Quantcast

Virus sydefudfls.MOS-DW

classic Clássica list Lista threaded Em Árvore
2 mensagens Opções
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Virus sydefudfls.MOS-DW

jonathas
Ola estou tendo problemas com o seguinte malware.
sydefudfls.MOS-DW


Segue o relatorio:  
OTL logfile created on: 10/09/2013 23:49:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JONATHAS BARBOZA\Downloads
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,86 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,82% Memory free
7,71 Gb Paging File | 5,44 Gb Available in Paging File | 70,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,71 Gb Total Space | 217,20 Gb Free Space | 76,29% Space Free | Partition Type: NTFS
Drive D: | 13,08 Gb Total Space | 1,60 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
Drive G: | 27,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 99,34 Mb Total Space | 89,16 Mb Free Space | 89,75% Space Free | Partition Type: FAT32
 
Computer Name: JONATHASBARBOZA | User Name: JONATHAS BARBOZA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2013/09/10 23:48:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JONATHAS BARBOZA\Downloads\OTL.exe
PRC - [2013/09/10 22:53:27 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/09/10 22:50:27 | 000,639,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2013/09/10 22:50:09 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/09/10 22:50:05 | 000,347,192 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/09/10 00:18:19 | 000,148,976 | ---- | M] (BonanzaDeals) -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe
PRC - [2013/09/02 17:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/05 23:38:12 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\JONATHAS BARBOZA\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/09/01 16:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/30 19:09:00 | 010,778,968 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\UIMain.exe
PRC - [2010/12/31 16:44:08 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/31 16:43:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 21:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/12/10 12:42:14 | 000,677,712 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\CMUpdater.exe
PRC - [2010/02/02 23:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2013/09/02 17:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
MOD - [2013/09/02 17:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 17:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 17:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 17:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 17:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/19 20:09:18 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\97ce162bb354fcf9c8d9eae8252ee216\IAStorUtil.ni.dll
MOD - [2013/08/14 20:25:46 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll
MOD - [2013/08/14 20:25:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/14 20:24:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 20:24:18 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 20:23:47 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/14 20:23:36 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 20:23:30 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/14 20:23:28 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/17 15:45:18 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\22d36f517c7545fdb65ccddae680a3eb\IAStorCommon.ni.dll
MOD - [2013/07/11 11:31:10 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/04/08 14:02:56 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011/01/30 19:09:06 | 001,176,928 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\WAITINGFORM.DLL
MOD - [2011/01/30 19:09:00 | 010,778,968 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\UIMain.exe
MOD - [2011/01/30 19:08:54 | 001,071,464 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\DLL_NETCARD_R.DLL
MOD - [2010/12/10 12:42:14 | 000,677,712 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\CMUpdater.exe
MOD - [2010/12/10 12:42:14 | 000,617,808 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\UpdateAgent.dll
MOD - [2010/12/10 12:42:14 | 000,349,520 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\UISkin.dll
MOD - [2010/12/10 12:42:14 | 000,238,928 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\UICommonDlg.dll
MOD - [2010/12/10 12:42:14 | 000,165,712 | ---- | M] () -- C:\Program Files (x86)\Claro 3G\BIXml.dll
MOD - [2010/11/12 20:35:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/07/13 22:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2013/09/10 23:32:01 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 22:53:27 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/10 22:50:09 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/10 00:18:19 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem)
SRV - [2013/09/10 00:18:19 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 01:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/01 16:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/12/31 16:44:08 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/31 16:43:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 21:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/07/21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Arquivos de Programas\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/06/18 22:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/17 23:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Arquivos de Programas\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013/09/10 22:54:03 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:[/b] - [2013/09/10 22:54:03 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:[/b] - [2013/05/27 13:35:13 | 001,145,960 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:[b]64bit:[/b] - [2013/04/01 22:45:24 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:[/b] - [2012/12/14 01:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/11/28 09:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:[b]64bit:[/b] - [2012/08/23 11:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2012/08/23 11:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2012/08/23 11:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/03/05 04:16:20 | 000,436,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2011/02/15 16:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:[b]64bit:[/b] - [2011/02/09 16:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:[b]64bit:[/b] - [2010/12/31 16:46:14 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/10/18 14:44:04 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:[b]64bit:[/b] - [2010/10/18 14:44:04 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:[b]64bit:[/b] - [2010/10/18 14:44:04 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:[b]64bit:[/b] - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 18:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009/06/10 18:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009/06/10 18:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009/06/10 17:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522690
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://pt.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522690
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522690
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=118725&babsrc=SP_ss&mntrId=FCCA20107A77525B
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\JONATHAS BARBOZA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/04 23:49:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\JONATHAS BARBOZA\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013/04/13 20:31:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/01/04 23:49:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\JONATHAS BARBOZA\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013/04/13 20:31:25 | 000,000,000 | ---D | M]
 
