Ir para conteúdo

Foto

Google chrome não muda home page...

navegadores malware

Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
79 respostas neste tópico

#1
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

Boa noite,cá estou eu precisando novamente dos serviços da Linha Defensiva.meu problema é o seguinte,de uma hora pra outra meu navegador (chrome) mudou a página inicial,

segue o link na página que não sai da minha home page:http://addons-chrome.info/,

e simplesmente não consigo alterar pra minhas guias abertas ou só pra uma página,já fiz de tudo desinstalei,reinstalei,deletei tudo da minha conta do google e nada resolveu,até deletei tudo da barra de favoritos,e pequisando pelo google li em alguns fóruns que poderia ser algum malware.vai em anexo os resultados do hijackthis,FSS eMbrscan.agradeço desde já pela atenção.abraços.

 

 

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Eronilson,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://download.cnet...4-10804572.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554



#3
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

estou enviando os resultados do adwcleaner,jrt e malwarebytes,todos foram executados com firewall e antivirus desativados, executei o chrome e o problema ainda persiste.

 

# AdwCleaner v2.301 - Relatório criado em 16/05/2013 às 20:17:05
# Atualizado em 16/05/2013 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (32 bits)
# Usuário : tatiana - TATIANA-STI
# Modo de Boot : Normal
# Executado de : C:\Users\tatiana\Desktop\adwcleaner.exe
# Opção [Remover]


***** [Serviços] *****


***** [Arquivos/Pastas] *****

Arquivo Removido : C:\Program Files\Mozilla firefox\searchplugins\v9.xml
Arquivo Removido : C:\Users\tatiana\AppData\Roaming\Mozilla\Firefox\Profiles\jknh4or1.default\searchplugins\Web Search.xml
Pasta Removido : C:\Program Files\Protected Search
Pasta Removido : C:\ProgramData\Ask
Pasta Removido : C:\ProgramData\Browser Manager
Pasta Removido : C:\Users\tatiana\AppData\LocalLow\simplytech
Pasta Removido : C:\Users\tatiana\AppData\Roaming\Funmoods
Pasta Removido : C:\Users\tatiana\AppData\Roaming\simplytech

***** [Registro] *****

Chave Removida : HKCU\Software\APN PIP
Chave Removida : HKCU\Software\Conduit
Chave Removida : HKCU\Software\e4daddb43aba47
Chave Removida : HKCU\Software\Funmoods
Chave Removida : HKCU\Software\Headlight
Chave Removida : HKCU\Software\Iminent
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Removida : HKLM\SOFTWARE\e4daddb43aba47
Chave Removida : HKLM\Software\Iminent
Chave Removida : HKLM\Software\InstallCore
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Chave Removida : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Chave Removida : HKLM\Software\PIP
Valor Removida : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]

***** [Navegadores] *****

-\\ Internet Explorer v10.0.9200.16576

Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.v9.com/?utm_source=b&utm_medium=fft-1&from=fft-1&uid=SAMSUNG_HM321HI_S2K5J56B324890&ts=1359550889 --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://search.v9.com/web/?q={searchTerms} --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.v9.com/web/?q={searchTerms} --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=43168&st=bs&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&q=%s --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - (Default)] = hxxp://search.certified-toolbar.com?si=43168&st=bs&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&q=%s --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Page] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com
Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tguid=43168-3579-1365438742898-114774&st=chrome&q= --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (pt-BR)

Arquivo : C:\Users\tatiana\AppData\Roaming\Mozilla\Firefox\Profiles\jknh4or1.default\prefs.js

Removida : user_pref("browser.search.defaultengine", "Web Search");
Removida : user_pref("browser.search.defaultenginename", "Web Search");
Removida : user_pref("browser.search.order.1", "Web Search");
Removida : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=43168&tid=3579&ts=1366923739268&tgu[...]

-\\ Google Chrome v26.0.1410.64

Arquivo : C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Arquivo está limpo.

