:OTL SRV - [2013/08/01 21:13:06 | 000,051,992 | ---- | M] (cake bake) [Auto | Running] -- C:\Arquivos de programas\Web Cake\WebCakeDesktop.Updater.exe -- (WebCakeUpdater) SRV - [2013/07/23 17:25:11 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [On_Demand | Stopped] -- C:\Arquivos de programas\DealPlyLive\Update\DealPlyLive.exe -- (dealplylivem) SRV - [2013/07/23 17:25:11 | 000,148,000 | ---- | M] (DealPly Technologies Ltd) [Auto | Stopped] -- C:\Arquivos de programas\DealPlyLive\Update\DealPlyLive.exe -- (dealplylive) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Arquivos de programas\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Arquivos de programas\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (DealPly Technologies Ltd) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[hidden email]: C:\Arquivos de programas\LyriXeeker\125.xpi [2013/07/23 17:25:42 | 000,007,064 | ---- | M] () CHR - homepage: http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Documents and Settings\Financeir\Configura\u00E7\u00F5es locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll CHR - Extension: Web Assistant = C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\ CHR - Extension: Web Cake = C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\ CHR - Extension: Bubble Shooter-HD = C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\hpakbhbnhkbghdcejiiangcefallmaln\2.2.0_0\ CHR - Extension: DealPly Shopping = C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0\ CHR - Extension: LyricXeeker = C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\odnofacmifkjndflfmmplhckcbfjckhj\1.125_0\ O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Arquivos de programas\Web Assistant\Extension32.dll () O2 - BHO: (no name) - {DF89BC70-AC87-4A31-ACD5-7417E2CF1209} - No CLSID value found. O4 - HKU\S-1-5-21-527237240-562591055-839522115-1003..\Run: [Facebook Update] C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O33 - MountPoints2\{2b07deea-95e4-11e1-92c0-001fd0fef641}\Shell - "" = AutoRun O33 - MountPoints2\{2b07deea-95e4-11e1-92c0-001fd0fef641}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{64998505-7fac-11e0-983c-001fd0fef641}\Shell - "" = AutoRun O33 - MountPoints2\{64998505-7fac-11e0-983c-001fd0fef641}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{64998507-7fac-11e0-983c-001fd0fef641}\Shell - "" = AutoRun O33 - MountPoints2\{64998507-7fac-11e0-983c-001fd0fef641}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{b65734b8-f8d9-11e0-91f7-001fd0fef641}\Shell - "" = AutoRun O33 - MountPoints2\{b65734b8-f8d9-11e0-91f7-001fd0fef641}\Shell\AutoRun\command - "" = E:\AutoRun.exe [2013/08/07 09:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Financeir\Dados de aplicativos\Web Cake [2013/08/07 09:52:29 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Web Cake [2013/08/07 09:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer [2013/08/05 12:44:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Facebook [2013/08/05 11:36:49 | 002,349,096 | ---- | C] (Banco do Brasil SA) -- C:\Documents and Settings\Financeir\Meus documentos\DiagnosticoBB.exe [2013/08/02 08:07:08 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\Plus-HD-2.3 [2013/07/23 17:25:42 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\LyriXeeker [2013/07/23 17:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\DealPlyLive [2013/07/23 17:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive [2013/07/23 17:25:11 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DealPlyLive [2013/07/23 17:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Financeir\Dados de aplicativos\Dealply [2013/07/23 17:25:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Financeir\Menu Iniciar\Programas\DealPly [2013/07/23 17:25:05 | 000,000,000 | ---D | C] -- C:\Arquivos de programas\DealPly [2013/08/05 13:14:44 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-527237240-562591055-839522115-1003Core1ce91f6e5ec6902.job [2013/07/23 17:25:15 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyLiveUpdateTaskMachineCore.job [2013/07/23 17:25:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\LyricXeeker Update.job [2013/07/23 17:25:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\DealPlyLive [2013/08/07 09:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer [2013/07/23 17:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Financeir\Dados de aplicativos\Dealply [2013/08/07 16:16:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Financeir\Dados de aplicativos\Web Cake :Files C:\Arquivos de programas\DealPlyLive C:\Arquivos de programas\Web Cake C:\Arquivos de programas\LyriXeeker C:\Arquivos de programas\Web Assistant :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] C:\Documents and Settings\Financeir\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\FacebookVideoCalling.exe" =- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" =- "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" =- "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" =- "DealPly" =- "Plus-HD-2.3" =- [HKEY_USERS\S-1-5-21-527237240-562591055-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dealply" =- :Commands [CREATERESTOREPOINT] [purity] [emptyflash] [emptytemp]