[2013/04/13 20:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\mozilla\Extensions
[2013/04/13 20:31:25 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\mozilla\Extensions\speedanalysis@SpeedAnalysis.com
[2013/02/17 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: portaldosites (Enabled)
CHR - default_search_provider: search_url = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691&type=default&q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: BonanzaDeals = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: WebSite Recommendation = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj\1.7_0\
CHR - Extension: Gmail = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UIMain] C:\Program Files (x86)\Claro 3G\UIMain.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4033835798-837088843-1847717302-1000..\Run: [Facebook Update] C:\Users\JONATHAS BARBOZA\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4033835798-837088843-1847717302-1000..\Run: [sydefudfls] wscript.exe //B "C:\Users\JONATH~1\AppData\Local\Temp\sydefudfls.MOS-DW.vbe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\JONATHAS BARBOZA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sydefudfls.MOS-DW.vbe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:[b]64bit:[/b] - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{21FD8FFB-D5F7-437E-A329-12E6DDE40C6B}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B50E43B4-CC8E-4FCD-A102-CB4A3722DE25}: DhcpNameServer = 192.168.254.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6D742AA-516C-461E-9121-3D69051EF482}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7C06EA2-C411-401D-BB51-4CA13E086468}: NameServer = 200.169.117.221 200.169.117.222
O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/16 14:49:38 | 000,000,034 | R--- | M] () - G:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2011/01/31 12:04:49 | 000,000,062 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{11875cc9-fbbb-11e2-a502-38eaa71908a8}\Shell - "" = AutoRun
O33 - MountPoints2\{11875cc9-fbbb-11e2-a502-38eaa71908a8}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{74ffc3ea-64a0-11e2-ab51-38eaa71908a8}\Shell - "" = AutoRun
O33 - MountPoints2\{74ffc3ea-64a0-11e2-ab51-38eaa71908a8}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{d126275f-010d-11e3-9354-20107a77525b}\Shell - "" = AutoRun
O33 - MountPoints2\{d126275f-010d-11e3-9354-20107a77525b}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{eda6a828-d105-11e2-9cdc-20107a77525b}\Shell - "" = AutoRun
O33 - MountPoints2\{eda6a828-d105-11e2-9cdc-20107a77525b}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{f5e45098-5696-11e2-ab68-20107a77525b}\Shell - "" = AutoRun
O33 - MountPoints2\{f5e45098-5696-11e2-ab68-20107a77525b}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{fa8721d7-f3e0-11e2-82d5-38eaa71908a8}\Shell - "" = AutoRun
O33 - MountPoints2\{fa8721d7-f3e0-11e2-82d5-38eaa71908a8}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2013/09/10 00:22:35 | 000,000,000 | ---D | C] -- C:\FFOutput
[2013/09/10 00:22:05 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
[2013/09/10 00:21:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2013/09/10 00:18:20 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\BonanzaDealsLive
[2013/09/10 00:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013/09/10 00:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013/09/10 00:18:07 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013/09/10 00:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013/09/07 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/07 19:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/08/14 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\Lollipop
[2013/08/14 20:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/08/14 20:26:49 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\SwvUpdater
[2013/08/14 20:25:10 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\DealPlyLive
[2013/08/14 20:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013/08/14 20:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPlyLive
[2013/08/14 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimilarSites
[2013/08/14 20:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/08/14 20:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013/08/14 20:24:54 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\SimilarSites
[2013/08/14 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\eIntaller