*************************

AdwCleaner[R1].txt - [11896 octets] - [16/05/2013 20:14:42]
AdwCleaner[S2].txt - [12064 octets] - [16/05/2013 20:17:05]

########## EOF - C:\AdwCleaner[S2].txt - [12125 octets] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x86
Ran by tatiana on 16/05/2013 at 20:24:06,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\v9software
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{81F43F07-5FF0-4F33-B742-F0EC251E4310}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4DD511C1-08CB-F8AA-A483-7C4F1027EE47}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\tatiana\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Program Files\baidu"
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0056583C-0F35-4DFB-9E5A-82682436F545}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{00B61C19-61D8-4302-B948-69ED51083EA9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{00F3B836-2D5C-45DE-91FB-DFB62CD564BF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{01235441-0382-4D10-9ECC-8C99987AB0B9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{01C2BA62-FFD5-43FA-AC25-573E29607BEB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{01E9CFFD-ED0F-4F17-A1B7-051132B32BED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0215C8CE-06D7-41A8-9755-087102E5F58F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{029BFAD3-29EA-46C8-9FF3-1A0456D41B3D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0488CD48-F292-43E5-8876-1750F286FE48}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{04B33B9F-BC6C-424E-A576-5354B08AA23B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{04C1F895-8379-4849-8F5A-C382225551FD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{05539EEE-3026-418D-B08B-48C301B45B51}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{05E8486A-FEBD-4AAB-9623-3D4B16104D09}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{05E9C963-B68D-49B4-A6D7-8442A130C83C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{06420A77-5D96-4B30-BC6B-D1FFA942B017}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0729D39E-E388-4F4E-B1F0-102B3887CFCC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{078FCF0A-2AA0-482C-9DC6-80088B66F831}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{07B3CEBD-AD4E-4429-AE2A-9DE8D2228EEA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{07BF42A9-B49E-43A5-8197-AF0D5050447A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0A2D667D-A404-4704-B22A-5531EB760BEC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0A56B607-33FC-4EF3-9DB0-3EECF9339062}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0AADE832-4DB1-4B89-B617-18A275F5068B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0B710EAE-A5BD-4E64-9212-1AB1DD72266E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0BB9BA01-FAC8-4B9C-8BA5-B5BE10F875FE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0C335CC0-D72B-4FD1-8458-0E7C407D5CBF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0C33E55C-649C-4C17-B64E-333C0E917AE0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0CD6C5C7-EFF4-4B0C-BBB9-35FF2A19AED2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0D1F12EF-B43B-4113-8985-EBE1BCD99C29}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0D403189-C9B9-4EE8-B6DD-FA23B39192C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0DAE44E9-64DC-4FD1-98F4-C800216BFA6A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E143ECA-0563-47CA-AFC4-033108A0318E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E6C9428-F88B-4698-970B-8ABF6037C32C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E70C345-CF95-4E99-9224-BB0888179D78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0E761781-F301-43A2-9007-8C2B32F5E153}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0EAA3FF2-D7ED-4B55-8E43-EE6B8883BE70}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0ECB5418-9DB4-42B6-A856-BDD656FE3E74}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0EEA234C-FED6-4950-A6CD-36E73002BE19}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{0FA049A2-CEE7-4B7F-9212-53D3EDA2C315}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{101C8075-6DA4-4956-8978-2777DB4F6B89}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1077D302-5AFB-45E7-BE9F-0555607E70C0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{10D8112B-805C-40BD-9062-F62FA393F755}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{10E8CF81-E043-48C3-9B43-775AF3EE0AC7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{11644CC7-1CAC-4D3D-B254-F2A30D0E9A4F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1165BFFB-EE09-4164-B60D-E812B9831117}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{11FED1B4-DE9A-42C0-8C75-CC224D791E93}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{12529225-0806-4428-A5AA-EF99B5212BAA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1270B897-00DF-4449-BFDE-B2AD5BBADCC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{13D64347-4D6C-4D2B-B6B0-A9C9CCC630BC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1430FB52-E5DA-44FE-BA9F-AAD1860CC043}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{144927BF-43C1-485F-9130-628884EED8E8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{145DFF7D-92FB-4902-AFE9-A6D5C1C6F6AC