Eronilson

Google chrome não muda home page...

80 posts in this topic

Boa noite,cá estou eu precisando novamente dos serviços da Linha Defensiva.meu problema é o seguinte,de uma hora pra outra meu navegador (chrome) mudou a página inicial,

segue o link na página que não sai da minha home page:http://addons-chrome.info/,

e simplesmente não consigo alterar pra minhas guias abertas ou só pra uma página,já fiz de tudo desinstalei,reinstalei,deletei tudo da minha conta do google e nada resolveu,até deletei tudo da barra de favoritos,e pequisando pelo google li em alguns fóruns que poderia ser algum malware.vai em anexo os resultados do hijackthis,FSS eMbrscan.agradeço desde já pela atenção.abraços.

 

 

FSS.txt

hijackthis.log

MbrScan.log

Share this post


Link to post
Share on other sites

Eronilson,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554

Share this post


Link to post
Share on other sites

estou enviando os resultados do adwcleaner,jrt e malwarebytes,todos foram executados com firewall e antivirus desativados, executei o chrome e o problema ainda persiste.

 

# AdwCleaner v2.301 - Relatório criado em 16/05/2013 às 20:17:05
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : tatiana - TATIANA-STI
# Modo de Boot : Normal
# Executado de : C:\Users\tatiana\Desktop\adwcleaner.exe
# Opção [Remover]


***** [serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Program Files\Mozilla firefox\searchplugins\v9.xml
Arquivo Removido : C:\Users\tatiana\AppData\Roaming\Mozilla\Firefox\Profiles\jknh4or1.default\searchplugins\Web Search.xml
Pasta Removido : C:\Program Files\Protected Search
Pasta Removido : C:\ProgramData\Ask
Pasta Removido : C:\ProgramData\Browser Manager
Pasta Removido : C:\Users\tatiana\AppData\LocalLow\simplytech
Pasta Removido : C:\Users\tatiana\AppData\Roaming\Funmoods
Pasta Removido : C:\Users\tatiana\AppData\Roaming\simplytech

***** [Registro] *****

Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\e4daddb43aba47
Chave Removida : HKCU\Software\Funmoods
Chave Removida : HKCU\Software\Headlight
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\SOFTWARE\e4daddb43aba47
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\Software\PIP
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16576

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=SAMSUNG_HM321HI_S2K5J56B324890&ts=1359550889 --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.v9.com/web/?q={searchTerms} --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.v9.com/web/?q={searchTerms} --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=43168&st=bs&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&q=%s --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=43168&st=bs&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&q=%s --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (pt-BR)

Arquivo : C:\Users\tatiana\AppData\Roaming\Mozilla\Firefox\Profiles\jknh4or1.default\prefs.js

Removida : user_pref("browser.search.defaultengine", "Web Search");
Removida : user_pref("browser.search.defaultenginename", "Web Search");
Removida : user_pref("browser.search.order.1", "Web Search");
Removida : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tgu[...]

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[R1].txt - [11896 octets] - [16/05/2013 20:14:42]
AdwCleaner[s2].txt - [12064 octets] - [16/05/2013 20:17:05]