[2013/08/14 20:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2013/09/10 23:44:53 | 000,022,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 23:44:53 | 000,022,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/10 23:33:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/10 23:33:27 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/10 23:32:03 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/10 23:32:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/10 23:32:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/10 23:28:33 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013/09/10 23:28:30 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/10 23:25:00 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013/09/10 23:23:06 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/09/10 22:54:03 | 000,132,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/09/10 22:54:03 | 000,105,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/09/10 22:54:03 | 000,081,112 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/09/10 22:51:51 | 001,517,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/10 22:51:51 | 000,664,038 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2013/09/10 22:51:51 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/10 22:51:51 | 000,128,328 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2013/09/10 22:51:51 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/10 11:43:18 | 000,000,972 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4033835798-837088843-1847717302-1000UA.job
[2013/09/10 11:28:01 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/10 00:22:06 | 000,001,198 | ---- | M] () -- C:\Users\JONATHAS BARBOZA\Desktop\Format Factory.lnk
[2013/09/07 19:46:26 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/07 13:18:37 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJONATHAS BARBOZA.job
[2013/09/01 23:43:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4033835798-837088843-1847717302-1000Core.job
[2013/08/22 17:24:01 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJONATHASBARBOZA$.job
[2013/08/14 20:24:55 | 000,001,558 | ---- | M] () -- C:\Users\JONATHAS BARBOZA\Desktop\Google Chrome.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2013/09/10 00:22:06 | 000,001,198 | ---- | C] () -- C:\Users\JONATHAS BARBOZA\Desktop\Format Factory.lnk
[2013/09/10 00:18:27 | 000,000,946 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/09/10 00:18:26 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013/09/07 19:46:26 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/07 19:46:26 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/01 14:42:19 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJONATHAS BARBOZA.job
[2013/06/18 22:45:50 | 000,003,584 | ---- | C] () -- C:\Users\JONATHAS BARBOZA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/17 23:34:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/05/17 23:34:28 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/05/17 23:34:28 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013/05/17 23:34:27 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013/05/17 23:34:24 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/03/09 13:18:27 | 000,001,854 | ---- | C] () -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\GhostObjGAFix.xml
[2013/01/04 23:39:19 | 000,211,417 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/12/14 01:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/11/28 09:42:06 | 000,026,464 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2012/11/28 09:42:06 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2012/11/19 17:13:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/10/10 01:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 01:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 00:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2013/02/17 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\BabSolution
[2013/02/17 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Babylon
[2013/06/09 11:29:00 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\baidu
[2013/02/17 21:19:41 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\DealPly
[2013/08/14 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\eIntaller
[2013/04/13 20:30:59 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\File Scout
[2013/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\GetRightToGo
[2013/06/09 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\OpenCandy
[2013/04/13 20:55:04 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\PerformerSoft
[2013/08/14 20:24:54 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\SimilarSites
[2013/04/13 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\SpeedanAlysis
[2013/01/04 14:46:48 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Synaptics
[2013/01/04 14:57:20 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\WildTangent
[2013/02/17 20:58:19 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Windows Live Writer
[2013/06/09 11:22:25 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Youtube Downloader HD