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{154AC319-9325-4723-87A2-3D7C93C3EEC2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{15D54F54-A607-4AF2-A745-812668CFC363}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{16FF62AC-0979-4C84-81E3-0DA00EC6F924}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{192135E5-C748-4C4D-AEF0-F98FF67357E4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{19314BB1-E45E-400E-96A8-1AAAE6D51E59}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1962C6D3-7EA9-47FA-8EB2-BCB140894095}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{19C7B774-8F8E-46ED-B0E3-C8857B2D0BD8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1A059987-F2C6-41DD-9C57-B5D2A7A5539B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1A7AA1B3-177B-4CC5-83C4-76F13134E346}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1A9DB3C9-C797-42FC-89A0-26C45FBFE354}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1C02460A-277F-44AE-BB74-1CAD0BE5AB67}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1C144EF8-8792-43D9-BB46-C7128961D507}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1C43E5A4-1C70-4024-84AB-479A3448B983}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1CC02052-01BF-4804-8377-7D87AEA0E655}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1D462D5A-7BA2-472E-A55F-110E59E0F3C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1DAAA417-D1BF-46DE-AA24-84D9E2EDF506}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1DE1E201-A6DC-410E-8C68-C08D6A2E9A1D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1E2345DF-21E0-4620-B108-C9A9FEE0AAF5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1E9770E6-6363-47A4-9E64-A79D71AB8A32}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1ECD79CF-C030-410F-B2E0-18B05650E28B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1ED0595D-3065-4598-8788-8AE443B205DE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{1F86B08C-3828-41B6-B466-E120C6A98EF2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{20526580-F339-432E-B212-B1537B47BE9C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2057093A-B12C-4F66-8D02-902F3CA5E9C7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{20FA77AD-A237-455A-AB80-647993BC5A9F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{226B2CFA-B844-4B39-A330-A33EE4F7A2D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{22E90CE4-3A6F-4EC1-B196-2C3DD83316B0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{23146E21-D57E-458B-8F45-7B992A43B9E3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{231EB541-9EEA-4C6E-90DE-A85726C0F316}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2475A716-8C21-453A-B073-21CB254B2257}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{250960D6-9943-43B9-8255-889B8AA584AD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{25279E84-045D-4843-B888-1B0BFA413D8F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{255D60F1-E45B-4AC6-8C06-83A79382A9B7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2699D275-1D64-4B91-A108-6C7FCF0453D1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{269B6763-5523-4739-8E3E-A65EE181DF57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{26C4C83A-95E6-4453-B8E1-70682821B23B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{26FD0948-5688-4A19-82F6-1915EFA3D72D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2766756A-6288-450B-88B9-050D29EFF790}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{27DBB581-F6E4-47E1-AB4F-D8B15308CDEB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2849C66D-5DEE-4898-A5E1-BB67DE2D231D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{29393AE9-A732-481A-A651-884E1BAC354A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{299AADFD-F2A2-4313-92EC-0A75C672ACD7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2ABD2CF2-2FA2-4CBE-982F-7373D2131E2D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2B651FE2-628E-444C-8173-E658680CF1CC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2BBF93C0-7D36-4F25-AAE4-49716B439FFB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2C35B76C-F3D4-420B-87E2-A407B27589D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2C3DE9DF-B64D-4564-912D-4F841607774A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2D10533F-A974-4D35-98F3-8F095511D6F4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2D307AC9-83DF-4CD3-8C86-0EF141899A7A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2D9B9465-59D9-4350-A93F-459F808F2FD3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2E0E1FD4-2CD2-4F30-85B9-1470C902A283}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2E437CD6-2D23-43C9-8F0F-A68EAB095CC4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2E64E26F-C968-4558-94E9-1D8909F77B2A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2EC87000-E88C-4319-8122-AA9B80E55BED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2EE43867-3652-4F7E-873D-69314912B5BE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{2F7DF284-E91A-42E0-981A-CF39CF1DEF0C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{309FBE80-F13A-4CD9-AE63-A91F65E66DFF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{30A260FE-63DF-4BC2-8B20-1560078C8281}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{30CA0236-597F