########## EOF - C:\AdwCleaner[s2].txt - [12125 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by tatiana on 16/05/2013 at 20:24:06,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81F43F07-5FF0-4F33-B742-F0EC251E4310}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4DD511C1-08CB-F8AA-A483-7C4F1027EE47}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\tatiana\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0056583C-0F35-4DFB-9E5A-82682436F545}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{00B61C19-61D8-4302-B948-69ED51083EA9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{00F3B836-2D5C-45DE-91FB-DFB62CD564BF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{01235441-0382-4D10-9ECC-8C99987AB0B9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{01C2BA62-FFD5-43FA-AC25-573E29607BEB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{01E9CFFD-ED0F-4F17-A1B7-051132B32BED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0215C8CE-06D7-41A8-9755-087102E5F58F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{029BFAD3-29EA-46C8-9FF3-1A0456D41B3D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0488CD48-F292-43E5-8876-1750F286FE48}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{04B33B9F-BC6C-424E-A576-5354B08AA23B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{04C1F895-8379-4849-8F5A-C382225551FD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{05539EEE-3026-418D-B08B-48C301B45B51}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{05E8486A-FEBD-4AAB-9623-3D4B16104D09}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{05E9C963-B68D-49B4-A6D7-8442A130C83C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{06420A77-5D96-4B30-BC6B-D1FFA942B017}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0729D39E-E388-4F4E-B1F0-102B3887CFCC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{078FCF0A-2AA0-482C-9DC6-80088B66F831}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{07B3CEBD-AD4E-4429-AE2A-9DE8D2228EEA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{07BF42A9-B49E-43A5-8197-AF0D5050447A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0A2D667D-A404-4704-B22A-5531EB760BEC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0A56B607-33FC-4EF3-9DB0-3EECF9339062}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0AADE832-4DB1-4B89-B617-18A275F5068B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0B710EAE-A5BD-4E64-9212-1AB1DD72266E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0BB9BA01-FAC8-4B9C-8BA5-B5BE10F875FE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0C335CC0-D72B-4FD1-8458-0E7C407D5CBF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0C33E55C-649C-4C17-B64E-333C0E917AE0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0CD6C5C7-EFF4-4B0C-BBB9-35FF2A19AED2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0D1F12EF-B43B-4113-8985-EBE1BCD99C29}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0D403189-C9B9-4EE8-B6DD-FA23B39192C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0DAE44E9-64DC-4FD1-98F4-C800216BFA6A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E143ECA-0563-47CA-AFC4-033108A0318E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E6C9428-F88B-4698-970B-8ABF6037C32C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E70C345-CF95-4E99-9224-BB0888179D78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E761781-F301-43A2-9007-8C2B32F5E153}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0EAA3FF2-D7ED-4B55-8E43-EE6B8883BE70}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0ECB5418-9DB4-42B6-A856-BDD656FE3E74}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0EEA234C-FED6-4950-A6CD-36E73002BE19}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0FA049A2-CEE7-4B7F-9212-53D3EDA2C315}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{101C8075-6DA4-4956-8978-2777DB4F6B89}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1077D302-5AFB-45E7-BE9F-0555607E70C0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{10D8112B-805C-40BD-9062-F62FA393F755}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{10E8CF81-E043-48C3-9B43-775AF3EE0AC7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{11644CC7-1CAC-4D3D-B254-F2A30D0E9A4F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1165BFFB-EE09-4164-B60D-E812B9831117}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{11FED1B4-DE9A-42C0-8C75-CC224D791E93}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{12529225-0806-4428-A5AA-EF99B5212BAA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1270B897-00DF-4449-BFDE-B2AD5BBADCC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{13D64347-4D6C-4D2B-B6B0-A9C9CCC630BC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1430FB52-E5DA-44FE-BA9F-AAD1860CC043}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{144927BF-43C1-485F-9130-628884EED8E8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{145DFF7D-92FB-4902-AFE9-A6D5C1C6F6AC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{154AC319-9325-4723-87A2-3D7C93C3EEC2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{15D54F54-A607-4AF2-A745-812668CFC363}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{16FF62AC-0979-4C84-81E3-0DA00EC6F924}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{192135E5-C748-4C4D-AEF0-F98FF67357E4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{19314BB1-E45E-400E-96A8-1AAAE6D51E59}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1962C6D3-7EA9-47FA-8EB2-BCB140894095}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{19C7B774-8F8E-46ED-B0E3-C8857B2D0BD8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1A059987-F2C6-41DD-9C57-B5D2A7A5539B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1A7AA1B3-177B-4CC5-83C4-76F13134E346}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1A9DB3C9-C797-42FC-89A0-26C45FBFE354}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1C02460A-277F-44AE-BB74-1CAD0BE5AB67}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1C144EF8-8792-43D9-BB46-C7128961D507}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1C43E5A4-1C70-4024-84AB-479A3448B983}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1CC02052-01BF-4804-8377-7D87AEA0E655}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1D462D5A-7BA2-472E-A55F-110E59E0F3C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1DAAA417-D1BF-46DE-AA24-84D9E2EDF506}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1DE1E201-A6DC-410E-8C68-C08D6A2E9A1D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1E2345DF-21E0-4620-B108-C9A9FEE0AAF5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1E9770E6-6363-47A4-9E64-A79D71AB8A32}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1ECD79CF-C030-410F-B2E0-18B05650E28B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1ED0595D-3065-4598-8788-8AE443B205DE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1F86B08C-3828-41B6-B466-E120C6A98EF2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{20526580-F339-432E-B212-B1537B47BE9C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2057093A-B12C-4F66-8D02-902F3CA5E9C7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{20FA77AD-A237-455A-AB80-647993BC5A9F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{226B2CFA-B844-4B39-A330-A33EE4F7A2D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{22E90CE4-3A6F-4EC1-B196-2C3DD83316B0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{23146E21-D57E-458B-8F45-7B992A43B9E3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{231EB541-9EEA-4C6E-90DE-A85726C0F316}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2475A716-8C21-453A-B073-21CB254B2257}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{250960D6-9943-43B9-8255-889B8AA584AD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{25279E84-045D-4843-B888-1B0BFA413D8F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{255D60F1-E45B-4AC6-8C06-83A79382A9B7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2699D275-1D64-4B91-A108-6C7FCF0453D1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{269B6763-5523-4739-8E3E-A65EE181DF57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{26C4C83A-95E6-4453-B8E1-70682821B23B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{26FD0948-5688-4A19-82F6-1915EFA3D72D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2766756A-6288-450B-88B9-050D29EFF790}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{27DBB581-F6E4-47E1-AB4F-D8B15308CDEB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2849C66D-5DEE-4898-A5E1-BB67DE2D231D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{29393AE9-A732-481A-A651-884E1BAC354A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{299AADFD-F2A2-4313-92EC-0A75C672ACD7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2ABD2CF2-2FA2-4CBE-982F-7373D2131E2D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2B651FE2-628E-444C-8173-E658680CF1CC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2BBF93C0-7D36-4F25-AAE4-49716B439FFB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2C35B76C-F3D4-420B-87E2-A407B27589D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2C3DE9DF-B64D-4564-912D-4F841607774A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2D10533F-A974-4D35-98F3-8F095511D6F4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2D307AC9-83DF-4CD3-8C86-0EF141899A7A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2D9B9465-59D9-4350-A93F-459F808F2FD3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2E0E1FD4-2CD2-4F30-85B9-1470C902A283}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2E437CD6-2D23-43C9-8F0F-A68EAB095CC4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2E64E26F-C968-4558-94E9-1D8909F77B2A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2EC87000-E88C-4319-8122-AA9B80E55BED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2EE43867-3652-4F7E-873D-69314912B5BE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2F7DF284-E91A-42E0-981A-CF39CF1DEF0C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{309FBE80-F13A-4CD9-AE63-A91F65E66DFF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{30A260FE-63DF-4BC2-8B20-1560078C8281}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{30CA0236-597F-48F9-A8F4-67226D9E6A4D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{30FE6D1E-31EF-42F9-B973-C900C679E2D5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31158190-5D4A-4CDB-8636-C355A5A16506}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{317E59B0-040B-4A15-AEDF-4B74AB7699B0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31A62356-1310-4DE7-969F-D22CCD3C7EC3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31BC5F5B-22A4-478D-B599-4665257DCFC2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31C3313E-3287-4D90-8076-A44E33AD7157}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31F2ED6C-8783-4AE7-BAD7-0D24A09D1973}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3230C892-6AEA-4B42-A144-028AC4538D50}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32689885-4D32-4EFE-967A-53ACF1DCEDE1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3290B76F-9856-4197-BA70-F8D803155038}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32B46E57-6A2D-4454-AF44-BF43F92FC6E1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32B611A0-4931-4DCF-8861-7BC3631F85FA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32C07459-BCE5-45A4-91FC-C334F16B9089}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{33346B2E-64E2-4FEC-8AD8-268FDD0EE1A5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{33535A5D-05DA-43CA-AB27-ED635F6F5FF5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{33870C9C-3AB8-45D3-B077-9FD2A51BDC3A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36317B69-4CC4-4C29-8D4C-050081D96B72}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36B29058-BF1F-4634-A4C3-BB91C22A47A3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36B3B037-74ED-4AAF-8C3D-DCA9A42C0A41}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36F60996-C8C6-40D7-99BE-E9BFC9DDB26B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3719387E-B501-4DC8-A049-7094D3D7834D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{37C4B90F-4EE6-4E6B-8A38-A91931C2575D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3860D68E-C124-4286-8A2B-3DAF57F760D2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3891BCEE-1C01-4767-86C7-91E2B342153B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{38C50D2C-3F0B-4955-8C38-570EA392CEAA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{38E7B86D-BDC8-494A-AC04-5BDFD2795287}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{38EAE45B-B3C3-49DF-A51C-C9D01523BC85}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{393ED896-C532-4E4F-A94B-1FFD273A06EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A647A68-F9E4-41A7-9D7A-4A64F61A5284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A6A57B1-EB6A-4A17-9C81-D648A1A4F6B8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A8A9B83-34AB-452F-B538-C8931987ED27}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A9902D7-84E1-4213-8F72-51C2721F5486}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3B753BEC-6B45-4D1C-9FB3-EFACCB5671EF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3B9CF24A-8428-4903-BF31-CA8AAF247E84}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3BB906AA-3C1D-47F6-BC9B-1A60F4CE9C57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3C09C521-88C9-4786-B3A5-BF756C78D079}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D3E7632-E46A-4FEB-B1F9-8533AF855924}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D3F2185-565D-414C-B47D-94E59E1AEDEC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D44C85D-D974-405D-8BB8-8E2D3DC5AA37}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D4E27D5-ABC4-4F5F-BE93-E18CF868A9B1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3DF29F79-AB0C-4BCB-BA45-755C654952AF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3E1401C2-FFA9-4E40-B495-66082C61B82F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3F417CE2-DBC7-430F-BB98-102A29FFE689}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4056135C-B3BC-4DD1-8F63-17C076FEA3F4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{40F0F075-E30A-4CF8-8726-3314222342D3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{41742B7F-6BA2-49FB-AB85-0B2F37A0E980}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{417E2C82-41B2-42F6-9B2E-B2FBA203855B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{42377271-1BE6-46AB-9EB3-6DF4E2390064}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{42D77D1A-39AC-4C5C-A7BD-6D5F59B5DF19}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{42F43664-97B4-4CB0-AA92-D86A858DB78A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{43071C7F-42FF-4CEB-8B88-BD6A91918BD0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4311FEA6-6EA5-4704-8D7E-0ACB737C2C23}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{43755B3B-BC8A-4105-8033-16578DECBDB8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{45283E32-9039-4801-AE41-759587A61330}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{45BA0BE3-11FC-4917-9A14-361E4BBB7CD1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4624FA4F-B121-4948-9F7E-CB4C7F35CB14}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{46BADEB0-276C-47AC-A2F8-24902624AF08}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{46C184A9-BB2E-402B-A01F-CA81EFA4921A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{46F92E72-700F-44C6-83B2-2C639ED983C0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{473B164C-BD25-45C8-9372-12BB92ED6E8F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{47C428A4-03DF-4382-8131-36EE41F198EB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{47D8B7AE-8858-4F62-B899-56E237286497}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{47FFD273-EF24-479D-818D-6583BE1CD993}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{48000383-1539-4CE4-85FC-3FBF3DBD2D71}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4872CA6E-0D7C-4457-BD04-34F26A1EF9C0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{489F231A-EA17-4678-A584-F1E23DF41C90}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{48CE825C-8523-46EA-B926-DC280CE1C9C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{48D33FDD-3506-4FAA-9EB9-4A84B88E924A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{492C466E-5CFF-449F-8590-22E23957AAD5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4946A1BF-D8E0-4056-AFA8-D3CB7E84C15D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4980B659-FA45-4DF6-94BF-1A3B66FA8668}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{498E4CA3-0D94-40C0-9AAC-582B48F30393}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{49BA4726-E45E-4EEB-91C7-4DDF33900ACF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4A320E56-85AD-4B7D-802D-2B2E41A7821D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4A62460F-4A3B-4C23-9F33-4C4C38F546F8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4AC4EA66-312F-43CE-B100-9F9F9C1BB96D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4ACD1AB7-5497-4BD5-925C-A46AA426A975}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4AE950E9-665B-4F73-B0AA-7905B81D8E88}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4B28BF5C-099C-4940-ABA2-49F97E5A3090}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4B4CFCC1-04F2-4E73-9998-14B0A9ABD71F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4BA8744E-5B32-4565-BD09-46D95D45A91D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4C53FB86-1E1F-4085-9765-4E647A89424E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4C783239-901B-4BAE-950D-327CE1E3A421}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4D67AA07-8C5C-4705-8FC0-F5B8F1A5D270}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4DECBDD7-3BCB-40A4-8E64-9CB2645E9835}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4E53B495-837F-4A78-AFF4-BAB99997CEFB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4E65AC73-A735-469A-A31B-733A3417E64C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4E75D71F-4008-4338-8281-B139D0259CC3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F22D742-0774-4559-A676-AB49317A5F6D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F6DE60C-B104-41E3-B822-FE571EC853E5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F763584-0E4D-4517-9D3E-1A6AAC21CBF8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F86D5CC-B2DF-4AE9-AD7D-51D923458B00}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F9CE5F9-53F4-47F0-AEA3-5B8BF27F39F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4FA4AB6A-C8D8-42A3-8F5B-49868946445B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4FBF5E23-D241-4BA9-BE35-EF0375A4432A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5002599E-0D3E-470E-84BC-17B71D98D8BD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5018F2A8-B13C-457A-8B0A-5758B9B289FD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5021F821-A454-4815-8026-25B1B7A42A88}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{50411E0F-2BBF-49FE-A3DF-32C6B8D92C57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{50BB5E0F-A404-4B27-B177-C00ACE0EEBFB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{50F5953C-6B0B-4326-AF8A-0B49425A229B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{51371937-CE5E-4BB9-9A3D-37711B4F1431}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{518C5FF1-39D1-42EA-9198-BF6974EF72AE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{526285AD-EC32-4766-9E15-693F9C62849A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{52723B5C-E72C-434F-B1AC-6A0FFEEB2AF6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{52740A9C-28AC-493A-989D-F10E45FCA81B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{52AEBB85-9A53-4C9B-AAE1-6BB10A6C9A4D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5316117A-22E5-424D-9522-305CDFD7EF7E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5361BAB1-71B0-4C3B-B478-BE883EBCAA35}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5399B357-EE09-4867-B6F6-6D98E7621BBA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{53D07F78-D308-48BA-8CFB-918C35A2C399}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{53D6B72C-D0E7-414D-BBC5-7ADB1F0F945C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{53F4B923-0FA3-4499-B323-B254F84B6966}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5486D82B-827C-4BA5-8122-D4014231C96C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5497B2BC-992A-411F-B58F-3C6A4CFC09D7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{55256C4E-0ABF-4092-9982-39870661ABE1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{55815DD1-4029-48E4-91E9-1B1DDF02DEE9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5793B170-D57A-41F2-A09E-9FC8607BB59F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{57A736C4-996A-4015-9BDC-FC2283C2A113}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{583DDABA-1C71-4793-A0C3-0BB81CAF112D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{58B14640-339B-4F56-B091-273F9903F5EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{591DFB5B-C2ED-4E35-B835-DB75623FC455}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{59C1E356-1108-4F91-AAA3-FEEA888EDB88}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{59C5038D-4E90-422D-942B-F789FD56DCDD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{59C5938F-AD64-410C-8777-9ACAD586FEB5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5A96681F-2E9D-471F-AFC4-1E23C2393217}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5AA7157E-0716-41A8-9AEE-84DC135CEFA2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5AB5AC26-62F4-4C69-8B81-2309C8337BB6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5ACEAEAB-9E0A-4885-8759-A671C5B3EFDB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5B00D079-FFC5-4A49-A2DD-8607DBF967A6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5B46E085-5882-47B8-9F52-2C882A8A8389}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5C60F01F-1747-4BB1-B4A0-421418FDBDB9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5CADA78C-D139-45FA-A906-F90702C80A32}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5E0D10A9-5CC1-453F-9585-AFD1E163F4E6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5E2769CE-B0F1-49BE-B9D4-8F92AA03C038}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5EA8762A-2952-4380-BFDE-064335C387D7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F2839B1-52A3-4D72-BCC5-02CD8199A1BF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F30837C-5901-4165-9239-289C04821C34}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F312FDF-9CB6-4192-8A52-B5E2E88DD17E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F738621-0F51-4092-B0A7-DF8112529C09}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F8D2C27-5D05-4FCD-9C73-8B88B877EBC5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F9B8E4C-7C27-4F16-B659-29DB0895C864}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5FE52734-7729-4A63-B1A8-D08ABA7AC249}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{60165DD8-1DAE-4F16-B413-83C19E984EF9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{608EB031-B80E-4080-B825-6B6DEE4F6E99}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6097B16B-1E0B-4A4E-9977-64BAC8914939}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{60CE6486-7DD1-431D-8092-DED90122F9D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{60E6801F-4F70-4B85-A5CC-FAFF9EA586F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{61132226-57D7-4A87-8AA1-B12750FC5B0A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6138206B-6083-450E-9EA2-1A81D639B2BB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6141E42A-1B54-4618-9700-466F623A807C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{61A1F9DC-18D0-4881-A750-3D7CD23E8022}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{626B31F7-2CD9-4F50-94E9-4A4CD5981FC5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{62A5CFFC-D536-4E73-9F94-5F670C3C7A55}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{659E060C-AFC6-4EBF-9C1D-3C020F940882}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{668B8043-28FC-4BD0-9579-4E5AB3D5F97D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{66C9242B-9087-413D-9AD2-EA70020AF33A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{675CFB46-BCA6-49D2-B9AB-04F3AEA70B1C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{67A53D32-9E26-4668-B21C-81ACBB705864}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{689EE268-3356-415C-B0FE-EFEE0C7DB618}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{68C50F98-238D-4443-9BDD-0FD6E535B1D1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6923EEE7-7546-41ED-B628-0BEC67105637}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{69555218-728E-477E-BF1C-0DC091156A3F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{69669758-9A20-4A43-9B1E-06F3511D0848}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{697F5330-0019-47EF-820B-7CE3C937CB57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{69F2F6D5-8FD1-4359-9D02-41F294CC1E20}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6A4A52A9-A46E-4F67-8259-54EC2F449150}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6A8553CA-9726-4217-A7EF-127CCD890ACB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6BDA08EF-7897-4E12-BC49-56031C77169B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C024870-DBCE-442B-A1DD-429840845DC8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C14FEE2-A479-4581-9757-1A8851ECE4EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C18A6F8-38FA-431B-BAB0-5A92ED756032}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C52AF52-1D0E-4B71-8C46-F5D78E05980C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C86543B-3676-4748-8656-C2D8C9F92BC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6CB9BC39-461C-4C72-8B5A-CBD6BB9614B1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D473FA7-A92E-4565-BE7E-3180FAEA79C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D5399A9-7EC7-423C-B72E-89E96CECB869}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D63DBD0-C8CC-42FC-A35B-F24CDDA9495E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D6ED033-925D-46EC-B8B7-95B53684379F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6EE591D7-9D43-4397-94A9-E64B672C214C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6F670E26-A9CB-417C-BB56-7927D634C617}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6F9F50CB-AAA7-4176-82D2-5B1A76E045E8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6FCB023C-6EE6-4F4E-8992-E03DC83F9FC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{70C51B3F-0DE6-442D-932D-16EABDB0E4B5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{719E2620-6B58-4B45-8D8A-DE56B0E0F1E1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{725460C4-5E1B-409A-9A84-44DFB29423F5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7266AB35-D561-430A-BB2E-370D5FD25E7E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{72A636C2-19E3-473F-8876-08F6051DD071}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{732C624D-DBC7-47A1-9F40-D1C7F4A456C4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{737C4481-F5CF-43CB-A3D0-1580A3887E89}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{73988609-9C7F-4A94-9FD1-C43614461B0E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{73F1208A-F5EC-4C8B-8CE4-81C39D25C6E0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7412AFF9-8F60-4B70-A39D-AF493C044ACE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7562AF1F-FAC2-4175-841E-F9CE9FD71A95}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7566D284-3D91-4447-AA56-0EEA62803DCA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{77E43B67-A831-471E-B7F8-905ABF91E817}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{793EF86C-4C61-40D9-B480-A012043581BA