< End of report >














OTL Extras logfile created on: 10/09/2013 23:49:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JONATHAS BARBOZA\Downloads
64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
3,86 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,82% Memory free
7,71 Gb Paging File | 5,44 Gb Available in Paging File | 70,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,71 Gb Total Space | 217,20 Gb Free Space | 76,29% Space Free | Partition Type: NTFS
Drive D: | 13,08 Gb Total Space | 1,60 Gb Free Space | 12,26% Space Free | Partition Type: NTFS
Drive G: | 27,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 99,34 Mb Total Space | 89,16 Mb Free Space | 89,75% Space Free | Partition Type: FAT32
 
Computer Name: JONATHASBARBOZA | User Name: JONATHAS BARBOZA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\JONATHAS BARBOZA\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\JONATHAS BARBOZA\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018A3866-0D8F-4803-952D-318962E13E27}" = lport=138 | protocol=17 | dir=in | app=system |
"{0A2A3B25-AFA2-49C9-94CE-AA4CE9F75FBB}" = lport=445 | protocol=6 | dir=in | app=system |
"{0B545972-9591-4CBA-889A-D3F0EEFA9B21}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{450F50E4-BC31-4195-8C0E-1081842F5814}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{45F196A2-BD47-496A-8376-70C182A8D797}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4779EBF3-0D6B-4811-8EF3-7A8E4BF8144C}" = rport=445 | protocol=6 | dir=out | app=system |
"{52A7EFE3-3629-4E3C-95CF-5085AABC2103}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6027C624-3EEA-41D8-8ED1-F56647A22092}" = lport=139 | protocol=6 | dir=in | app=system |
"{6993C6CF-ABE4-4A43-AEBE-764931FE9FC1}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A9B01F0-1F98-4BD4-BE87-9DE5A1ACE9A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{81C5A3BA-85CC-480E-B9C4-DADCA03C2775}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9ABE9CF8-281B-4661-AE78-1AAB5B03A48F}" = rport=137 | protocol=17 | dir=out | app=system |
"{B964F4EA-089F-4194-99EB-BFDF59EF1EEA}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF6309DE-DCAF-4725-A54B-D499FF3E4022}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E41030CA-5AC4-4FEC-9A83-BFD06D17364D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8B3A60-BFE8-4983-B11E-CAB355F01A53}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{10BC4D43-1FB8-4A6E-9932-6EE8D381E38A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{140DBAE7-4464-4C3B-BB97-A8FD564D579F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{1594C2F0-721B-4E09-A715-06FC36043EF5}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{17B763CF-DBED-4CBF-A67A-50114271F062}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{34FEE5A9-1209-4FF2-A86F-06EDB3DD2500}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FE41A50-E7D8-4BA9-A318-5E830FAB49DB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{42A24833-1651-49DE-B749-82BE3F6CBDE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{51D73EC9-D38F-42F0-808A-0AB5E37CEB12}" = dir=in | app=c:\users\jonathas barboza\downloads\videoperformersetup (2).exe |
"{56E21C66-5E41-4E84-8F55-D34191E47841}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{5771B3C6-4F22-45DD-9C69-195EBC21B8A0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{595E94CD-1DB3-4D75-8C99-076A3D99D096}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{637D1BDD-361C-4D4D-AD1D-BB3FBECBAE62}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{72CEE5C1-EA8F-48EE-9921-5C8AC3617D5E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{85777486-5B15-4069-A22A-B9897A9A5F7B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{862C1575-31B2-4ABB-8078-38A4C9B0E919}" = dir=in | app=c:\users\jonathas barboza\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{881E19FB-6720-4683-9B03-0770C726F747}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{8E2F17A0-5E56-4152-906F-5E9B207864C5}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{9AF7D350-434A-4AB9-938E-A41D10CDD987}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B59829F1-6F32-4B3E-AB90-6329A5BD5A45}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{B835063A-633E-4B00-94A6-AAF0C3832302}" = dir=out | app=c:\users\jonathas barboza\downloads\videoperformersetup (2).exe |