-48F9-A8F4-67226D9E6A4D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{30FE6D1E-31EF-42F9-B973-C900C679E2D5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31158190-5D4A-4CDB-8636-C355A5A16506}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{317E59B0-040B-4A15-AEDF-4B74AB7699B0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31A62356-1310-4DE7-969F-D22CCD3C7EC3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31BC5F5B-22A4-478D-B599-4665257DCFC2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31C3313E-3287-4D90-8076-A44E33AD7157}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{31F2ED6C-8783-4AE7-BAD7-0D24A09D1973}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3230C892-6AEA-4B42-A144-028AC4538D50}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32689885-4D32-4EFE-967A-53ACF1DCEDE1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3290B76F-9856-4197-BA70-F8D803155038}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32B46E57-6A2D-4454-AF44-BF43F92FC6E1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32B611A0-4931-4DCF-8861-7BC3631F85FA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{32C07459-BCE5-45A4-91FC-C334F16B9089}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{33346B2E-64E2-4FEC-8AD8-268FDD0EE1A5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{33535A5D-05DA-43CA-AB27-ED635F6F5FF5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{33870C9C-3AB8-45D3-B077-9FD2A51BDC3A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36317B69-4CC4-4C29-8D4C-050081D96B72}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36B29058-BF1F-4634-A4C3-BB91C22A47A3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36B3B037-74ED-4AAF-8C3D-DCA9A42C0A41}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{36F60996-C8C6-40D7-99BE-E9BFC9DDB26B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3719387E-B501-4DC8-A049-7094D3D7834D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{37C4B90F-4EE6-4E6B-8A38-A91931C2575D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3860D68E-C124-4286-8A2B-3DAF57F760D2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3891BCEE-1C01-4767-86C7-91E2B342153B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{38C50D2C-3F0B-4955-8C38-570EA392CEAA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{38E7B86D-BDC8-494A-AC04-5BDFD2795287}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{38EAE45B-B3C3-49DF-A51C-C9D01523BC85}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{393ED896-C532-4E4F-A94B-1FFD273A06EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A647A68-F9E4-41A7-9D7A-4A64F61A5284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A6A57B1-EB6A-4A17-9C81-D648A1A4F6B8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A8A9B83-34AB-452F-B538-C8931987ED27}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3A9902D7-84E1-4213-8F72-51C2721F5486}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3B753BEC-6B45-4D1C-9FB3-EFACCB5671EF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3B9CF24A-8428-4903-BF31-CA8AAF247E84}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3BB906AA-3C1D-47F6-BC9B-1A60F4CE9C57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3C09C521-88C9-4786-B3A5-BF756C78D079}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D3E7632-E46A-4FEB-B1F9-8533AF855924}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D3F2185-565D-414C-B47D-94E59E1AEDEC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D44C85D-D974-405D-8BB8-8E2D3DC5AA37}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3D4E27D5-ABC4-4F5F-BE93-E18CF868A9B1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3DF29F79-AB0C-4BCB-BA45-755C654952AF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3E1401C2-FFA9-4E40-B495-66082C61B82F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{3F417CE2-DBC7-430F-BB98-102A29FFE689}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4056135C-B3BC-4DD1-8F63-17C076FEA3F4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{40F0F075-E30A-4CF8-8726-3314222342D3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{41742B7F-6BA2-49FB-AB85-0B2F37A0E980}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{417E2C82-41B2-42F6-9B2E-B2FBA203855B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{42377271-1BE6-46AB-9EB3-6DF4E2390064}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{42D77D1A-39AC-4C5C-A7BD-6D5F59B5DF19}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{42F43664-97B4-4CB0-AA92-D86A858DB78A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{43071C7F-42FF-4CEB-8B88-BD6A91918BD0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4311FEA6-6EA5-4704-8D7E-0ACB737C2C23}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{43755B3B-BC8A-4105-8033-16578DECBDB8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{45283E32-9039-4801-AE41-759587A61330}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{45BA0BE3-11FC-4917-9A14-361E4BBB7CD1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4624FA4F-B121-4948-9F7E-CB4C7F35CB14}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{46BADEB0-276C-47AC-A2F8-24902624AF08}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{46C184A9-BB2E-402B-A01F-CA81EFA4921A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