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{795086B7-81AD-4440-8F77-73BF296C6397}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{79793B7E-260A-4F80-BAF3-A159878C2596}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{79C083A5-FDAF-439B-92CD-260F88629C1D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{79D3E6C8-A6E6-48EC-B4ED-50F70FA8F043}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7A0BF78E-0E06-4815-A60F-A3336AF4C284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7BE420B3-AD94-4EFA-9650-CE6CB20764FD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7BFA1C49-4FD4-453F-909F-9B79647051F9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7D5DDB6D-61BA-4B02-B0DC-AC8879CED759}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7E0A9537-E8AC-4E21-93D3-9ECB5DA4232E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7E740E7B-44F7-4C01-A612-53B66EB4EA71}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7E9A620E-6B96-481D-94A3-2D631FB72912}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7F07103D-F1C6-436D-A887-986556636187}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{801B36A4-C69E-4C9E-97D9-68A2ED20E0EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{80D3E844-17C4-4AF8-BA3B-D562040E5527}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8117F616-BAED-413B-87B6-A8009F032284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{812A1A2A-623C-47D3-B745-0B2576AD9284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{81D83616-A6D3-4ADD-B90C-E04A3614E135}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{82CE14DD-756B-4395-98BC-9954F72911C9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{831AFB9A-CFD4-4287-9363-CC61F3788620}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83293AD5-3E30-468D-A835-6A98DAAC5230}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83E716AE-2FC1-4466-93B7-F88A7E8B558B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83EF1E7D-CFA6-4E75-B1D3-6EFDFD680443}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83F052F6-9F0C-413C-A2D9-65B04A94E50F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{841C9AFE-A0C1-4358-8B82-94025A593A5D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8508F323-EF23-4CAF-992F-ACC4FF2D900E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{85386A79-3674-4D29-BAD1-415B08B462F0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{853D9947-3B8B-48DC-8121-0AA13C52C12C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{864880B0-1406-484E-8A50-B80B5D1516CE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8686A8E8-6A00-4268-8CD8-0AEDED064CA6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{86B9826F-13C6-4BDF-B6A2-19B302211549}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{86BC52DB-DA66-491F-A36B-FC11D858CB4E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{86FF7D42-CCC5-48AC-A519-A82E72022EE9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{873FF2E4-7E48-4D94-A5F9-1E44A86AE4B3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88103A60-A084-4089-916B-A0762C6081CA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88976F2D-0083-4BBA-87DA-D7AA034C40BA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8899000E-82BB-4DED-BCD7-FA6024FF2877}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88DAD7EE-2AF5-4E4B-8F27-89BB36298C89}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88FD2E53-E227-44B5-A27E-F97222BC155C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{89D20272-CCF3-4479-A972-94EB345F85E3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{89F35CBB-C6C1-4DEE-B42F-B6CA8CC81E3C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8A19C4E1-3E7A-4BB7-85FB-9C1C18DD4173}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8A4A27D3-DF21-4297-B33D-F31015861141}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8ADBCFA7-5C1A-4D31-942C-1E976837A9B5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8B2AE5D5-2334-40B0-AB9F-D4C0A8282D05}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8CCC4741-7E9F-4495-9FCE-5928E455A077}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8E0D578C-62E9-4396-8589-A305C4D42CEF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8E869F2E-49A8-43A1-BF00-41A32D59F642}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8FA3CA2C-EC73-4159-AF64-8E9403505C07}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8FAC561F-3A39-4403-84DA-0A5A1239E394}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8FC30D91-6C93-4FA4-AD0F-5B283BF48B78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9027F1D6-4F05-4327-A186-E69FECA52AEA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{907F436C-0EC1-462B-8A7E-02E6BB1C7A93}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{90B0388C-A1DF-4F82-95EC-D7BDA471D952}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{90E2073A-E45F-42A2-A9ED-FFC957ADBDDD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9161E06A-C8C9-477B-B810-F354072BCE0A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9172AC74-F44B-46CB-AE84-63A7F57C968E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9199DE3F-117B-4068-BDEA-06474817D904}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{91B4FE4D-CCB7-4E6A-885D-F8D441EA491B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{91FCCD3D-64B3-48A9-B970-5A722DFAD80F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9233CD94-7880-4209-BBC1-F8E3670A0DA6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9339A80E-2AE9-4BA7-B27C-7AA4F20F8A9A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{937B9D48-F4BB-4ACB-899E-53698C1DA3AD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{93C3976B-DB4D-493E-A3EE-ACDAA72DB896}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{95228A01-1C7F-43AD-B6B0-F02D809902BC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9590D592-A0E4-459A-9D94-3B87DE6D5754}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9634970D-3320-408B-8BD8-C4423E6DD746}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9681D70B-C964-4F38-829B-B79986EBD2EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{97167501-F332-4D59-BF0F-CAEC1BC5A7D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{971BFF9E-AB1B-4699-8B50-292CD3619D0D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{97E2848F-8F0F-463C-9D35-BD57AAEE4F78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{980A1CCC-9505-41E7-BC87-FF088C79B177}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{986DC75B-DC8E-4000-88F0-768741559F95}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{98E06B0B-6D92-477D-991C-455A78DCD5D7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{995F486F-B24B-4F56-B65C-F7AAC2B7AA4C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9A80EDFE-6A88-4A3E-B167-B22FFB2030F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9AA50EC4-85C7-4703-BA19-2680F8702717}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9ADCDAEE-59A7-4FFB-8ACA-4AB3001B7FDC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9B5FD8A1-8D1B-49EC-AE40-A0752DB4DE2D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9B8EDC5E-58E6-42DF-BE8F-E558B1F30ABB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9BABA211-B75A-4803-94D8-3DB04CB0FFC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9BC71BE8-0B33-4152-8176-8E8D10707F2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9BF42BF7-1293-4583-A538-C2318F57DB38}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9C9D89C4-893A-4BD4-B1A8-B166E34C7E8E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9CBC17AD-018C-4415-BF21-8233CDB537CE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9CF3D18A-1C41-46D6-ABEC-2A64B1D03C87}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9D10F4A8-1D8A-4391-8F1F-31DA3834465A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9DAF2771-6184-4B40-BE83-6403AB7B7FD1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9DBF1006-F721-413B-8B42-EEB81015DE3C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9DCDDEB2-7DFE-4C83-9F06-169F21FD082A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9E500E8D-F63A-4230-8A05-30FB1CE59DF2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9F95EA55-DB82-4D6B-A0A4-CF9288AB97EA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9FB72DAA-77D0-4FFD-AB70-854805CC2F00}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9FBAFFC9-D7DA-42A8-9DA1-0D3DFC5F3140}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A0A8F1D7-4CB6-4BFD-92CB-DBC3A51C7515}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A0FD390A-013E-4E9F-A801-160E31DAF755}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A111E26F-7665-47AE-9E0E-58BDBAE82D73}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A19A0061-892C-4890-92DB-DAF8E08C3DEC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A1FAE5F8-55E1-4E38-BAF7-531973A3B1EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A24F74B7-D6B4-4108-800D-FC1E675B0A24}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A25E73C5-7F6E-479C-8565-875E178570B4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A2BB754A-45C5-4A27-A146-5489878BD77F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A2BC31C9-88AA-4451-A906-B193A5EC9633}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A37DC381-054C-4929-92A7-D0443617E6F6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A3CAA3BD-3447-4509-8B38-D12257F35B92}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A3CBC9B0-5A8F-4942-B06D-05D4CFA7A59E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A547BFAB-42A6-4130-872A-259127037ADF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A5855CBB-51D2-4876-8C43-D193E5A3975C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A5E6F073-58F8-40B6-91BF-41B60BEE0267}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A6238876-E996-42E3-96CE-FFDD65B7BE1E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A6A5E955-1B48-4B03-98BA-36EB45665051}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A75B5CDF-8113-4451-BD79-BB38B4D38591}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A855A17E-0D47-4D5B-A8C6-820B6DA46C2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A88DADDD-CE9D-4A4C-B417-681AAF08C830}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A8A91AF2-D588-439C-8641-3931CA659EA5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A8EE2ED6-68DA-48FB-98CF-9D2D1734A3D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A927CB80-D5C8-4BFC-BAF1-4195EF0A2B26}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A928F956-3853-453B-B5CD-8B1EAB97CACD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A9A9AA71-F304-4A8B-B062-0B3E8912700F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A9AF635F-2CB3-41BA-9FA4-BC21F076B1CC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AADA5BDC-932E-4053-BE2F-73EB20148F00}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AAFE3101-DBF6-4ADA-81A9-3E8F24F7BEB5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AB89CFAB-6313-456E-8AA1-41FEFE410E07}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AB974355-7090-4F28-B050-ADD24508BD25}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ABD1B55B-C6EE-441D-8BE8-3326BEB28C67}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AD4A3304-A6E2-4D59-9966-5018CB760912}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AD99D1F3-F904-4186-8939-98AABD5EA97A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ADC7C133-A25A-48E9-AB1B-02CA4D186104}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ADFD3F87-DE98-404F-BDE4-10C6CE7B4F2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AE6852EB-A32E-45D8-87D1-BCD8833388D5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AE8E7EA6-1137-477E-A8F6-11151791649B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AF491AF3-CFEC-45B4-9066-76D6EF41AB72}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AFC4242A-FDD9-4FD6-94F3-35BD6872FE83}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B07F8028-02DD-496D-BE41-62F21D053295}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B09530BA-B0E5-46CF-BE03-5E89CE406F78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B12E4033-9603-46C3-8609-855B79DEC9E9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B2030255-0CE4-4AE6-A7DD-5F8B3DC14004}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B21C015A-4671-40D0-8AFB-AED29CADDB81}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B2A6A315-DA49-407C-8752-C7A47D9A4944}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B2EE0AAF-F990-4759-BF53-C7ADCE3EE4F7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B328DBD0-27B4-487E-B58F-B1459D9192AF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B333B74A-E7E2-4EA6-9A6C-62E579068687}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B3D90715-8B80-454D-A55D-139234C2FFB0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B43A22CC-F0E4-4687-A2F3-6E5EB852E960}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B49F5EB0-E169-4328-8AFE-5303D1F99ED8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B4F874F3-AA55-4E2A-A463-DD12BB584A1E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B50F70EE-3C9C-43F2-BBBA-AB2A64631C4F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B5C224D5-2181-4AC2-A9ED-44C4609C426D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B5D79DA9-6ADC-43F3-ABC4-62A5544372DB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B5EF3E5D-F08D-479E-A9A4-5EEB233EA177}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B6DA12E3-819E-4258-9895-ECFA2CFF5500}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B6DA45F2-0FBA-4BB7-9533-B5767944A2C7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B73363BB-8E93-4E21-B8A2-0D0B9A754967}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B75FB4EB-293F-4C2E-A7B5-251F0F0A1A73}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B79713DF-A07C-4A51-AEDD-4BD7CD46A678}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B8300DEE-80B0-48BC-995E-3E9B019920BE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BB32F2DD-1D31-400D-BFFE-988C5B320702}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BB71A77B-F1B2-4619-8458-BB365064AF98}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BC640468-1EF8-4B98-BD24-43A0452A1C5F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BCB28EA0-1D9F-4A7C-9F6E-77EB82D37917}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BD550366-5FD5-4C70-A1C5-E003A21D879B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BDA74804-D0C0-447B-92D2-FDCAEEB09422}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BDEC7160-E767-4034-92CA-370B6C2CD8E5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BEFDFD48-8163-4C37-97DB-8B760CF0E49E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BEFEF6FC-7209-438E-BC55-22944546681B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C00C5D5E-19E4-444B-AA60-BC6C2D9F3198}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C0139997-592B-4F79-A5F0-AD57415694B2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C09042A3-4E55-4500-B1F9-25B5D998FBA9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C0C2FB4B-CB06-4F39-9793-1B42C35E4BBD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C12079DC-177F-45F3-850D-8F72525C8AA4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C16626AF-DB27-48AB-8A05-2D483D3BA62E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C198690C-856F-48FD-B8AA-185329792BA3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C232F7DA-7580-41BD-86A0-EAE49C6DA173}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C32C190E-1B26-4198-8437-10CC74D43017}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C3C705D9-9A03-46C2-936C-58BC0B5D42E9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C3DF0764-BBF9-4789-8938-ED27C2D58377}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C3F6A0B8-CEE6-441A-B216-F0D7913C3AC7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C4EDC50A-A1BE-4906-AEBD-4C5D64BDDF28}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C54E7B9B-18EA-44F9-AD88-D8973BB35D03}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C5EA7382-764C-4B10-9EC9-31FF87CD4552}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C60D977F-D3FC-4163-8553-9E7A04B7BC02}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C6404E5B-33B4-4AD1-A78E-44C87E306D08}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C6A3CA7D-3727-4560-A306-EEF926974579}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C6ACBCB5-2363-4CE9-AFFE-5C17D64EF980}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C87DE2CC-ABBB-4882-B1DD-5F2639AB1BE5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C887E6C9-F1FF-4831-9BD1-316A11EABDED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C8FA5103-4C45-4AF2-9D15-AF0DEE876250}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C9AA0B04-0363-47E8-A2D0-BCB3C3E1798E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CA2BA984-F4AC-459A-90F3-6823E86401C4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CA31779C-C5E9-4C2F-9D86-1526FD69C1DF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CA855B0B-8D68-4F48-B235-CDBCA6850B98}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CB4CA646-DA84-4B69-AE30-286E1A4401AB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CB4FCA01-F86F-432B-85A6-ED2D1996E558}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CCA16974-41CB-47BB-BF7D-AF8E6A35B7B7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CD6097E2-D46C-4FAF-9C81-E44DC862EDE3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CD6B6354-0A43-48C9-BC45-5E423E12697F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CDA780A1-1EDA-4E16-8F3F-B151D935AC1E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CE2D9C72-1188-4365-944A-8C23E58D2F46}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CE4E3D29-061D-4B96-A9C8-ACDFFB7FE764}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CE84888E-A244-48D0-A35E-BC83E081B625}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CEA82792-81DB-4A45-89B5-C3BDBFCF0503}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CF39E726-FFCF-450B-8FF7-9B9A20576406}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CF9AD1B6-06A8-4CE4-BD46-AAC240E41D5A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D1953C6B-BF20-4D40-B817-C4C6548D9E62}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D1DB7769-0067-4200-8897-83DFA62AB6F2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D1F73584-6E07-4E64-BD5D-05EA75FFB4BE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D2419666-AD1D-4D70-84BB-9A5C61E4DB10}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D34038B3-44B7-44CB-A9FF-BD8BB789BD48}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D410CFCD-F8BD-4EDF-8E5F-D89328E6F7EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D42CC1F2-180C-4903-AB98-985CC9996D05}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D4668099-ACD2-42E8-B341-2A136A7724B3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D536EC74-A989-416E-867C-3F4F661FDF2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D6220DF1-E36A-4575-A8D9-0CE6356DB48D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D7475426-7034-45FC-901B-B4E085C4D1D5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D87B68F0-52DD-4D53-8E60-A89EA1343F93}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D88D6970-A3B9-4535-9668-AA9CA9372B30}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D91A5FE4-8598-48B1-AA8A-CDB9DA8DF2CD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D9741CA0-4FDF-42FF-9848-A8CFA6EBD8F9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D98AD0D1-8C82-4E98-8450-CB8BB3E54BED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DA18BC4A-4D1D-434D-ACAB-1386E09483F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DA1F01CB-CEA1-4E42-B047-662D6CF96184}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DA9B41EE-DDF5-4571-8119-96EC03B45B43}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DAD3BEF0-CA5C-4311-B12C-CD5543AB5072}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DADCEA36-7AE3-4FF3-8189-8E28582C4B3F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DBAE9354-D8D6-4135-946E-4F9B3F1CAB95}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DBB75385-073D-4A85-B299-7D3304D940DE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DBC51F7E-9C98-408F-8C6C-9FDC2EF8E7D1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC2FFF10-1DC7-4D64-9B8F-C77CE6F2820E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC41A9BC-D041-4F16-822B-30EB16495A50}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC4F4751-ECCE-44EF-B335-9147DB94CFD2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC61EB50-845B-49BE-812E-A2EBF69E231D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC84E5A0-878A-43A6-A697-6E96DE26D4DB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DD082B0C-23DF-436C-96AB-21C474B2E71F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DD1C4F72-4C9C-4C2F-B0CE-22641E6B4174}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DD2A3B19-0962-470F-9073-C6DFE919FDC4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DDAE47E2-30CE-4282-BB9A-2FCD6BFAA648}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DE0BA04C-508D-4D74-A988-B73954C5A207}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DE119A93-B6D3-4983-B04E-D497F85062DD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DE50DB5C-E41C-450E-AFA2-6C76B01FADB9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DEA27C21-CC49-48A2-BDCF-0955DA4B8A4E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DEFE8769-F5E8-4835-93C9-DB0D8CC381BA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF034A46-2E17-4CCE-A571-4E0C9142F59C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF11EC33-348F-4743-8688-B3AD58FF0779}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF417B34-EF0E-4CDA-9EBE-88906E325255}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF60BAFD-DD0A-4A0C-B833-4CB2B25645A6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF6B3E8F-7531-417F-9223-CA63E79ACC1D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E03BD24C-7E0D-464B-9AD6-F3081E0E9022}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E0ADC804-095A-4F10-9D7F-8C161784CE8C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E0C41565-6F92-4E2B-AD07-ACF0C895F4E4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E1B12CD0-430B-44B1-B8E5-77899D3B44EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E1C253C8-6C6F-412F-ADA4-47C468F9F703}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E235CFE7-AE57-4D28-9C06-1096CB8D9B46}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E2BBAA3C-9C60-445B-9315-115274D0F54C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E44B8035-9499-4298-8EEF-F9D10FDAD3D6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E49F9A7C-B231-4824-ACE1-8610262236FF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E513F3BA-7879-48DD-8DF3-1AD71B0826B8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E5592871-6F7E-473B-95CF-9E2EADD56EF8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E57BAFE7-BA2F-4BED-BA1C-E47C6B501544}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E5B78AF9-EB1A-4DEE-ADFA-8605ACB84706}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E5F741E2-0C1C-46B2-8857-C13A18DE6751}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E6638870-24E9-4DA4-B0E4-4B054C69DE0D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E67975BD-8A97-440C-80B5-5C163286EA5D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E68F0202-47FF-4723-AC52-096F526D2651}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E6F1EAD8-1519-4023-82C2-D1DC3FB635DD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E7074575-FA38-47F9-93F3-CF2224B41A39}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E7D2C527-3A3F-42B3-A696-488151CD5D70}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E8B3B02F-2B77-4838-9D34-9BCE08CDFD3B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E914C31A-5C4B-459E-94BA-AD63FE4161ED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E9876F42-2CBD-4FDD-97DB-9557507359C2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EA92D624-2CF0-4D9C-A2D4-912207339E05}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EB1C1422-9CE6-4415-A2D0-54FD977126BF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EB4FB6A2-E6BF-4627-9D79-D2B7F3FC6095}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EB5D6FA7-D964-49B7-AE12-16260F6B8086}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED1E285F-D23C-464B-8917-05F3ED55556D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED2F7CB7-7A0E-46D7-9335-97C0C35342E4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED4C46E2-5728-4068-9A57-1B3356E6D0C4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED9024EA-1DED-418C-9359-57FDCC59EEF8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EE7A6257-D915-4A3D-9390-24C30183CC33}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EE93C074-5AF5-4136-8DD7-4494B2A42F5A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EEECEE70-B731-4B73-94F7-5A1382DB4D66}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EF57566D-8C69-46A9-893C-94A931E5A973}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EF6DE2F1-322A-4395-8D4F-4A693D438EF5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EF86A87B-66A2-4151-8A1F-C94A4583593D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EFAB69CC-4283-41CE-A57C-3ED04683BD5F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EFABFF8E-C99B-4B00-B0D4-541B51AEF297}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F06174D4-6BA2-480D-A40A-84B90B576553}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F17D77BD-34B7-4DBC-A34F-2901377233D0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F1832660-C6FB-4D06-8E14-193E0912BC41}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F1E5F90A-9E83-44FB-AD58-62DA7C45B155}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F2918DDC-F8FF-49BC-898C-2DF5233902AB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F2B80724-21E8-4CB4-8627-5591DE636327}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F34B6608-01E2-43E5-B0D1-790E225F82E5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F382CDCF-54E3-4473-92F0-1428B50FA34E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F3DD9334-D49D-47C4-825B-8277C84A96E0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F5116F38-5D55-4162-BAD6-897D3DBDD7DE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F5A69386-A938-4DD6-A0A5-186F1024300C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F5AE716D-E518-40BC-B0FF-8084C49818CF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F7061617-4F8C-4BBB-9BDC-CF245150F446}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F7321E7F-08BE-49FB-830E-5572AB910B70}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F74E4A8E-0380-4363-A904-B9447E38DD47}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F760570B-7324-405B-92FA-885E86065E65}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F91CBE00-854F-4455-8DA5-B8FF3103A3F7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F93ABCD2-4DE4-46EC-ACB0-8C742E3BA580}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F95AEB71-B6E1-4B8A-BE4F-41DC89E65FA5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F97B39DD-0E40-4948-B007-56AF943048FA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FA7224CF-F9AF-4CC8-A71F-71D9AAFCB063}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FAA927A7-FC76-4E96-BD00-A37270F2365D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FC800634-1505-42A9-B107-72B67CCC83DD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FD6F95D6-61DF-4FC3-922D-F86265882856}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FDDC2C18-35D9-45E8-820A-485B686EFA32}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FF36F5DF-668D-42BA-AAC6-2BBC168D6CFD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FFCA8AA6-DCF5-45C6-907F-278F89EA78AB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FFD2B7D7-2523-4E4F-91A5-D09B7B7978EC}



