe actual. Se o nome do servidor não for completamente qualificado, e se o domínio de destino (HOTELALIF.LOCAL) for diferente do domínio do cliente (HOTELALIF.LOCAL), verifique se existem contas de servidor com nomes idênticos nestes dois domínios ou utilize o nome completamente qualificado para identificar o servidor.
Error: (04/12/2016 10:18:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço NVIDIA Update Service Daemon falhou o arranque devido ao seguinte erro:
%%1069
Error: (04/12/2016 10:18:09 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: O serviço nvUpdatusService não conseguiu registar como .\UpdatusUser com a palavra-passe configurada actualmente devido ao seguinte erro:
%%1330
Para assegurar que o serviço está configurado correctamente, utilize o snap-in 'Serviços' na 'Consola de gestão da Microsoft' (MMC).
Error: (04/12/2016 10:14:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: O serviço LogMeIn Kernel Information Provider falhou o arranque devido ao seguinte erro:
%%3
Error: (04/12/2016 10:14:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: O anterior encerramento do sistema, 12-04-2016 às 22:13:22, foi inesperado.
Error: (04/12/2016 09:58:44 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: O cliente Kerberos recebeu um erro KRB_AP_ERR_MODIFIED do servidor recepcao2$. O nome de destino utilizado foi cifs/Recepcao1.hotelalif.local. Isto indica que o servidor de destino não conseguiu desencriptar a permissão fornecida pelo cliente. Isto pode ocorrer quando o nome principal do servidor (SPN) de destino está registado noutra conta que não aquela que o serviço de destino está a utilizar. Certifique-se de que o SPN de destino está registado, e apenas registado, na conta utilizada pelo servidor. Este erro pode também ocorrer quando o serviço de destino está a utilizar uma palavra-passe diferente para a conta de serviço de destino do que aquela que o Centro de Distribuição de Chaves Kerberos (KDC) utiliza para a conta de serviço de destino. Certifique-se de que o serviço no servidor e o KDC estão ambos actualizados para utilizar a palavra-passe actual. Se o nome do servidor não for completamente qualificado, e se o domínio de destino (HOTELALIF.LOCAL) for diferente do domínio do cliente (HOTELALIF.LOCAL), verifique se existem contas de servidor com nomes idênticos nestes dois domínios ou utilize o nome completamente qualificado para identificar o servidor.
CodeIntegrity:
===================================
Date: 2014-05-28 02:45:02.665
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-11-06 22:51:53.891
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2012-08-01 09:07:54.040
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\109df.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-08-01 09:07:54.008
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\109df.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 45%
Total physical RAM: 4076.32 MB
Available physical RAM: 2230.88 MB
Total Virtual: 8150.86 MB
Available Virtual: 6262 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:920.33 GB) (Free:799.97 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.08 GB) (Free:1.35 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
==================== End of Addition.txt ============================