"{BAE2AE2F-8232-417A-A0F0-B685A23EED77}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{CE1CE1C8-49BB-4F2B-AB2C-4CA246654FD7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D58FFBFA-73A9-4230-A139-C5D78F75ED19}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{DA1C2F10-3E69-492C-95BF-9C0CA3DAF5E1}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{DB4B34C3-212F-4751-954A-35F00CAA6CE5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{DE152C7E-DC31-4083-B280-3FC84A096CF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E3FAA03B-5BC6-4C71-94F4-CE64FE4FAD5C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E695DCF9-78CF-4299-9438-D8AE97B53902}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{ED1FB81C-E298-427D-A992-22E155CF9AF1}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FB00FC5C-6745-481E-AEC7-8A53BEAF22B8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{FDB4D12E-8C38-4A2E-81C3-7EF9FBE309ED}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"TCP Query User{23E08B11-86B0-4B26-BFA4-B966684F492A}C:\program files (x86)\iminent\iminent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"UDP Query User{E0137934-7DFE-4D83-A78B-0DA05A9DAC50}C:\program files (x86)\iminent\iminent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iminent\iminent.exe |
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E031407-ABA9-42EA-89E4-3A4B8134A25A}" = HP Wireless Assistant
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{46CCB0D4-A98F-4009-B5A5-DE38A667D068}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 39
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3889988F-762B-4B85-AB17-71C9CC3AE445}" = Messenger Companion
"{39B3184E-0BFB-40FA-ADDC-E7E2D535CDA9}" = Controle ActiveX do Windows Live Mesh para Conexões Remotas
"{3B37422F-1A58-4138-AB02-0DD9035C02C6}" = HP Setup
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{4AEFA609-87D4-4964-B650-03EC904E673E}" = Windows 7 Upgrade Advisor
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5B368D4C-738B-49AF-9624-ED5273735756}" = HP Software Framework
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0416-0000-0000000FF1CE}" = Pacote de Compatibilidade para o sistema Office 2007
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Claro 3G
"{95140000-007A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1046-7B44-AB0000000001}" = Adobe Reader XI - Português
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6D20641-1707-445D-AE21-40B67C99A522}" = HP Documentation
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar
"Bonanza Deals" = Bonanza Deals (remove only)
"Desk 365" = Portaldosties
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FormatFactory" = FormatFactory 3.1.1
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"Mx One Antivirus 4.5" = Mx One Antivirus 4.5
"My HP Game Console" = HP Game Console
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WT087330" = Bounce Symphony
"WT087361" = FATE
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087428" = Bejeweled 2 Deluxe
"WT087445" = Chocolatier
"WT087453" = Chuzzle Deluxe
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087501" = Plants vs. Zombies
"WT087505" = 7 Wonders - Treasures of Seven
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087525" = Westward
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT087753" = Paparazzi
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"Youtube Downloader HD_is1" = Youtube Downloader HD v. 2.9.6
"ZumoDrive" = HP CloudDrive
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 04/09/2013 06:32:25 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 04/09/2013 11:27:29 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 04/09/2013 16:36:20 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 04/09/2013 17:18:17 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 05/09/2013 06:31:39 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 05/09/2013 11:24:17 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 05/09/2013 16:52:52 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 05/09/2013 18:08:33 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 06/09/2013 17:18:02 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
Error - 07/09/2013 07:33:40 | Computer Name = JONATHASBARBOZA | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 23/02/2013 12:07:35 | Computer Name = JONATHASBARBOZA | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\021323010730.xml
 File not created by asset agent
 