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\web search.xml"
Emptied folder: C:\Users\tatiana\AppData\Roaming\mozilla\firefox\profiles\jknh4or1.default\minidumps [74 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/05/2013 at 20:25:53,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados:  v2013.05.16.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
tatiana :: TATIANA-STI [administrador]

Proteção: Permitir

16/05/2013 20:39:36
mbam-log-2013-05-16 (20-39-36).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  217416
Tempo decorrido: 5 minuto(s), 25 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\Users\tatiana\Downloads\PDFReaderSetup.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

(fim)
 

Share this post


Link to post
Share on other sites

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Verificar All Users
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%appdata%\*.*
%windir%\tasks\*.* /s
%systemroot%\system32\tasks\*.*
%PROGRAMFILES%\Internet Explorer\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start

services.*
/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

Share this post


Link to post
Share on other sites

segue os resultados:

otl.txt

OTL logfile created on: 16/05/2013 22:06:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tatiana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,86 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 63,63% Memory free
5,73 Gb Paging File | 4,68 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,97 Gb Total Space | 143,94 Gb Free Space | 49,30% Space Free | Partition Type: NTFS
Drive Z: | 5,93 Gb Total Space | 5,87 Gb Free Space | 99,04% Space Free | Partition Type: NTFS
 
Computer Name: TATIANA-STI | User Name: tatiana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/16 22:00:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
PRC - [2013/05/06 17:55:50 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/04/23 13:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Arquivos de Programas\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/04/23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Arquivos de Programas\Samsung\Kies\Kies.exe
PRC - [2013/04/23 04:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/23 04:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\tv_w32.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Security Client\msseces.exe
PRC - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/11/27 21:08:28 | 000,739,936 | ---- | M] (Sony Corporation) -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/01/21 17:14:50 | 000,537,504 | ---- | M] (OEM) -- C:\Arquivos de Programas\OEM\LIVE! OSD 1.27\osd.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Arquivos de Programas\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/16 17:31:01 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013/05/16 17:30:23 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013/05/16 17:30:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013/05/16 17:30:07 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013/05/16 17:29:57 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013/05/13 19:59:40 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll
MOD - [2013/05/13 19:59:01 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013/05/13 19:57:34 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/05/13 19:56:57 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll
MOD - [2013/05/13 19:56:53 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll
MOD - [2013/05/13 19:55:53 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013/05/13 19:54:59 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll
MOD - [2013/05/13 19:54:41 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013/05/13 19:36:16 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013/05/13 19:35:38 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013/05/13 19:35:22 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/08 11:04:14 | 000,100,352 | ---- | M] () -- C:\Arquivos de Programas\OEM\LIVE! OSD 1.27\LiveIO.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/16 19:04:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 19:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/01 11:12:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/03/08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/05/16 21:28:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0769FD2B-F79E-4488-8DF2-9818DBF53F98}\MpKsl03af7695.sys -- (MpKsl03af7695)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/29 17:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012/09/17 19:58:32 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360SpOEM.sys -- (360SpOEM)
DRV - [2012/09/17 19:58:32 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2012/09/17 19:58:32 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360RegOem.sys -- (360RegOem)
DRV - [2012/09/17 19:58:30 | 000,152,880 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360FileOem.sys -- (360FileOem)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/26 11:13:24 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/07/01 11:09:35 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/01/21 11:59:32 | 000,005,120 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveGpdKBFilter.sys -- (LiveGpdKBFilter)
DRV - [2010/01/21 11:58:50 | 000,010,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveIO.sys -- (LiveIO)
DRV - [2010/01/21 11:57:16 | 000,005,120 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Livemouclass.sys -- (Livemouclass)
DRV - [2010/01/21 11:56:34 | 000,005,120 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Livekbc.sys -- (Livekbc)
DRV - [2010/01/14 08:04:04 | 000,106,496 | ---- | M] (ZD Secret Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZDDriver.sys -- (hwdatacard)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/30 09:38:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/03/30 09:38:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/03/30 09:38:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/09/20 00:41:50 | 000,037,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CamSuiteVAC.sys -- (CamSuiteVAC)
DRV - [1996/04/03 16:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5F209F84-D600-42F8-B6EC-9AD178F9DD73}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.semptoshiba.com.br [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.linhadefensiva.org/forum/topic/150496-google-chrome-n%C3%A3o-muda-home-page/"
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\tatiana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\mfgt@live.com: C:\Program Files\\Firebirdc\mfgt@live.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/16 16:08:44 | 000,000,000 | ---D | M]
 
[2012/10/13 22:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tatiana\AppData\Roaming\mozilla\Extensions
[2013/05/16 09:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tatiana\AppData\Roaming\mozilla\Firefox\Profiles\jknh4or1.default\Extensions
[2013/02/16 10:29:00 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\tatiana\AppData\Roaming\mozilla\firefox\profiles\jknh4or1.default\Extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/05/16 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/05/16 18:13:13 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://pt-br.facebook.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/12/06 11:53:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Arquivos de Programas\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Arquivos de Programas\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [] C:\Arquivos de Programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [Facebook Update] C:\Users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/05/16 21:59:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
[2013/05/16 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Malwarebytes
[2013/05/16 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/16 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/16 20:33:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/16 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/16 20:04:17 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\tatiana\Desktop\JRT.exe
[2013/05/16 19:32:20 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\tatiana\Desktop\FSS.exe
[2013/05/16 19:31:56 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\tatiana\Desktop\MbrScan.exe
[2013/05/16 19:30:38 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\tatiana\Desktop\HijackThis.exe
[2013/05/16 18:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/16 18:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/14 22:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/05/13 19:55:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/05/13 19:55:17 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Samsung
[2013/05/13 19:55:14 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Samsung
[2013/05/13 19:55:07 | 000,000,000 | ---D | C] -- C:\Users\tatiana\Documents\samsung
[2013/05/13 19:53:13 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/05/13 19:53:13 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/05/13 19:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2013/05/13 19:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/05/13 19:43:18 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013/05/13 19:42:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013/05/13 19:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/05/13 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013/05/13 19:28:38 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Downloaded Installations
[2013/05/10 15:05:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/02 09:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/23 13:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/04/23 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/04/23 13:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013/04/23 12:39:42 | 000,000,000 | ---D | C] -- C:\Users\tatiana\Documents\Sony PMB
[2013/04/23 12:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2013/04/23 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/04/23 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Sony Corporation
[2013/04/23 12:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/04/23 12:00:03 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\InstallShield
[2013/04/22 20:23:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/04/18 19:07:00 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2013/04/18 19:07:00 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2013/04/18 19:06:46 | 000,569,344 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2013/04/18 19:06:46 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2013/04/18 19:06:46 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2013/04/18 19:06:46 | 000,258,048 | ---- | C] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2013/04/18 19:06:46 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2013/04/18 19:06:46 | 000,200,704 | ---- | C] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2013/04/18 19:06:46 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2013/04/18 19:06:46 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2013/04/18 19:06:46 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2013/04/18 19:06:46 | 000,131,072 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2013/04/18 19:06:46 | 000,122,880 | ---- | C] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2013/04/18 19:06:46 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2013/04/18 19:06:46 | 000,110,592 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2013/04/18 19:06:46 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2013/04/18 19:06:46 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2013/04/18 19:06:46 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2013/04/18 19:06:46 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2013/04/14 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/08 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\PSafe
[2013/04/08 13:35:42 | 000,322,560 | R--- | C] (PSafe Tecnologia S.A.) -- C:\Windows\System32\PsClikS.dll
[2013/04/08 13:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe
[2013/04/04 09:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/31 10:46:24 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Leadertech
[2013/03/05 10:21:14 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/05 10:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/05 09:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/03/05 09:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/05 09:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/03/05 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/03/05 09:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/03/05 09:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/03/05 09:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/03/05 09:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/05 09:02:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/03/05 06:51:38 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Microsoft Help
[2013/03/05 06:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/03/03 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Facebook
[2013/02/24 23:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/24 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
 
========== Files - Modified Within 90 Days ==========
 
[2013/05/16 22:01:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 22:00:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
[2013/05/16 21:57:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 20:59:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/05/16 20:59:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/05/16 20:55:59 | 000,025,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 20:55:59 | 000,025,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 20:48:45 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 20:48:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 20:48:31 | 2306,256,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/16 20:04:27 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\tatiana\Desktop\JRT.exe
[2013/05/16 20:04:11 | 000,632,031 | ---- | M] () -- C:\Users\tatiana\Desktop\adwcleaner.exe
[2013/05/16 19:41:00 | 000,000,512 | ---- | M] () -- C:\Users\tatiana\Desktop\Dump_Hdd0_DR0.mbr
[2013/05/16 19:32:31 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\tatiana\Desktop\FSS.exe
[2013/05/16 19:31:58 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\tatiana\Desktop\MbrScan.exe
[2013/05/16 19:30:39 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\tatiana\Desktop\HijackThis.exe
[2013/05/16 17:39:45 | 000,440,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/16 17:28:04 | 000,664,038 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/05/16 17:28:04 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/16 17:28:04 | 000,128,328 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/05/16 17:28:04 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/10 22:22:55 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 13:12:29 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013/04/18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013/04/18 19:07:00 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2013/04/18 19:07:00 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2013/04/18 19:07:00 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 19:06:46 | 000,569,344 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2013/04/18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2013/04/18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2013/04/18 19:06:46 | 000,258,048 | ---- | M] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2013/04/18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2013/04/18 19:06:46 | 000,200,704 | ---- | M] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2013/04/18 19:06:46 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2013/04/18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2013/04/18 19:06:46 | 000,143,360 | ---- | M] () -- C:\Windows\System32\3DAudio.ax
[2013/04/18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2013/04/18 19:06:46 | 000,131,072 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2013/04/18 19:06:46 | 000,122,880 | ---- | M] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2013/04/18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2013/04/18 19:06:46 | 000,110,592 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2013/04/18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/04/18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2013/04/18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2013/04/18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2013/04/18 19:06:46 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2013/04/18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013/04/16 13:40:11 | 000,005,632 | ---- | M] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/08 13:36:39 | 000,003,768 | ---- | M] () -- C:\Windows\System32\PsClikSeguro.ini
[2013/04/08 13:36:39 | 000,002,136 | ---- | M] () -- C:\Windows\System32\PsClikSeguroOff.ini
[2013/04/08 13:20:47 | 000,000,047 | ---- | M] () -- C:\Archive.ini
[2013/04/05 17:34:18 | 000,322,560 | R--- | M] (PSafe Tecnologia S.A.) -- C:\Windows\System32\PsClikS.dll
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/03/19 06:41:40 | 000,016,896 | ---- | M] () -- C:\Windows\Launcher.exe
[2013/03/05 09:16:57 | 000,000,135 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2013/02/24 17:05:27 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013/05/16 20:03:58 | 000,632,031 | ---- | C] () -- C:\Users\tatiana\Desktop\adwcleaner.exe
[2013/05/16 19:39:01 | 000,000,512 | ---- | C] () -- C:\Users\tatiana\Desktop\Dump_Hdd0_DR0.mbr
[2013/05/16 19:04:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 18:13:29 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/10 22:22:55 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 13:11:51 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013/04/23 12:34:58 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 19:06:46 | 000,143,360 | ---- | C] () -- C:\Windows\System32\3DAudio.ax
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/04/08 13:36:39 | 000,003,768 | ---- | C] () -- C:\Windows\System32\PsClikSeguro.ini
[2013/04/08 13:36:39 | 000,002,136 | ---- | C] () -- C:\Windows\System32\PsClikSeguroOff.ini
[2013/04/08 13:32:39 | 000,016,896 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/04/08 13:20:47 | 000,000,047 | ---- | C] () -- C:\Archive.ini
[2013/03/05 09:16:57 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/03/03 18:14:26 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/03/03 18:14:25 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/02/04 08:55:25 | 000,005,632 | ---- | C] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/30 21:24:45 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2012/06/07 18:41:49 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/07 18:41:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/07 18:41:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012/06/07 18:41:47 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/06/07 18:41:47 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/06/07 18:41:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/06/29 20:01:26 | 000,000,182 | ---- | C] () -- C:\Users\tatiana\AppData\Roaming\default.rss
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/10/30 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Broad Intelligence
[2012/12/01 10:58:07 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\BSplayer
[2011/07/10 11:48:22 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\BSplayer Pro
[2012/12/30 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Cycling '74
[2013/04/21 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\GetRightToGo
[2011/06/28 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\GuiaMultimidia
[2013/03/31 10:46:24 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Leadertech
[2012/10/30 09:36:36 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\mkvtoolnix
[2012/10/11 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Positivo
[2013/04/08 13:36:30 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\PSafe
[2013/01/13 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\RapidTyping
[2013/05/13 19:55:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Samsung
[2013/03/05 08:23:56 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\SoftGrid Client
[2012/10/09 05:45:31 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\SumatraPDF
[2013/03/27 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TeamViewer
[2013/03/05 07:12:58 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TP
[2012/12/01 09:53:13 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TuneUp Software
[2013/05/16 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\uTorrent
[2012/10/24 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\VitySoft
[2012/06/16 21:52:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/05/16 20:14:50 | 000,011,896 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/05/16 20:17:37 | 000,012,195 | ---- | M] () -- C:\AdwCleaner[s2].txt
[2013/04/08 13:20:47 | 000,000,047 | ---- | M] () -- C:\Archive.ini
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/05/16 20:48:31 | 2306,256,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 12:33:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/02/13 12:33:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/05/16 20:48:31 | 3075,010,560 | -HS- | M] () -- C:\pagefile.sys
 
< %systemdrive%\drivers\*.* /s >
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/04/10 02:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2013/04/10 02:18:40 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgmms1.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2013/04/12 10:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\system32\drivers\ssudbus.sys
[2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\system32\drivers\ssudmdm.sys
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2012/12/30 21:24:45 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
[2013/04/16 13:40:11 | 000,005,632 | ---- | M] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/03/05 09:09:44 | 000,124,640 | ---- | M] () -- C:\Users\tatiana\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2011/06/28 13:52:18 | 000,000,020 | -HS- | M] () -- C:\Users\tatiana\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/05/16 22:08:25 | 007,602,176 | -HS- | M] () -- C:\Users\tatiana\ntuser.dat
 
< %appdata%\*.* >
[2012/12/05 18:15:35 | 000,000,182 | ---- | M] () -- C:\Users\tatiana\AppData\Roaming\default.rss
[2012/12/04 11:30:20 | 000,000,091 | ---- | M] () -- C:\Users\tatiana\AppData\Roaming\Safer-Networking.log
 