{46F92E72-700F-44C6-83B2-2C639ED983C0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{473B164C-BD25-45C8-9372-12BB92ED6E8F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{47C428A4-03DF-4382-8131-36EE41F198EB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{47D8B7AE-8858-4F62-B899-56E237286497}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{47FFD273-EF24-479D-818D-6583BE1CD993}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{48000383-1539-4CE4-85FC-3FBF3DBD2D71}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4872CA6E-0D7C-4457-BD04-34F26A1EF9C0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{489F231A-EA17-4678-A584-F1E23DF41C90}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{48CE825C-8523-46EA-B926-DC280CE1C9C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{48D33FDD-3506-4FAA-9EB9-4A84B88E924A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{492C466E-5CFF-449F-8590-22E23957AAD5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4946A1BF-D8E0-4056-AFA8-D3CB7E84C15D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4980B659-FA45-4DF6-94BF-1A3B66FA8668}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{498E4CA3-0D94-40C0-9AAC-582B48F30393}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{49BA4726-E45E-4EEB-91C7-4DDF33900ACF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4A320E56-85AD-4B7D-802D-2B2E41A7821D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4A62460F-4A3B-4C23-9F33-4C4C38F546F8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4AC4EA66-312F-43CE-B100-9F9F9C1BB96D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4ACD1AB7-5497-4BD5-925C-A46AA426A975}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4AE950E9-665B-4F73-B0AA-7905B81D8E88}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4B28BF5C-099C-4940-ABA2-49F97E5A3090}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4B4CFCC1-04F2-4E73-9998-14B0A9ABD71F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4BA8744E-5B32-4565-BD09-46D95D45A91D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4C53FB86-1E1F-4085-9765-4E647A89424E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4C783239-901B-4BAE-950D-327CE1E3A421}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4D67AA07-8C5C-4705-8FC0-F5B8F1A5D270}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4DECBDD7-3BCB-40A4-8E64-9CB2645E9835}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4E53B495-837F-4A78-AFF4-BAB99997CEFB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4E65AC73-A735-469A-A31B-733A3417E64C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4E75D71F-4008-4338-8281-B139D0259CC3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F22D742-0774-4559-A676-AB49317A5F6D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F6DE60C-B104-41E3-B822-FE571EC853E5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F763584-0E4D-4517-9D3E-1A6AAC21CBF8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F86D5CC-B2DF-4AE9-AD7D-51D923458B00}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4F9CE5F9-53F4-47F0-AEA3-5B8BF27F39F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4FA4AB6A-C8D8-42A3-8F5B-49868946445B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{4FBF5E23-D241-4BA9-BE35-EF0375A4432A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5002599E-0D3E-470E-84BC-17B71D98D8BD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5018F2A8-B13C-457A-8B0A-5758B9B289FD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5021F821-A454-4815-8026-25B1B7A42A88}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{50411E0F-2BBF-49FE-A3DF-32C6B8D92C57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{50BB5E0F-A404-4B27-B177-C00ACE0EEBFB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{50F5953C-6B0B-4326-AF8A-0B49425A229B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{51371937-CE5E-4BB9-9A3D-37711B4F1431}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{518C5FF1-39D1-42EA-9198-BF6974EF72AE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{526285AD-EC32-4766-9E15-693F9C62849A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{52723B5C-E72C-434F-B1AC-6A0FFEEB2AF6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{52740A9C-28AC-493A-989D-F10E45FCA81B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{52AEBB85-9A53-4C9B-AAE1-6BB10A6C9A4D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5316117A-22E5-424D-9522-305CDFD7EF7E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5361BAB1-71B0-4C3B-B478-BE883EBCAA35}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5399B357-EE09-4867-B6F6-6D98E7621BBA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{53D07F78-D308-48BA-8CFB-918C35A2C399}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{53D6B72C-D0E7-414D-BBC5-7ADB1F0F945C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{53F4B923-0FA3-4499-B323-B254F84B6966}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5486D82B-827C-4BA5-8122-D4014231C96C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5497B2BC-992A-411F-B58F-3C6A4CFC09D7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{55256C4E-0ABF-4092-9982-39870661ABE1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{55815DD1-4029-48E4-91E9-1B1DDF02DEE9