Error - 09/03/2013 12:18:11 | Computer Name = JONATHASBARBOZA | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031309011809.xml
 File not created by asset agent
 
Error - 31/03/2013 11:31:49 | Computer Name = JONATHASBARBOZA | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\031331123145.xml
 File not created by asset agent
 
Error - 06/04/2013 16:32:03 | Computer Name = JONATHASBARBOZA | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041306053159.xml
 File not created by asset agent
 
Error - 20/04/2013 15:46:57 | Computer Name = JONATHASBARBOZA | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041320044653.xml
 File not created by asset agent
 
Error - 05/05/2013 09:27:12 | Computer Name = JONATHASBARBOZA | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051305102655.xml
 File not created by asset agent
 
Error - 28/05/2013 13:22:46 | Computer Name = JONATHASBARBOZA | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051328022243.xml
 File not created by asset agent
 
[ HP Software Framework Events ]
Error - 16/08/2013 21:21:29 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/08/16 22:21:29.115|000016B8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 24/08/2013 15:28:43 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/08/24 16:28:43.238|000012D4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 24/08/2013 15:33:51 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/08/24 16:33:51.080|00001630|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 24/08/2013 15:34:00 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/08/24 16:34:00.551|000004D8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 01/09/2013 13:39:42 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/09/01 14:39:42.852|000011E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 01/09/2013 13:41:48 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/09/01 14:41:48.598|000010CC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 01/09/2013 13:41:57 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/09/01 14:41:57.405|000001B4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 07/09/2013 07:43:36 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/09/07 08:43:36.539|00001354|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 07/09/2013 07:45:28 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/09/07 08:45:28.362|00000668|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 07/09/2013 07:45:38 | Computer Name = JONATHASBARBOZA | Source = CaslWmi | ID = 5
Description = 2013/09/07 08:45:38.602|000013B4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 04/01/2013 13:42:03 | Computer Name = JONATHASBARBOZA | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException O servidor RPC não está
 disponível. (Exceção de HRESULT: 0x800706BA)    em System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     em System.Management.ManagementScope.InitializeGuts(Object
 o)     em System.Management.ManagementScope.Initialize()     em System.Management.ManagementObject.Initialize(Boolean
 getObject)     em System.Management.ManagementBaseObject.get_Properties()     em System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     em HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 04/01/2013 13:43:03 | Computer Name = JONATHASBARBOZA | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException O servidor RPC não está
 disponível. (Exceção de HRESULT: 0x800706BA)    em System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     em System.Management.ManagementScope.InitializeGuts(Object
 o)     em System.Management.ManagementScope.Initialize()     em System.Management.ManagementObject.Initialize(Boolean
 getObject)     em System.Management.ManagementBaseObject.get_Properties()     em System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     em HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 04/01/2013 13:44:03 | Computer Name = JONATHASBARBOZA | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException O servidor RPC não está
 disponível. (Exceção de HRESULT: 0x800706BA)    em System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     em System.Management.ManagementScope.InitializeGuts(Object
 o)     em System.Management.ManagementScope.Initialize()     em System.Management.ManagementObject.Initialize(Boolean
 getObject)     em System.Management.ManagementBaseObject.get_Properties()     em System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     em HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 04/01/2013 13:45:03 | Computer Name = JONATHASBARBOZA | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException O servidor RPC não está
 disponível. (Exceção de HRESULT: 0x800706BA)    em System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     em System.Management.ManagementScope.InitializeGuts(Object
 o)     em System.Management.ManagementScope.Initialize()     em System.Management.ManagementObject.Initialize(Boolean
 getObject)     em System.Management.ManagementBaseObject.get_Properties()     em System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     em HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 04/01/2013 13:46:03 | Computer Name = JONATHASBARBOZA | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException O servidor RPC não está
 disponível. (Exceção de HRESULT: 0x800706BA)    em System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     em System.Management.ManagementScope.InitializeGuts(Object
 o)     em System.Management.ManagementScope.Initialize()     em System.Management.ManagementObject.Initialize(Boolean
 getObject)     em System.Management.ManagementBaseObject.get_Properties()     em System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     em HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 04/01/2013 13:47:04 | Computer Name = JONATHASBARBOZA | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException O servidor RPC não está
 disponível. (Exceção de HRESULT: 0x800706BA)    em System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     em System.Management.ManagementScope.InitializeGuts(Object
 o)     em System.Management.ManagementScope.Initialize()     em System.Management.ManagementObject.Initialize(Boolean
 getObject)     em System.Management.ManagementBaseObject.get_Properties()     em System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     em HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 04/01/2013 13:48:04 | Computer Name = JONATHASBARBOZA | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException O servidor RPC não está
 disponível. (Exceção de HRESULT: 0x800706BA)    em System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
 errorCode, IntPtr errorInfo)     em System.Management.ManagementScope.InitializeGuts(Object
 o)     em System.Management.ManagementScope.Initialize()     em System.Management.ManagementObject.Initialize(Boolean
 getObject)     em System.Management.ManagementBaseObject.get_Properties()     em System.Management.ManagementBaseObject.GetPropertyValue(String
 propertyName)     em HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
 