< %windir%\tasks\*.* /s >
[2013/05/16 21:57:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 20:59:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/05/16 20:59:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/05/16 20:48:45 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 22:01:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 20:48:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/04/25 16:46:18 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< %systemroot%\system32\tasks\*.* >
[2013/05/16 19:04:29 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2012/10/11 20:07:27 | 000,002,776 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC
[2013/04/21 10:33:15 | 000,003,524 | ---- | M] () -- C:\Windows\system32\tasks\DealPly
[2013/05/03 20:54:11 | 000,003,548 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core
[2013/05/03 20:54:12 | 000,003,916 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA
[2012/12/01 00:05:41 | 000,002,600 | ---- | M] () -- C:\Windows\system32\tasks\FTZSQ
[2013/04/21 10:32:20 | 000,003,526 | ---- | M] () -- C:\Windows\system32\tasks\Funmoods
[2013/05/06 17:56:02 | 000,003,802 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2013/05/06 17:56:03 | 000,004,054 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/12/12 15:16:42 | 000,003,018 | ---- | M] () -- C:\Windows\system32\tasks\PandaUSBVaccine
[2012/10/11 20:13:36 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\SidebarExecute
[2012/12/02 13:40:38 | 000,003,182 | ---- | M] () -- C:\Windows\system32\tasks\{05A53DBC-AA90-4385-986B-C213695A55AC}
[2011/09/24 17:57:31 | 000,003,176 | ---- | M] () -- C:\Windows\system32\tasks\{9095EE59-2B19-4C86-BAD5-321008251B10}
[2012/05/30 17:14:10 | 000,003,042 | ---- | M] () -- C:\Windows\system32\tasks\{B97297D4-1F30-4EB6-9896-D86F7FAFA037}
[2012/12/02 13:13:12 | 000,003,146 | ---- | M] () -- C:\Windows\system32\tasks\{ED11CE22-DFFA-484E-89A7-07D339CAC3FE}
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2013/05/10 22:22:55 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2013/05/10 22:22:57 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc
[2013/05/10 22:22:55 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe
[2013/05/10 22:22:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2013/05/10 22:22:55 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe
[2013/05/10 22:22:55 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
[2013/04/05 02:26:21 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2013/04/05 02:26:21 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
[2010/11/20 18:29:06 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb
[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll
[2013/04/05 03:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/05/10 22:22:55 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2013/05/10 22:22:56 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2013/05/10 22:22:56 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2013/05/10 22:22:55 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2013/05/10 22:22:56 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll
[2013/05/10 22:22:54 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll
[2013/05/10 22:22:56 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2013/05/10 22:22:56 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll
[2013/04/05 02:27:59 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 49 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 0C 54 60 1F E5 4D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 34 7C 33 ED 3F 57 FE F3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 65 11 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 0C 54 60 1F E5 4D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 34 7C 33 ED 3F 57 FE F3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
"Brasil TIM" = 46 00 00 00 22 01 00 00 09 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 04 00 00 00 00 00 00 00 4E B5 17 FA 04 96 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 B1 96 85 9C 00 00 00 00 00 00 B1 96 85 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 B1 96 85 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A B8 18 29 04 1D 4E 6A 41 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: SERVICES  >
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.DAT  >
[2013/04/22 00:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/20 23:32:43 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\pt-BR\services.exe.mui
[2010/11/20 23:32:43 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/11/20 23:32:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2010/11/20 23:32:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >
 

extras.txt

OTL Extras logfile created on: 16/05/2013 22:06:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tatiana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,86 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 63,63% Memory free
5,73 Gb Paging File | 4,68 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,97 Gb Total Space | 143,94 Gb Free Space | 49,30% Space Free | Partition Type: NTFS
Drive Z: | 5,93 Gb Total Space | 5,87 Gb Free Space | 99,04% Space Free | Partition Type: NTFS
 
Computer Name: TATIANA-STI | User Name: tatiana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DEC9B3-D7C9-4929-81AD-DBD1F6A5AE4F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11C34BEC-FDD4-4390-8250-E4466D477F0C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{18D83EBA-127B-4753-87A7-C519FB82C1A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{266B72E0-C85B-4103-8D9B-4289E1B13F2D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{638F77D0-7A4F-45D2-9DDF-D0902C0F2F78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EDB6895-A389-4D78-B8E0-09854B45EA1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{83967EBC-F409-4F72-99AF-06AF89F08872}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{905C0741-CF4D-4E1F-9DE9-097F0CBF99DA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B33C2974-CEBC-4E8A-A4EE-47F074B85FAB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BE4CF9B6-AC32-4A9F-8E94-91612A3BD502}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBEFBF63-5EFC-4482-9EBA-0AE703954117}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EE20889B-337F-4E64-93C4-7F58AE27EE98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EE37D9F4-58CD-4056-9D80-C592BD3D79A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16EB0FD4-4588-4E54-A03F-CE0F28E776DF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{175A03D2-395A-48AF-A63D-1E715C8E1E8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20376201-1B94-493A-9A28-19BC2C785D77}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{219BCE3A-9875-4FD2-A910-39DC021B1338}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{30620A7C-F714-42F6-A6E8-6AB1E8E3A959}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{45EFF7BD-F677-485A-A571-D28FDB401091}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{49FF40A4-C976-4F84-8800-C3B05CE388CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4AC74199-4032-4FAD-A2E5-92E802D5B299}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{641ABAD0-B7B8-49B9-AE20-366D4EB49439}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{6616C7AA-4882-4B24-89B9-FF9E50A92F6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B25C60B5-8699-46AF-A4E3-A3987E44A991}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{C9E53F67-93E5-42A0-B37C-CF7B9ABA5C35}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E2E1DEC0-4AF3-40D8-80AF-5037C59FCFA0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F18F11DF-0649-41F9-AAC2-275F6BEFBA1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{0A8DA189-5C8C-4836-81AD-DBDF7617E410}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{18399671-AAE6-4931-9E5B-587CA2148ED7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6A443671-0005-4AF6-83DB-CC7ECBFFA524}C:\program files\guiamultimidia\guiamultimidia.exe" = protocol=6 | dir=in | app=c:\program files\guiamultimidia\guiamultimidia.exe |
"TCP Query User{786E5F3A-3236-468E-BCD9-110B718B1C8D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{BCFF1AF6-4A79-4EE8-A869-430B8F07E9EC}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
"UDP Query User{7ADE5731-DD58-4FCB-B2B4-CA419570E970}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{973E2183-CCA8-4F26-93A7-BBA75F2A14B1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A0B75004-8658-4540-97C9-69CFD10881E1}C:\program files\guiamultimidia\guiamultimidia.exe" = protocol=17 | dir=in | app=c:\program files\guiamultimidia\guiamultimidia.exe |
"UDP Query User{C80637CA-C423-4646-A6FB-6D26758880C6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FD1FD1AA-B456-4AD5-8A3C-76DD88320543}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0015-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-002C-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{13291F79-D997-49AD-9F31-5FAEE1F0FCF5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{2134F8C8-2AD8-44EE-B86B-1B577FBD8D0E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{FA00C010-CCEA-4FC5-93C2-C948C4336AD5}" = Video HD Player
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MKVToolNix" = MKVToolNix 6.1.0
"Mozilla Firefox 21.0 (x86 pt-BR)" = Mozilla Firefox 21.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16/05/2013 19:50:21 | Computer Name = tatiana-STI | Source = WinMgmt | ID = 10
Description =
 
 
< End of report >
 

Share this post


Link to post
Share on other sites

Olá,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2013/04/08 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\PSafe
[2013/04/08 13:35:42 | 000,322,560 | R--- | C] (PSafe Tecnologia S.A.) -- C:\Windows\System32\PsClikS.dll
[2013/04/08 13:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe
[2013/04/08 13:36:39 | 000,003,768 | ---- | C] () -- C:\Windows\System32\PsClikSeguro.ini
[2013/04/08 13:36:39 | 000,002,136 | ---- | C] () -- C:\Windows\System32\PsClikSeguroOff.ini
[2013/04/21 10:33:15 | 000,003,524 | ---- | M] () -- C:\Windows\system32\tasks\DealPly
[2013/04/21 10:32:20 | 000,003,526 | ---- | M] () -- C:\Windows\system32\tasks\Funmoods
@Alternate Data Stream - 143 bytes -> C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

:Files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.

Share this post


Link to post
Share on other sites

Carlos,segue os resultados requeridos:

  • olt:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Prefs.js: newtabgoogle%40graememcc.co.uk:1.0.2 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
C:\Users\tatiana\AppData\Roaming\PSafe folder moved successfully.
C:\Windows\System32\PsClikS.dll moved successfully.
C:\ProgramData\PSafe\logs folder moved successfully.
C:\ProgramData\PSafe folder moved successfully.
C:\Windows\System32\PsClikSeguro.ini moved successfully.
C:\Windows\System32\PsClikSeguroOff.ini moved successfully.
C:\Windows\System32\Tasks\DealPly moved successfully.
C:\Windows\System32\Tasks\Funmoods moved successfully.
ADS C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\tatiana\Desktop\cmd.bat deleted successfully.
C:\Users\tatiana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: tatiana
->Temp folder emptied: 58133177 bytes
->Temporary Internet Files folder emptied: 219660 bytes
->Java cache emptied: 464279 bytes
->FireFox cache emptied: 242843481 bytes
->Google Chrome cache emptied: 47591207 bytes
->Flash cache emptied: 943 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17655281 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 350,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05182013_145916

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Prefs.js: newtabgoogle%40graememcc.co.uk:1.0.2 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
C:\Users\tatiana\AppData\Roaming\PSafe folder moved successfully.
C:\Windows\System32\PsClikS.dll moved successfully.
C:\ProgramData\PSafe\logs folder moved successfully.
C:\ProgramData\PSafe folder moved successfully.
C:\Windows\System32\PsClikSeguro.ini moved successfully.
C:\Windows\System32\PsClikSeguroOff.ini moved successfully.
C:\Windows\System32\Tasks\DealPly moved successfully.
C:\Windows\System32\Tasks\Funmoods moved successfully.
ADS C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\tatiana\Desktop\cmd.bat deleted successfully.
C:\Users\tatiana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: tatiana
->Temp folder emptied: 58133177 bytes
->Temporary Internet Files folder emptied: 219660 bytes
->Java cache emptied: 464279 bytes
->FireFox cache emptied: 242843481 bytes
->Google Chrome cache emptied: 47591207 bytes
->Flash cache emptied: 943 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17655281 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 350,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05182013_145916

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

  • hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:06:36, on 18/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\OEM\LIVE! OSD 1.27\osd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\tatiana\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: Sensor de Proteção STI.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 

 

Depois de todo processo solicitado,o crome não consegue mais abrir(carregar) a página inicial,http://addons-chrome.info/,porém continuo sem conseguir alterar essa opção,Abre uma página específica ou um conjunto de páginas. Configurar páginas,a opção configurar páginas continua inacessível,como se meu usuário não fosse o administrador .

Share this post


Link to post
Share on other sites

Salve seus Favoritos. Tecle Windows+R e na caixa Executar digite (ou copie e cole):

%LOCALAPPDATA%\Google\Chrome\Application

Dê o OK. Na pasta que abrirá, localize o arquivo First Run e delete.

Em alguns sistemas o caminho pode ser diferente. Se não achar a Application, digite (ou copie e cole):

%LOCALAPPDATA%\Google\Chrome\User Data

Verifique agora se consegue acesso.

Share this post


Link to post
Share on other sites

Carlos,fiz como pediu,e não alterou em nada,a tal página voltou a carregar,deixa ver se consigo explicar melhor,essa página sempre é carregada inicialmente,mas o google muda de página quando aperto a Home,abre a página que eu selecionei em "mostrar botão página inicial"...se eu seleciono em "inicialização" a opção "abre uma página específica ou conjunto de páginas..."onde eu deveria selecionar as páginas em "configurar páginas" não é disponível e ao lado tem uma placa com uma gravata que diz"Esta configuração é aplicada por seu administrador."

Share this post


Link to post
Share on other sites

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.

Share this post


Link to post
Share on other sites

segue os resultados do  ESET e hijackthis,foram executados com antivirus,firewall e anti malware desativados;

 

C:\Users\tatiana\Downloads\4shared_Desktop_4.0.0hbr.exe    a variant of Win32/Hao123.A application    cleaned by deleting - quarantined
C:\Users\tatiana\Downloads\cpu-z_1.63-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
C:\Users\tatiana\Downloads\FFSetup300.zip    multiple threats    deleted - quarantined
C:\Users\tatiana\Downloads\MediaCoder-0.8.16.5292.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\tatiana\Downloads\winrar-420-baixaki-32-bits-4102012115743.exe    a variant of Win32/InstallCore.AY application    cleaned by deleting - quarantined
 

Logfile of HijackThis v1.99.1
Scan saved at 20:53:16, on 18/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\OEM\LIVE! OSD 1.27\osd.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\tatiana\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: Sensor de Proteção STI.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 

Outra duvida,depois da análise do hijackthis,e só para fechar ou tenho que pedir para "Fixar"?

Share this post


Link to post
Share on other sites

Eronilson,

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://www.bleepingc...nload/combofix/

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.

Share this post


Link to post
Share on other sites

log do combofix:

ComboFix 13-05-18.03 - tatiana 19/05/2013   8:52.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.2933.1971 [GMT -3:00]
Executando de: c:\users\tatiana\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-19 to 2013-05-19  ))))))))))))))))))))))))))))
.
.
2013-05-19 11:58 . 2013-05-19 11:58    --------    d-----w-    c:\users\tatiana\AppData\Local\temp
2013-05-19 11:41 . 2013-05-19 11:41    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Apple Computer
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\program files\Common Files\Apple
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\users\tatiana\AppData\Local\Apple
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\program files\Apple Software Update
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\programdata\Apple
2013-05-18 23:54 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A54EA92A-92B1-42E2-8C0E-C750480B10FC}\mpengine.dll
2013-05-18 22:24 . 2013-05-18 22:24    --------    d-----w-    c:\program files\ESET
2013-05-18 17:59 . 2013-05-18 17:59    --------    d-----w-    C:\_OTL
2013-05-17 00:01 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-16 23:33 . 2013-05-16 23:33    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Malwarebytes
2013-05-16 23:33 . 2013-05-16 23:33    --------    d-----w-    c:\programdata\Malwarebytes
2013-05-16 23:33 . 2013-05-16 23:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-05-16 23:33 . 2013-04-04 17:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-16 20:31 . 2013-04-05 04:29    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-16 20:16 . 2013-04-10 03:14    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-16 20:16 . 2013-03-19 04:53    186368    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-16 20:16 . 2013-03-19 03:33    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-16 20:15 . 2013-04-10 05:18    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 20:15 . 2013-04-10 05:18    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 20:15 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-16 20:15 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-16 20:15 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-13 22:55 . 2013-05-13 22:55    --------    d-----w-    c:\users\tatiana\AppData\Local\Samsung
2013-05-13 22:55 . 2013-05-13 22:55    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Samsung
2013-05-13 22:53 . 2013-04-03 07:58    83864    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-05-13 22:53 . 2013-04-03 07:58    181912    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-05-13 22:47 . 2013-05-16 12:00    --------    d-----w-    c:\program files\MyFree Codec
2013-05-13 22:43 . 2013-04-18 22:08    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2013-05-13 22:42 . 2013-04-18 22:06    821824    ----a-w-    c:\windows\system32\dgderapi.dll
2013-05-13 22:39 . 2013-05-13 22:50    --------    d-----w-    c:\program files\Samsung
2013-05-13 22:39 . 2013-05-13 22:49    --------    d-----w-    c:\programdata\Samsung
2013-05-13 22:28 . 2013-05-13 22:28    --------    d-----w-    c:\users\tatiana\AppData\Local\Downloaded Installations
2013-05-10 17:56 . 2013-04-12 13:45    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-05-02 12:38 . 2013-05-02 12:38    --------    d-----w-    c:\program files\Common Files\Java
2013-05-02 12:38 . 2013-05-02 12:38    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 16:12 . 2013-05-18 17:53    --------    d-----w-    c:\program files\SpeedFan
2013-04-23 15:35 . 2007-07-19 21:14    3727720    ----a-w-    c:\windows\system32\d3dx9_35.dll
2013-04-23 15:34 . 2013-04-23 15:34    --------    d-----w-    c:\programdata\Sony Corporation
2013-04-23 15:07 . 2013-04-23 15:39    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Sony Corporation
2013-04-23 15:01 . 2008-07-04 14:22    122864    ------w-    c:\windows\system32\PxInsI64.exe
2013-04-23 15:01 . 2008-07-04 14:22    120816    ------w-    c:\windows\system32\PxCpyI64.exe
2013-04-23 15:01 . 2013-04-23 15:34    --------    d-----w-    c:\program files\Sony
2013-04-23 15:00 . 2013-04-23 15:00    --------    d-----w-    c:\users\tatiana\AppData\Roaming\InstallShield
2013-04-22 23:27 . 2013-04-22 23:27    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-04-22 23:23 . 2013-04-22 23:23    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2013-04-22 23:09 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-22 23:09 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-22 23:09 . 2013-03-19 04:48    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-22 23:09 . 2013-03-19 02:49    69632    ----a-w-    c:\windows\system32\smss.exe
2013-04-22 23:09 . 2013-02-12 03:32    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-04-22 23:09 . 2013-01-24 04:47    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-04-21 13:33 . 2013-04-14 22:16    811928    ----a-w-    c:\program files\Mozilla Firefox\sqlite3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 23:19 . 2011-08-10 22:06    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 22:04 . 2012-12-12 16:47    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 22:04 . 2012-12-12 16:47    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28 . 2012-07-11 10:44    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-02 12:38 . 2012-10-15 14:39    866720    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-05-02 12:38 . 2011-09-24 21:00    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-18 22:07 . 2013-04-18 22:07    90112    ----a-w-    c:\windows\MAMCityDownload.ocx
2013-04-18 22:07 . 2013-04-18 22:07    330240    ----a-w-    c:\windows\MASetupCaller.dll
2013-04-18 22:07 . 2013-04-18 22:07    30568    ----a-w-    c:\windows\MusiccityDownload.exe
2013-04-18 22:06 . 2013-04-18 22:06    974848    ----a-w-    c:\windows\system32\cis-2.4.dll
2013-04-18 22:06 . 2013-04-18 22:06    81920    ----a-w-    c:\windows\system32\issacapi_bs-2.3.dll
2013-04-18 22:06 . 2013-04-18 22:06    65536    ----a-w-    c:\windows\system32\issacapi_pe-2.3.dll
2013-04-18 22:06 . 2013-04-18 22:06    57344    ----a-w-    c:\windows\system32\MTXSYNCICON.dll
2013-04-18 22:06 . 2013-04-18 22:06    57344    ----a-w-    c:\windows\system32\MK_Lyric.dll
2013-04-18 22:06 . 2013-04-18 22:06    57344    ----a-w-    c:\windows\system32\issacapi_se-2.3.dll
2013-04-18 22:06 . 2013-04-18 22:06    569344    ----a-w-    c:\windows\system32\muzdecode.ax
2013-04-18 22:06 . 2013-04-18 22:06    491520    ----a-w-    c:\windows\system32\muzapp.dll
2013-04-18 22:06 . 2013-04-18 22:06    49152    ----a-w-    c:\windows\system32\MaJGUILib.dll
2013-04-18 22:06 . 2013-04-18 22:06    45320    ----a-w-    c:\windows\system32\MAMACExtract.dll
2013-04-18 22:06 . 2013-04-18 22:06    45056    ----a-w-    c:\windows\system32\MaXMLProto.dll
2013-04-18 22:06 . 2013-04-18 22:06    45056    ----a-w-    c:\windows\system32\MACXMLProto.dll
2013-04-18 22:06 . 2013-04-18 22:06    40960    ----a-w-    c:\windows\system32\MTTELECHIP.dll
2013-04-18 22:06 . 2013-04-18 22:06    352256    ----a-w-    c:\windows\system32\MSLUR71.dll
2013-04-18 22:06 . 2013-04-18 22:06    258048    ----a-w-    c:\windows\system32\muzoggsp.ax
2013-04-18 22:06 . 2013-04-18 22:06    245760    ----a-w-    c:\windows\system32\MSCLib.dll
2013-04-18 22:06 . 2013-04-18 22:06    24576    ----a-w-    c:\windows\system32\MASetupCleaner.exe
2013-04-18 22:06 . 2013-04-18 22:06    200704    ----a-w-    c:\windows\system32\muzwmts.dll
2013-04-18 22:06 . 2013-04-18 22:06    155648    ----a-w-    c:\windows\system32\MSFLib.dll
2013-04-18 22:06 . 2013-04-18 22:06    143360    ----a-w-    c:\windows\system32\3DAudio.ax
2013-04-18 22:06 . 2013-04-18 22:06    135168    ----a-w-    c:\windows\system32\muzaf1.dll
2013-04-18 22:06 . 2013-04-18 22:06    131072    ----a-w-    c:\windows\system32\muzmpgsp.ax
2013-04-18 22:06 . 2013-04-18 22:06    122880    ----a-w-    c:\windows\system32\muzeffect.ax
2013-04-18 22:06 . 2013-04-18 22:06    118784    ----a-w-    c:\windows\system32\MaDRM.dll
2013-04-18 22:06 . 2013-04-18 22:06    110592    ----a-w-    c:\windows\system32\muzmp4sp.ax
2013-04-13 04:45 . 2013-05-16 20:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 20:16    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-03-19 09:41 . 2013-04-08 16:32    16896    ----a-w-    c:\windows\Launcher.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-03 138096]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-11-28 739936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_31212740990385666CEAE7.exe [2011-4-13 3262]
Sensor de Proteção STI.lnk - c:\windows\Installer\{F1D7AA87-5261-441E-BEB5-F9267990B593}\_E338DF3E1C3922315A0807.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Guia Multimidia.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Guia Multimidia.lnk
backup=c:\windows\pss\Guia Multimidia.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-05-05 02:12    802136    ----a-w-    c:\program files\uTorrent\uTorrent.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Livemouclass;Livemouclass; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOEM.sys [x]
S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [x]
S1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [x]
S1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [x]
S2 LiveGpdKBFilter;LiveGpdKBFilter; [x]
S2 LiveIO;LiveIO; [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Livekbc;Livekbc; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
GPSvcGroup    REG_MULTI_SZ       GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-16 21:33    1642448    ----a-w-    c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 22:04]
.
2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
- c:\users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03 23:54]
.
2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
- c:\users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03 23:54]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-14 01:45]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-14 01:45]
.
.
------- Scan Suplementar -------
.
uStart Page = about:newtab
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: &Enviar para o OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}\E4544574541425: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}\F496F56556C6F687F575966496F573436403: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\tatiana\AppData\Roaming\Mozilla\Firefox\Profiles\jknh4or1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.linhadefensiva.org/forum/index.php?app=core&module=usercp&tab=core&area=notifications|https://blu172.mail.live.com/default.aspx?id=64855#n=1103625765&fid=1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-05-19  08:59:57
ComboFix-quarantined-files.txt  2013-05-19 11:59
.
Pré-execução: 152.010.678.272 bytes disponíveis
Pós execução: 151.827.103.744 bytes disponíveis
.
- - End Of File - - 157885D4E6D4D742A82FD62CBC06AD05
 

Share this post


Link to post
Share on other sites

não houve mudanças... o chrome continua com o mesmo problema...

Share this post


Link to post
Share on other sites

não houve mudanças... o chrome continua com o mesmo problema...

 

Tente reinstalar o chrome.

Share this post


Link to post
Share on other sites

Carlos, desinstalei o Chrome como pediu, inicialmente ele abriu a pagina da conta do google, tentei logo mudar a configuração pra Abre uma página específica ou um conjunto de páginas. Configurar páginas,masConfigurar páginascontinua inoperante, já desinstalei ate o mozilla para ver se estava afetando o chrome,mas tambem não teve nenhuma mudança, o que percebi na instalação do chrome é que só depois da terceira vez que o executei ele voltou abrir a página indesejada,http://addons-chrome.info/,ate então ele parecia normal,apesar de não me deixar escolher a página inicial, eu só consigo fazer isso se escolher a página que eu desejo em nova guia...

ou seja o problema persiste...tb notei que no IExplorer não consigo alterar as opções de inicialização, será que tem alguma relação?

Edited by Eronilson

Share this post


Link to post
Share on other sites

Ok,

Baixe e execute o MiniToolBox (por Farbar)

Selecione as opções:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Feche todos os seus navegadores e clique no botão Go.

Aguarde a ferramenta terminar o scan (é bem rapido) e ao final será aberto um bloco de notas.

Copie e cole o conteúdo desse bloco de notas na sua proxima resposta.

Share this post


Link to post
Share on other sites

segue o relatório, o google continua sem alterar a homepage normalmente, percebi  que a página só carrega se eu tentar alterar a seguinte opção:Abre uma página específica ou um conjunto de páginas. Configurar páginas ,ai a página carrega como seu estivesse escolhido ela...

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by tatiana (administrator) on 20-05-2013 at 09:09:38
Running from "C:\Users\tatiana\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Conexão de Rede sem Fio (Connected)
Microsoft Virtual WiFi Miniport Adapter = Conexão de Rede sem Fio 2 (Media disconnected)

# ----------------------------------
# Configura‡Æo de IPv4
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# Final da configura‡Æo IPv4

 

Configura‡Æo de IP do Windows

   Nome do host. . . . . . . . . . . . . . . . : tatiana-STI
   Sufixo DNS prim rio . . . . . . . . . . . . :
   Tipo de n¢ . . . . . . . . . . . . . . . .  : misto
   Roteamento de IP ativado. . . . . . . . . . : nÆo
   Proxy WINS ativado. . . . . . . . . . . . . : nÆo

Adaptador de Rede sem Fio ConexÆo de Rede sem Fio 2:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Endere‡o F¡sico . . . . . . . . . . . . . . : 20-7C-8F-50-9D-48
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de Rede sem Fio ConexÆo de Rede sem Fio:

   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Endere‡o F¡sico . . . . . . . . . . . . . . : 20-7C-8F-50-9D-48
   DHCP Habilitado . . . . . . . . . . . . . . : Sim
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
   Endere‡o IPv6 de link local . . . . . . . . : fe80::7ce2:a928:e36e:f5e3%12(Preferencial)
   Endere‡o IPv4. . . . . . . .  . . . . . . . : 192.168.1.46(Preferencial)
   M scara de Sub-rede . . . . . . . . . . . . : 255.255.255.0
   ConcessÆo Obtida. . . . . . . . . . . . . . : segunda-feira, 20 de maio de 2013 08:59:41
   ConcessÆo Expira. . . . . . . . . . . . . . : ter‡a-feira, 21 de maio de 2013 08:59:41
   Gateway PadrÆo. . . . . . . . . . . . . . . : 192.168.1.1
   Servidor DHCP . . . . . . . . . . . . . . . : 192.168.1.1
   IAID de DHCPv6. . . . . . . . . . . . . . . : 270564495
   DUID de Cliente DHCPv6. . . . . . . . . . . : 00-01-00-01-15-9B-BC-E8-44-87-FC-1B-B3-A8
   Servidores DNS. . . . . . . . . . . . . . . : 8.8.8.8
                                                 8.8.4.4
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Habilitado

Adaptador de t£nel isatap.{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim

Adaptador de t£nel Teredo Tunneling Pseudo-Interface:

   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
   Endere‡o IPv6 . . . . . . . . . . . . . . . : 2001:0:9d38:953c:44d:2cb1:3f57:fed1(Preferencial)
   Endere‡o IPv6 de link local . . . . . . . . : fe80::44d:2cb1:3f57:fed1%13(Preferencial)
   Gateway PadrÆo. . . . . . . . . . . . . . . : ::
   NetBIOS em Tcpip. . . . . . . . . . . . . . : Desabilitado

Adaptador de t£nel ConexÆo Local* 11:

   Estado da m¡dia. . . . . . . . . . . . . .  : m¡dia desconectada
   Sufixo DNS espec¡fico de conexÆo. . . . . . :
   Descri‡Æo . . . . . . . . . . . . . . . . . : Adaptador do Microsoft ISATAP #2
   Endere‡o F¡sico . . . . . . . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Habilitado . . . . . . . . . . . . . . : NÆo
   Configura‡Æo Autom tica Habilitada. . . . . : Sim
Servidor:  google-public-dns-a.google.com
Address:  8.8.8.8

Nome:    google.com
Addresses:  2800:3f0:4001:801::1007
   74.125.234.8
   74.125.234.6
   74.125.234.3
   74.125.234.4
   74.125.234.9
   74.125.234.7
   74.125.234.1
   74.125.234.5
   74.125.234.0
   74.125.234.2
   74.125.234.14

Disparando google.com [74.125.234.8] com 32 bytes de dados:
Resposta de 74.125.234.8: bytes=32 tempo=88ms TTL=52
Resposta de 74.125.234.8: bytes=32 tempo=103ms TTL=54

Estat¡sticas do Ping para 74.125.234.8:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 88ms, M ximo = 103ms, M‚dia = 95ms
Servidor:  google-public-dns-a.google.com
Address:  8.8.8.8

Nome:    yahoo.com
Addresses:  206.190.36.45
   98.139.183.24
   98.138.253.109

Disparando yahoo.com [98.139.183.24] com 32 bytes de dados:
Resposta de 98.139.183.24: bytes=32 tempo=357ms TTL=51
Resposta de 98.139.183.24: bytes=32 tempo=254ms TTL=50

Estat¡sticas do Ping para 98.139.183.24:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 254ms, M ximo = 357ms, M‚dia = 305ms

Disparando 127.0.0.1 com 32 bytes de dados:
Resposta de 127.0.0.1: bytes=32 tempo=9ms TTL=128
Resposta de 127.0.0.1: bytes=32 tempo=2ms TTL=128

Estat¡sticas do Ping para 127.0.0.1:
    Pacotes: Enviados = 2, Recebidos = 2, Perdidos = 0 (0% de
             perda),
Aproximar um n£mero redondo de vezes em milissegundos:
    M¡nimo = 2ms, M ximo = 9ms, M‚dia = 5ms
===========================================================================
Lista de interfaces
 15...20 7c 8f 50 9d 48 ......Microsoft Virtual WiFi Miniport Adapter
 12...20 7c 8f 50 9d 48 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
 16...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 18...00 00 00 00 00 00 00 e0 Adaptador do Microsoft ISATAP #2
===========================================================================

Tabela de rotas IPv4
===========================================================================
Rotas ativas:
Endere‡o de rede          M scara   Ender. gateway       Interface   Custo
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.46     25
        127.0.0.0        255.0.0.0      No v¡nculo         127.0.0.1    306
        127.0.0.1  255.255.255.255      No v¡nculo         127.0.0.1    306
  127.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
      192.168.1.0    255.255.255.0      No v¡nculo      192.168.1.46    281
     192.168.1.46  255.255.255.255      No v¡nculo      192.168.1.46    281
    192.168.1.255  255.255.255.255      No v¡nculo      192.168.1.46    281
        224.0.0.0        240.0.0.0      No v¡nculo         127.0.0.1    306
        224.0.0.0        240.0.0.0      No v¡nculo      192.168.1.46    281
  255.255.255.255  255.255.255.255      No v¡nculo         127.0.0.1    306
  255.255.255.255  255.255.255.255      No v¡nculo      192.168.1.46    281
===========================================================================
Rotas persistentes:
  Nenhuma

Tabela de rotas IPv6
===========================================================================
Rotas ativas:
 Se destino de rede de m‚trica      Gateway
 13     58 ::/0                     No v¡nculo
  1    306 ::1/128                  No v¡nculo
 13     58 2001::/32                No v¡nculo
 13    306 2001:0:9d38:953c:44d:2cb1:3f57:fed1/128
                                    No v¡nculo
 12    281 fe80::/64                No v¡nculo
 13    306 fe80::/64                No v¡nculo
 13    306 fe80::44d:2cb1:3f57:fed1/128
                                    No v¡nculo
 12    281 fe80::7ce2:a928:e36e:f5e3/128
                                    No v¡nculo
  1    306 ff00::/8                 No v¡nculo
 13    306 ff00::/8                 No v¡nculo
 12    281 ff00::/8                 No v¡nculo
===========================================================================
Rotas persistentes:
  Nenhuma
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/20/2013 09:00:45 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2013 07:24:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2013 01:34:57 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "NScCoreComponents,type="win32",version="4.2.0.0"1".
Assembly dependente NScCoreComponents,type="win32",version="4.2.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (05/19/2013 00:58:36 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2013 08:42:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 11:37:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 05:31:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 04:20:35 PM) (Source: SideBySide) (User: )
Description: Falha na geração de contexto de ativação para "NScCoreComponents,type="win32",version="4.2.0.0"1".
Assembly dependente NScCoreComponents,type="win32",version="4.2.0.0" não pôde ser localizado.
Use o arquivo sxstrace.exe para obter um diagnóstico detalhado.