Error - 05/01/2013 10:38:18 | Computer Name = JONATHASBARBOZA | Source = HP WA Application | ID = 0
Description =
 
Error - 14/02/2013 10:29:50 | Computer Name = JONATHASBARBOZA | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Erro no aplicativo.    em HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     em HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     em HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 14/02/2013 10:29:53 | Computer Name = JONATHASBARBOZA | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 11/07/2013 10:24:15 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 11/07/2013 17:52:01 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 12/07/2013 15:04:01 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 12/07/2013 17:44:22 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 13/07/2013 16:53:14 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 13/07/2013 18:08:09 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 14/07/2013 09:47:04 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 14/07/2013 14:44:36 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 15/07/2013 11:08:47 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
Error - 15/07/2013 16:02:21 | Computer Name = JONATHASBARBOZA | Source = Server | ID = 2505
Description = O servidor não pôde ligar-se com o transporte \Device\NetBT_Tcpip_{F7C06EA2-C411-401D-BB51-4CA13E086468}
 porque outro computador na rede tem o mesmo nome. Não foi possível iniciar o servidor.
 
 
< End of report >






O que devo fazer?
Responder | Em Árvore
Abra essa mensagem na visão em árvore
|  
Denunciar Conteúdo como Inapropriado

Re: Virus sydefudfls.MOS-DW

Guilherme
Administrador
Rapaz, seu log está completamente infectado. Tem certeza de que o problema é apenas o sydefudfls?

Rode o OTL.
Marque "Incluir Verificação 64 bits".
Clique no botãozinho azul chamado "Show rest of quote" (desse campo abaixo) para expandir o conteúdo do quote e copie todo o texto em vermelho (a partir de :OTL até [emptytemp]). Não deixe faltar nenhum caractere desse enorme script vermelho.