Error: (05/18/2013 03:06:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 11:47:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (05/19/2013 10:01:45 PM) (Source: Service Control Manager) (User: )
Description: O serviço Serviço do Google Update (gupdate) foi encerrado inesperadamente.  Isso aconteceu 1 vez(es).

Error: (05/19/2013 08:58:22 AM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (05/19/2013 08:55:40 AM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Error: (05/19/2013 08:53:04 AM) (Source: Microsoft Antimalware) (User: )
Description: %AUTORIDADE NT60 encontrou um erro ao atualizar assinaturas.

 Nova Versão da Assinatura:

 Versão da Assinatura Anterior: 1.151.393.0

 Origem da Atualização: %AUTORIDADE NT59

 Etapa da Atualização: 4.2.0223.00

 Caminho de Origem: 4.2.0223.01

 Tipo de Assinatura: %AUTORIDADE NT602

 Tipo de Atualização: %AUTORIDADE NT604

 Usuário: AUTORIDADE NT\SISTEMA

 Versão do Mecanismo Atual: %AUTORIDADE NT605

 Versão do Mecanismo Anterior: %AUTORIDADE NT606

 Código de Erro: %AUTORIDADE NT607

 Descrição do erro: %AUTORIDADE NT608

Error: (05/19/2013 08:51:27 AM) (Source: Service Control Manager) (User: )
Description: O serviço PEVSystemStart está marcado como um serviço interativo. No entanto, o sistema está configurado para não permitir serviços interativos. Esse serviço pode não funcionar corretamente.

Microsoft Office Sessions:
=========================
Error: (05/20/2013 09:00:45 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2013 07:24:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2013 01:34:57 PM) (Source: SideBySide)(User: )
Description: NScCoreComponents,type="win32",version="4.2.0.0"C:\Program Files\Windows Sidebar\Gadgets\NeroLive.Gadget\PTT\NMTvWizard.exe.Manifest

Error: (05/19/2013 00:58:36 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/19/2013 08:42:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 11:37:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 05:31:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 04:20:35 PM) (Source: SideBySide)(User: )
Description: NScCoreComponents,type="win32",version="4.2.0.0"C:\Program Files\Windows Sidebar\Gadgets\NeroLive.Gadget\PTT\NMTvWizard.exe.Manifest

Error: (05/18/2013 03:06:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/18/2013 11:47:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

=========================== Installed Programs ============================

µTorrent (Version: 3.3.0.29625)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Apple Software Update (Version: 2.1.3.127)
CCleaner (Version: 4.00)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESET Online Scanner v3
Facebook Video Calling 1.2.0.287
HijackThis 1.99.1 (Version: 1.99.1)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Malwarebytes Anti-Malware versão 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30320)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
MKVToolNix 6.1.0 (Version: 6.1.0)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (Version: 4.0.30320)
PlayMemories Home (Version: 7.0.00.11271)
Primo (Version: 1.00.0000)
QuickTime (Version: 7.73.80.64)
Runtime (Version: 1.00.0000)
Samsung Kies (Version: 2.5.3.13043_14)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
SpeedFan (remove only)
Suporte para Aplicativos Apple (Version: 2.3)
TeamViewer 8 (Version: 8.0.18051)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Video HD Player (Version: 14.1)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 2932.56 MB
Available physical RAM: 1921.74 MB
Total Pagefile: 5863.41 MB
Available Pagefile: 4809.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.45 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:291.97 GB) (Free:140.35 GB) NTFS
4 Drive z: (Recovery) (Fixed) (Total:5.93 GB) (Free:5.87 GB) NTFS

========================= Users: ========================================

Contas de usu rio para \\TATIANA-STI

Administrador            Convidado                tatiana                 
Comando conclu¡do com ˆxito.

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

 

 

Share this post


Link to post
Share on other sites

 repeti o processo incluindo a copia do texto em vermelho,não desativei antivirus e firewall,segue o resultado:

 

OTL logfile created on: 20/05/2013 16:58:35 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tatiana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,86 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 54,34% Memory free
5,73 Gb Paging File | 4,26 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,97 Gb Total Space | 139,22 Gb Free Space | 47,68% Space Free | Partition Type: NTFS
Drive Z: | 5,93 Gb Total Space | 5,87 Gb Free Space | 99,04% Space Free | Partition Type: NTFS
 
Computer Name: TATIANA-STI | User Name: tatiana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/16 22:00:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
PRC - [2013/05/16 19:04:27 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/11 19:26:08 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Arquivos de Programas\Mozilla Firefox\firefox.exe
PRC - [2013/04/23 04:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/23 04:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\tv_w32.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe
PRC - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/01/21 17:14:50 | 000,537,504 | ---- | M] (OEM) -- C:\Arquivos de Programas\OEM\LIVE! OSD 1.27\osd.exe
PRC - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Arquivos de Programas\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/16 19:04:25 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/05/11 19:26:24 | 003,128,728 | ---- | M] () -- C:\Arquivos de Programas\Mozilla Firefox\mozjs.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/08 11:04:14 | 000,100,352 | ---- | M] () -- C:\Arquivos de Programas\OEM\LIVE! OSD 1.27\LiveIO.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/16 19:04:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 19:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/01 11:12:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/03/08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\tatiana\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/29 17:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012/09/17 19:58:32 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360SpOEM.sys -- (360SpOEM)
DRV - [2012/09/17 19:58:32 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2012/09/17 19:58:32 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360RegOem.sys -- (360RegOem)
DRV - [2012/09/17 19:58:30 | 000,152,880 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360FileOem.sys -- (360FileOem)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/26 11:13:24 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/07/01 11:09:35 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/01/21 11:59:32 | 000,005,120 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveGpdKBFilter.sys -- (LiveGpdKBFilter)
DRV - [2010/01/21 11:58:50 | 000,010,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveIO.sys -- (LiveIO)
DRV - [2010/01/21 11:57:16 | 000,005,120 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Livemouclass.sys -- (Livemouclass)
DRV - [2010/01/21 11:56:34 | 000,005,120 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Livekbc.sys -- (Livekbc)
DRV - [2010/01/14 08:04:04 | 000,106,496 | ---- | M] (ZD Secret Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZDDriver.sys -- (hwdatacard)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/30 09:38:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/03/30 09:38:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/03/30 09:38:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/09/20 00:41:50 | 000,037,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CamSuiteVAC.sys -- (CamSuiteVAC)
DRV - [1996/04/03 16:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5F209F84-D600-42F8-B6EC-9AD178F9DD73}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.semptoshiba.com.br [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.linhadefensiva.org/forum/topic/150496-google-chrome-não-muda-home-page/
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\tatiana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\mfgt@live.com: C:\Program Files\\Firebirdc\mfgt@live.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/19 00:24:44 | 000,000,000 | ---D | M]
 
[2013/05/20 11:09:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tatiana\AppData\Roaming\mozilla\Extensions
[2013/05/20 11:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/05/20 11:08:49 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Docs = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Pesquisa do Google = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/05/19 08:58:19 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/05/20 11:09:12 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Mozilla
[2013/05/20 11:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/20 10:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/20 09:06:34 | 000,760,723 | ---- | C] (Farbar) -- C:\Users\tatiana\Desktop\MiniToolBox.exe
[2013/05/19 09:00:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/19 08:59:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/19 08:59:59 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\temp
[2013/05/19 08:50:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/19 08:50:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/19 08:50:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/19 08:50:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/19 08:44:38 | 005,067,228 | R--- | C] (Swearware) -- C:\Users\tatiana\Desktop\ComboFix.exe
[2013/05/19 08:41:26 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Apple Computer
[2013/05/19 00:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/05/19 00:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2013/05/19 00:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/05/19 00:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/05/19 00:23:13 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Apple
[2013/05/19 00:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/05/19 00:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/05/18 19:24:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/05/18 19:22:24 | 002,347,384 | ---- | C] (ESET) -- C:\Users\tatiana\Desktop\esetsmartinstaller_enu.exe
[2013/05/18 14:59:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/16 21:59:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
[2013/05/16 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Malwarebytes
[2013/05/16 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/16 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/16 20:33:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/16 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/16 20:04:17 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\tatiana\Desktop\JRT.exe
[2013/05/16 19:32:20 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\tatiana\Desktop\FSS.exe
[2013/05/16 19:31:56 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\tatiana\Desktop\MbrScan.exe
[2013/05/16 19:30:38 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\tatiana\Desktop\HijackThis.exe
[2013/05/14 22:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/05/13 19:55:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/05/13 19:55:17 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Samsung
[2013/05/13 19:55:14 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Samsung
[2013/05/13 19:55:07 | 000,000,000 | ---D | C] -- C:\Users\tatiana\Documents\samsung
[2013/05/13 19:53:13 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/05/13 19:53:13 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/05/13 19:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2013/05/13 19:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/05/13 19:43:18 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013/05/13 19:42:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013/05/13 19:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/05/13 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013/05/13 19:28:38 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Downloaded Installations
[2013/05/10 15:05:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/02 09:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/23 13:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/04/23 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/04/23 13:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013/04/23 12:39:42 | 000,000,000 | ---D | C] -- C:\Users\tatiana\Documents\Sony PMB
[2013/04/23 12:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2013/04/23 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/04/23 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Sony Corporation
[2013/04/23 12:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/04/23 12:00:03 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\InstallShield
[2013/04/22 20:23:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/04/18 19:07:00 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2013/04/18 19:07:00 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2013/04/18 19:06:46 | 000,569,344 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2013/04/18 19:06:46 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2013/04/18 19:06:46 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2013/04/18 19:06:46 | 000,258,048 | ---- | C] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2013/04/18 19:06:46 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2013/04/18 19:06:46 | 000,200,704 | ---- | C] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2013/04/18 19:06:46 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2013/04/18 19:06:46 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2013/04/18 19:06:46 | 000,131,072 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2013/04/18 19:06:46 | 000,122,880 | ---- | C] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2013/04/18 19:06:46 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2013/04/18 19:06:46 | 000,110,592 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2013/04/18 19:06:46 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2013/04/18 19:06:46 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2013/04/18 19:06:46 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2013/04/18 19:06:46 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2013/04/14 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/31 10:46:24 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Leadertech
[2013/03/05 10:21:14 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/05 10:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/05 09:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/03/05 09:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/05 09:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/03/05 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/03/05 09:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/03/05 09:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/03/05 09:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/03/05 09:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/05 09:02:48 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013/03/05 06:51:38 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Microsoft Help
[2013/03/05 06:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/03/03 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Facebook
[2013/02/24 23:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/24 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
 
========== Files - Modified Within 90 Days ==========
 
[2013/05/20 16:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/20 16:14:05 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/20 15:59:08 | 000,025,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 15:59:08 | 000,025,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 15:51:57 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 15:51:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/20 15:51:46 | 2306,256,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/20 11:59:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/05/20 11:09:06 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/20 09:06:38 | 000,760,723 | ---- | M] (Farbar) -- C:\Users\tatiana\Desktop\MiniToolBox.exe
[2013/05/19 20:59:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/05/19 08:58:19 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/05/19 08:44:59 | 005,067,228 | R--- | M] (Swearware) -- C:\Users\tatiana\Desktop\ComboFix.exe
[2013/05/19 00:24:38 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/05/18 19:22:38 | 002,347,384 | ---- | M] (ESET) -- C:\Users\tatiana\Desktop\esetsmartinstaller_enu.exe
[2013/05/16 22:00:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
[2013/05/16 20:04:27 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\tatiana\Desktop\JRT.exe
[2013/05/16 20:04:11 | 000,632,031 | ---- | M] () -- C:\Users\tatiana\Desktop\adwcleaner.exe
[2013/05/16 19:41:00 | 000,000,512 | ---- | M] () -- C:\Users\tatiana\Desktop\Dump_Hdd0_DR0.mbr
[2013/05/16 19:32:31 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\tatiana\Desktop\FSS.exe
[2013/05/16 19:31:58 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\tatiana\Desktop\MbrScan.exe
[2013/05/16 19:30:39 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\tatiana\Desktop\HijackThis.exe
[2013/05/16 17:39:45 | 000,440,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/16 17:28:04 | 000,664,038 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/05/16 17:28:04 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/16 17:28:04 | 000,128,328 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/05/16 17:28:04 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/10 22:22:55 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 13:12:29 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013/04/18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013/04/18 19:07:00 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2013/04/18 19:07:00 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2013/04/18 19:07:00 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 19:06:46 | 000,569,344 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2013/04/18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2013/04/18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2013/04/18 19:06:46 | 000,258,048 | ---- | M] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2013/04/18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2013/04/18 19:06:46 | 000,200,704 | ---- | M] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2013/04/18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2013/04/18 19:06:46 | 000,143,360 | ---- | M] () -- C:\Windows\System32\3DAudio.ax
[2013/04/18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2013/04/18 19:06:46 | 000,131,072 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2013/04/18 19:06:46 | 000,122,880 | ---- | M] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2013/04/18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2013/04/18 19:06:46 | 000,110,592 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2013/04/18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/04/18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2013/04/18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2013/04/18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2013/04/18 19:06:46 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2013/04/18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013/04/16 13:40:11 | 000,005,632 | ---- | M] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/08 13:20:47 | 000,000,047 | ---- | M] () -- C:\Archive.ini
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/03/19 06:41:40 | 000,016,896 | ---- | M] () -- C:\Windows\Launcher.exe
[2013/03/05 09:16:57 | 000,000,135 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2013/02/24 17:05:27 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013/05/20 11:09:06 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/05/20 11:09:05 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/20 10:09:39 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/20 10:09:38 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/19 08:50:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/19 08:50:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/19 08:50:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/19 08:50:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/19 08:50:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/19 00:24:38 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/05/19 00:23:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/05/16 20:03:58 | 000,632,031 | ---- | C] () -- C:\Users\tatiana\Desktop\adwcleaner.exe
[2013/05/16 19:39:01 | 000,000,512 | ---- | C] () -- C:\Users\tatiana\Desktop\Dump_Hdd0_DR0.mbr
[2013/05/16 19:04:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/10 22:22:55 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 13:11:51 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013/04/23 12:34:58 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 19:06:46 | 000,143,360 | ---- | C] () -- C:\Windows\System32\3DAudio.ax
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/04/08 13:32:39 | 000,016,896 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/04/08 13:20:47 | 000,000,047 | ---- | C] () -- C:\Archive.ini
[2013/03/05 09:16:57 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/03/03 18:14:26 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/03/03 18:14:25 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/02/04 08:55:25 | 000,005,632 | ---- | C] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/30 21:24:45 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2012/06/07 18:41:49 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/07 18:41:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/07 18:41:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012/06/07 18:41:47 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/06/07 18:41:47 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/06/07 18:41:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/06/29 20:01:26 | 000,000,182 | ---- | C] () -- C:\Users\tatiana\AppData\Roaming\default.rss
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/10/30 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Broad Intelligence
[2012/12/01 10:58:07 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\BSplayer
[2011/07/10 11:48:22 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\BSplayer Pro
[2012/12/30 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Cycling '74
[2013/04/21 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\GetRightToGo
[2011/06/28 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\GuiaMultimidia
[2013/03/31 10:46:24 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Leadertech
[2012/10/30 09:36:36 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\mkvtoolnix
[2012/10/11 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Positivo
[2013/01/13 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\RapidTyping
[2013/05/13 19:55:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Samsung
[2013/03/05 08:23:56 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\SoftGrid Client
[2012/10/09 05:45:31 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\SumatraPDF
[2013/03/27 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TeamViewer
[2013/03/05 07:12:58 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TP
[2012/12/01 09:53:13 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TuneUp Software
[2013/05/19 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\uTorrent
[2012/10/24 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\VitySoft
[2012/06/16 21:52:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/05/16 20:14:50 | 000,011,896 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/05/16 20:17:37 | 000,012,195 | ---- | M] () -- C:\AdwCleaner[s2].txt
[2013/04/08 13:20:47 | 000,000,047 | ---- | M] () -- C:\Archive.ini
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/05/20 15:51:46 | 2306,256,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 12:33:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/02/13 12:33:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/05/20 15:51:46 | 3075,010,560 | -HS- | M] () -- C:\pagefile.sys
 
< %systemdrive%\drivers\*.* /s >
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/04/10 02:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2013/04/10 02:18:40 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgmms1.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2013/04/12 10:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\system32\drivers\ssudbus.sys
[2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\system32\drivers\ssudmdm.sys
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2012/12/30 21:24:45 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
[2013/04/16 13:40:11 | 000,005,632 | ---- | M] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/03/05 09:09:44 | 000,124,640 | ---- | M] () -- C:\Users\tatiana\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2011/06/28 13:52:18 | 000,000,020 | -HS- | M] () -- C:\Users\tatiana\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/05/20 16:59:57 | 007,602,176 | -HS- | M] () -- C:\Users\tatiana\ntuser.dat
 
< %appdata%\*.* >
[2012/12/05 18:15:35 | 000,000,182 | ---- | M] () -- C:\Users\tatiana\AppData\Roaming\default.rss
[2012/12/04 11:30:20 | 000,000,091 | ---- | M] () -- C:\Users\tatiana\AppData\Roaming\Safer-Networking.log
 
< %windir%\tasks\*.* /s >
[2013/05/20 16:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/19 20:59:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/05/20 11:59:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/05/20 15:51:57 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/20 16:14:05 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/20 15:51:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/04/25 16:46:18 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< %systemroot%\system32\tasks\*.* >
[2013/05/16 19:04:29 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2012/10/11 20:07:27 | 000,002,776 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC
[2013/05/03 20:54:11 | 000,003,548 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core
[2013/05/03 20:54:12 | 000,003,916 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA
[2012/12/01 00:05:41 | 000,002,600 | ---- | M] () -- C:\Windows\system32\tasks\FTZSQ
[2013/05/20 10:09:38 | 000,003,802 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2013/05/20 10:09:39 | 000,004,054 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/12/12 15:16:42 | 000,003,018 | ---- | M] () -- C:\Windows\system32\tasks\PandaUSBVaccine
[2012/10/11 20:13:36 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\SidebarExecute
[2012/12/02 13:40:38 | 000,003,182 | ---- | M] () -- C:\Windows\system32\tasks\{05A53DBC-AA90-4385-986B-C213695A55AC}
[2011/09/24 17:57:31 | 000,003,176 | ---- | M] () -- C:\Windows\system32\tasks\{9095EE59-2B19-4C86-BAD5-321008251B10}
[2012/05/30 17:14:10 | 000,003,042 | ---- | M] () -- C:\Windows\system32\tasks\{B97297D4-1F30-4EB6-9896-D86F7FAFA037}
[2012/12/02 13:13:12 | 000,003,146 | ---- | M] () -- C:\Windows\system32\tasks\{ED11CE22-DFFA-484E-89A7-07D339CAC3FE}
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2013/05/10 22:22:55 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2013/05/10 22:22:57 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc
[2013/05/10 22:22:55 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe
[2013/05/10 22:22:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2013/05/10 22:22:55 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe
[2013/05/10 22:22:55 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
[2013/04/05 02:26:21 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2013/04/05 02:26:21 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
[2010/11/20 18:29:06 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb
[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll
[2013/04/05 03:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/05/10 22:22:55 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2013/05/10 22:22:56 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2013/05/10 22:22:56 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2013/05/10 22:22:55 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2013/05/10 22:22:56 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll
[2013/05/10 22:22:54 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll
[2013/05/10 22:22:56 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2013/05/10 22:22:56 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll
[2013/04/05 02:27:59 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 97 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 0C 54 60 1F E5 4D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 41 37 9E 76 0C BF 30 D2 3F 57 FE CF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 E3 11 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 0C 54 60 1F E5 4D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 41 37 9E 76 0C BF 30 D2 3F 57 FE CF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
"Brasil TIM" = 46 00 00 00 22 01 00 00 09 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 04 00 00 00 00 00 00 00 4E B5 17 FA 04 96 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 B1 96 85 9C 00 00 00 00 00 00 B1 96 85 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 B1 96 85 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A B8 18 29 04 1D 4E 6A 41 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: SERVICES  >
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.DAT  >
[2013/04/22 00:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/20 23:32:43 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\System32\pt-BR\services.exe.mui
[2010/11/20 23:32:43 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=DF8309CE62330C8D8AFBAA936531DA93 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/11/20 23:32:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2010/11/20 23:32:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< End of report >
 

Edited by Eronilson

Share this post


Link to post
Share on other sites

Ok,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
DRV - [2012/09/17 19:58:32 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360SpOEM.sys -- (360SpOEM)
DRV - [2012/09/17 19:58:32 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2012/09/17 19:58:32 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360RegOem.sys -- (360RegOem)
DRV - [2012/09/17 19:58:30 | 000,152,880 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360FileOem.sys -- (360FileOem)
FF - user.js - File not found
CHR - default_search_provider: Google (Enabled)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2013/04/18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013/04/18 19:07:00 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2013/04/18 19:07:00 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2013/04/18 19:07:00 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 19:06:46 | 000,569,344 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2013/04/18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2013/04/18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2013/04/18 19:06:46 | 000,258,048 | ---- | M] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2013/04/18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2013/04/18 19:06:46 | 000,200,704 | ---- | M] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2013/04/18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2013/04/18 19:06:46 | 000,143,360 | ---- | M] () -- C:\Windows\System32\3DAudio.ax
[2013/04/18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2013/04/18 19:06:46 | 000,131,072 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2013/04/18 19:06:46 | 000,122,880 | ---- | M] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2013/04/18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2013/04/18 19:06:46 | 000,110,592 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2013/04/18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/04/18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2013/04/18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2013/04/18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2013/04/18 19:06:46 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2013/04/18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2012/12/05 18:15:35 | 000,000,182 | ---- | M] () -- C:\Users\tatiana\AppData\Roaming\default.rss

:Commands
[createrestorepoint]
[purity]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.

Share this post


Link to post
Share on other sites

segue os resultados:

All processes killed
========== OTL ==========
Error: Unable to stop service 360SpOEM!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\360SpOEM deleted successfully.
C:\Windows\System32\drivers\360SpOEM.sys moved successfully.
Error: Unable to stop service 360HookOem!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\360HookOem deleted successfully.
C:\Windows\System32\drivers\360HookOem.sys moved successfully.
Error: Unable to stop service 360RegOem!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\360RegOem deleted successfully.
C:\Windows\System32\drivers\360RegOem.sys moved successfully.
Error: Unable to stop service 360FileOem!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\360FileOem deleted successfully.
C:\Windows\System32\drivers\360FileOem.sys moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-85846730-1419635560-680840718-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\autoexec.bat moved successfully.
C:\Windows\System32\Redemption.dll moved successfully.
C:\Windows\MASetupCaller.dll moved successfully.
C:\Windows\MAMCityDownload.ocx moved successfully.
C:\Windows\MusiccityDownload.exe moved successfully.
C:\Windows\System32\cis-2.4.dll moved successfully.
C:\Windows\System32\muzdecode.ax moved successfully.
C:\Windows\System32\muzapp.dll moved successfully.
C:\Windows\System32\MSLUR71.dll moved successfully.
C:\Windows\System32\muzoggsp.ax moved successfully.
C:\Windows\System32\MSCLib.dll moved successfully.
C:\Windows\System32\muzwmts.dll moved successfully.
C:\Windows\System32\MSFLib.dll moved successfully.
C:\Windows\System32\3DAudio.ax moved successfully.
C:\Windows\System32\muzaf1.dll moved successfully.
C:\Windows\System32\muzmpgsp.ax moved successfully.
C:\Windows\System32\muzeffect.ax moved successfully.
C:\Windows\System32\MaDRM.dll moved successfully.
C:\Windows\System32\muzmp4sp.ax moved successfully.
C:\Windows\System32\issacapi_bs-2.3.dll moved successfully.
C:\Windows\System32\issacapi_pe-2.3.dll moved successfully.
C:\Windows\System32\MK_Lyric.dll moved successfully.
C:\Windows\System32\MTXSYNCICON.dll moved successfully.
C:\Windows\System32\issacapi_se-2.3.dll moved successfully.
C:\Windows\System32\MaJGUILib.dll moved successfully.
C:\Windows\System32\MAMACExtract.dll moved successfully.
C:\Windows\System32\MaXMLProto.dll moved successfully.
C:\Windows\System32\MACXMLProto.dll moved successfully.
C:\Windows\System32\MTTELECHIP.dll moved successfully.
C:\Windows\System32\MASetupCleaner.exe moved successfully.
C:\Windows\System32\dgderapi.dll moved successfully.
C:\Users\tatiana\AppData\Roaming\default.rss moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: tatiana
->Temp folder emptied: 12271532 bytes
->Temporary Internet Files folder emptied: 516483 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 154478085 bytes
->Google Chrome cache emptied: 22373920 bytes
->Flash cache emptied: 2434 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42744 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 181,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05212013_130707

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 13:20:21, on 21/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\OEM\LIVE! OSD 1.27\osd.exe
C:\Users\tatiana\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linhadefensiva.org/forum/topic/150496-google-chrome-não-muda-home-page/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: Sensor de Proteção STI.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [iNTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 

 

o problema ainda persisti,mechendo no painel de ferramentas do chromeachei essa mensagem de erro:

Blocked a frame with origin "http://googleads.g.doubleclick.net" from accessing a frame with origin "http://addons-chrome.info". Protocols, domains, and ports must match.

sera essa fonte do problema?

Edited by Eronilson

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • Malwares na instalação do TeamSpeak 3
      By fharlang
      Olá, meus amigos. Caso eu tenha criado o tópico no lugar errado, me perdoem. Tentei clicar em "Removação de Malware", mas a opção mostrava-se fechada. Agradeço a colaboração de todos no fórum deste site que foi recomendado pela minha namorada. Vamos lá. Comprei um computador novinho, não faz nem uma semana e já o impregnei de vírus na instalação do cliente do TeamSpeak 3. Tentei ler com atenção todos os tópicos do instalador, mas com certeza algum passou despercebido, ocasionando este desastre. Gostaria de acessar os prints que tirei mostrando os devidos vírus para listá-los aqui, mas quando tento abrir uma imagem fala "Este aplicativo não pode ser aberto pelo administrador interno", como faço pra resolver isso? Tem alguma coisa a ver com os vírus que foram infestados no PC? 

      Eu uso no McAfee no meu computador, foi ele que acusou os possíveis vírus no sistema. Quando percebi que cada vez que eu iniciava o sistema, uma nova instalação (aparentemente oculta) era efetuada. No desespero, instalei o SpyHunter 4 para visualizar melhor os vírus: foi identificado aproximadamente 300 malwares no sistema (até mais), e então, resolvi tirar os tais prints que mencionei acima para mostrar à vocês. Gostaria de eliminar qualquer vestígio deles e entender o motivo de eu não conseguir acessar alguns aplicativos por conta do "administrador interno". 

      Obrigado pela ajuda, amigos.
      ZA-Scan.txt
      FSS.txt
      MbrScan.log
       




    • SUSPEITA DE MALWARE
      By Rodrigow
      Boa noite amigos do fórum. 
      Fui acessar essa página da web (http://ethnomusicologyreview.ucla.edu/journal/volume/17/piece/583) e o  Internet Security Essentials (ISE) acusou uma infecção. O programa disse que efetuou a limpeza. Parecia tudo Ok. Mas, de ontem pra hoje, ao reiniciar o PC (3 vezes), reparei que o ISE encontrava-se sempre deligado (a proteção em tempo real). Ao reiniciar, eu tinha que reabilita-la sempre... Dai, desconfio que algum malware desconfigurou alguma coisa. Podem me ajudar a checar se estou infectado com alguma praga? Muito obrigado!  
    • Hotmail mandando e-mail de spam para meu próprio endereço e contatos
      By douglas.dha
      Olá, estou com problemas no meu hotmail, ele está enviando mensagens de spam para o meu próprio e-mail e acredito que para meus contatos também, não tenho certeza, isso está acontecendo a um bom tempo e mesmo com os antivírus rodando isso continua. segue em anexo os arquivos como foi pedido, agradeço desde já a ajuda.  
      OBS: ao anexar o arquivo mbrscan ocorreu um erro, por isso enviei ele para meu googledrive, é só clicar nesse link para acessar no formato "log": https://drive.google.com/folderview?id=0B5vCfIOIj3GNcWJQNnZmcWJHcE0&usp=sharing 
      e também transformei ele em txt para conseguir anexar e anexei aqui junto a msg 
       
       
       
    • Meu Processador Esta Chegando ao Maximo de Ghz (3.0Ghz)
      By DaltonLLinsGamer
      Meu Processador esta Chegando a utilizar 3.0Ghz dele mas quando eu vo ver no WINDOWS 8.1 32Bits ele não fica no 100% invez disso fica normal mas os Ghz Fica no Max. Eu Useir o OTL Log Analysis até ae tudo boom so n sei como usar ja excanieir
       
       
               Relatorio:  
       
       
    • Vários problemas com meu PC
      By Silva Santos
      Pessoal, estou tendo muita dor de cabeça com meu PC, que se encontra com vários problemas. Segue abaixo a lista:
       
      O driver parou de funcionar e se recuperou (principalmente quando vejo vídeos ou quando rolo a tela demais. Nos vídeos da Globo, por exemplo, e do YouTube, quando a tela pisca e volta os vídeos ficam com a tela verde ou aparece a mensagem de ocorreu um erro) - DRIVER ATUALIZADO ESSA SEMANA;
       
      Por falar no problema do driver de vídeo (placa AMD), é justamente quando vejo vídeos e rolo a tela demais que os navegadores também fecham, qualquer um... Já testei vários navegadores, inclusive os desconhecidos, e até abrir um tópico sobre isso aqui, mas as soluções indicadas não me ajudaram;
       
      Meu PC foi formatado tem coisa de 1 mês e meio por aí, foram duas formatações e mesmo assim eu vejo ele lento demais para abrir as coisas, por exemplo, ou quando desligo a tela do monitor e fico um tempo sem usar e quando volto e estou com algumas coisas abertas, demoram à carregar, e inclusive dá umas travadinhas, por exemplo: a rodinha que fica indicando que o site que você digitou tá sendo carregado dá uma travada no meio do processo;
       
      Mensagem de que o Windows explorer parou de funcionar, e em outros programas como Paint, PhotoFiltre... Isso percebi após tentar mudar a Dram Voltage pra ver se consertava o problema do driver... Já restaurei o PC para um estado anterior ao problema, mas nada adiantou... Também voltei para a Dram Voltage que estava antes da mudança;
       
      Ufa, por fim, e um 'problema' menor entre os demais, não consigo tirar a mensagem de insira uma mídia removível da Central de Ações sobre um back up que comecei a fazer e cancelei... Já tirei as notificações de back up e o agendamento deles, mas a mensagem não sai...
       
      Bom, espero que alguém me ajude em todos os problemas, se possível, agradeceria profundamente, pq já estou quase mandando formatar de novo, mas e se pagar e nada for mudado? Por isso antes passei aqui novamente.
       
      Configurações do meu PC: Windows 7 Ultimate 32-bit SP1 - AMD Sempron 2650 APU with Radeon R3, 2,0GB RAM (em uso um quarto somente), AMD Radeon HD 8200 / R3 Series.
  • Recently Browsing   0 members

    No registered users viewing this page.