:OTL
SRV - [2013/09/10 00:18:19 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem)
SRV - [2013/09/10 00:18:19 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto | Stopped] -- C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522690
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://pt.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522690
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portaldosites.com/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522690
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Bundlore&dpid=Bundlore&co=BR&userid=a3a7df4a-36c1-4d6b-938e-c5ee563375e0&searchtype=ds&q={searchTerms}&installDate=13/04/2013
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=118725&babsrc=SP_ss&mntrId=FCCA20107A77525B
IE - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedanalysis@SpeedAnalysis.com: C:\Users\JONATHAS BARBOZA\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013/04/13 20:31:25 | 000,000,000 | ---D | M]
[2013/04/13 20:31:25 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\mozilla\Extensions\speedanalysis@SpeedAnalysis.com
CHR - default_search_provider: search_url = http://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=ST320LT020-9YG142_W046ZYWB&ts=1376522691&type=default&q={searchTerms}
CHR - homepage: http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
CHR - Extension: BonanzaDeals = C:\Users\JONATHAS BARBOZA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0\
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (BonanzaDeals) - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKU\S-1-5-21-4033835798-837088843-1847717302-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-4033835798-837088843-1847717302-1000..\Run: [Facebook Update] C:\Users\JONATHAS BARBOZA\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4033835798-837088843-1847717302-1000..\Run: [sydefudfls] wscript.exe //B "C:\Users\JONATH~1\AppData\Local\Temp\sydefudfls.MOS-DW.vbe" File not found
O4 - Startup: C:\Users\JONATHAS BARBOZA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sydefudfls.MOS-DW.vbe ()
O33 - MountPoints2\{11875cc9-fbbb-11e2-a502-38eaa71908a8}\Shell - "" = AutoRun
O33 - MountPoints2\{11875cc9-fbbb-11e2-a502-38eaa71908a8}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{74ffc3ea-64a0-11e2-ab51-38eaa71908a8}\Shell - "" = AutoRun
O33 - MountPoints2\{74ffc3ea-64a0-11e2-ab51-38eaa71908a8}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{d126275f-010d-11e3-9354-20107a77525b}\Shell - "" = AutoRun
O33 - MountPoints2\{d126275f-010d-11e3-9354-20107a77525b}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{eda6a828-d105-11e2-9cdc-20107a77525b}\Shell - "" = AutoRun
O33 - MountPoints2\{eda6a828-d105-11e2-9cdc-20107a77525b}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe -- [2010/12/27 13:44:38 | 000,302,928 | R--- | M] ()
O33 - MountPoints2\{f5e45098-5696-11e2-ab68-20107a77525b}\Shell - "" = AutoRun
O33 - MountPoints2\{f5e45098-5696-11e2-ab68-20107a77525b}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\{fa8721d7-f3e0-11e2-82d5-38eaa71908a8}\Shell - "" = AutoRun
O33 - MountPoints2\{fa8721d7-f3e0-11e2-82d5-38eaa71908a8}\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Windows/AutoRun.exe
[2013/09/10 00:18:20 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\BonanzaDealsLive
[2013/09/10 00:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BonanzaDealsLive
[2013/09/10 00:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDealsLive
[2013/09/10 00:18:07 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
[2013/09/10 00:18:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BonanzaDeals
[2013/08/14 20:30:00 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\Lollipop
[2013/08/14 20:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/08/14 20:26:49 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\SwvUpdater
[2013/08/14 20:25:10 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Local\DealPlyLive
[2013/08/14 20:25:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013/08/14 20:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPlyLive
[2013/08/14 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimilarSites
[2013/08/14 20:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/08/14 20:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013/08/14 20:24:54 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\SimilarSites
[2013/08/14 20:24:37 | 000,000,000 | ---D | C] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\eIntaller
[2013/08/14 20:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2013/09/10 23:25:00 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2013/09/01 23:43:00 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4033835798-837088843-1847717302-1000Core.job
[2013/02/17 21:13:46 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\BabSolution
[2013/02/17 21:12:38 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\Babylon
[2013/06/09 11:29:00 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\baidu
[2013/02/17 21:19:41 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\DealPly
[2013/08/14 20:24:37 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\eIntaller
[2013/04/13 20:30:59 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\File Scout
[2013/08/06 13:00:02 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\GetRightToGo
[2013/06/09 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\OpenCandy
[2013/04/13 20:55:04 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\PerformerSoft
[2013/08/14 20:24:54 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\SimilarSites
[2013/04/13 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\JONATHAS BARBOZA\AppData\Roaming\SpeedanAlysis

:Files
C:\Users\JONATHAS BARBOZA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sydefudfls.MOS-DW.vbe

:Commands
[CREATERESTOREPOINT]
[purity]
[emptyflash]
[emptytemp]
Cole o conteúdo copiado no campo azul inferior chamado "Exames Personalizados/Correções" do OTL.
Clique no botão Consertar do OTL e aguarde o PC reiniciar.
Ele vai gerar um novo relatório. Poste-o em sua resposta.

Em seguida...

Baixe o AdwCleaner e salve no desktop.
Execute o programa como admin e clique no botão Delete e OK.
Se pedir para reiniciar o PC, reinicie-o.
Ele vai criar um relatório em seu desktop. Poste aqui para mim.
MODERADOR
Carregando...