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5793B170-D57A-41F2-A09E-9FC8607BB59F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{57A736C4-996A-4015-9BDC-FC2283C2A113}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{583DDABA-1C71-4793-A0C3-0BB81CAF112D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{58B14640-339B-4F56-B091-273F9903F5EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{591DFB5B-C2ED-4E35-B835-DB75623FC455}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{59C1E356-1108-4F91-AAA3-FEEA888EDB88}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{59C5038D-4E90-422D-942B-F789FD56DCDD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{59C5938F-AD64-410C-8777-9ACAD586FEB5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5A96681F-2E9D-471F-AFC4-1E23C2393217}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5AA7157E-0716-41A8-9AEE-84DC135CEFA2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5AB5AC26-62F4-4C69-8B81-2309C8337BB6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5ACEAEAB-9E0A-4885-8759-A671C5B3EFDB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5B00D079-FFC5-4A49-A2DD-8607DBF967A6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5B46E085-5882-47B8-9F52-2C882A8A8389}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5C60F01F-1747-4BB1-B4A0-421418FDBDB9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5CADA78C-D139-45FA-A906-F90702C80A32}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5E0D10A9-5CC1-453F-9585-AFD1E163F4E6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5E2769CE-B0F1-49BE-B9D4-8F92AA03C038}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5EA8762A-2952-4380-BFDE-064335C387D7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F2839B1-52A3-4D72-BCC5-02CD8199A1BF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F30837C-5901-4165-9239-289C04821C34}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F312FDF-9CB6-4192-8A52-B5E2E88DD17E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F738621-0F51-4092-B0A7-DF8112529C09}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F8D2C27-5D05-4FCD-9C73-8B88B877EBC5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5F9B8E4C-7C27-4F16-B659-29DB0895C864}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{5FE52734-7729-4A63-B1A8-D08ABA7AC249}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{60165DD8-1DAE-4F16-B413-83C19E984EF9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{608EB031-B80E-4080-B825-6B6DEE4F6E99}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6097B16B-1E0B-4A4E-9977-64BAC8914939}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{60CE6486-7DD1-431D-8092-DED90122F9D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{60E6801F-4F70-4B85-A5CC-FAFF9EA586F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{61132226-57D7-4A87-8AA1-B12750FC5B0A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6138206B-6083-450E-9EA2-1A81D639B2BB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6141E42A-1B54-4618-9700-466F623A807C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{61A1F9DC-18D0-4881-A750-3D7CD23E8022}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{626B31F7-2CD9-4F50-94E9-4A4CD5981FC5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{62A5CFFC-D536-4E73-9F94-5F670C3C7A55}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{659E060C-AFC6-4EBF-9C1D-3C020F940882}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{668B8043-28FC-4BD0-9579-4E5AB3D5F97D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{66C9242B-9087-413D-9AD2-EA70020AF33A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{675CFB46-BCA6-49D2-B9AB-04F3AEA70B1C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{67A53D32-9E26-4668-B21C-81ACBB705864}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{689EE268-3356-415C-B0FE-EFEE0C7DB618}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{68C50F98-238D-4443-9BDD-0FD6E535B1D1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6923EEE7-7546-41ED-B628-0BEC67105637}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{69555218-728E-477E-BF1C-0DC091156A3F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{69669758-9A20-4A43-9B1E-06F3511D0848}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{697F5330-0019-47EF-820B-7CE3C937CB57}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{69F2F6D5-8FD1-4359-9D02-41F294CC1E20}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6A4A52A9-A46E-4F67-8259-54EC2F449150}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6A8553CA-9726-4217-A7EF-127CCD890ACB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6BDA08EF-7897-4E12-BC49-56031C77169B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C024870-DBCE-442B-A1DD-429840845DC8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C14FEE2-A479-4581-9757-1A8851ECE4EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C18A6F8-38FA-431B-BAB0-5A92ED756032}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C52AF52-1D0E-4B71-8C46-F5D78E05980C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6C86543B-3676-4748-8656-C2D8C9F92BC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6CB9BC39-461C-4C72-8B5A-CBD6BB9614B1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D473FA7-A92E-4565-BE7E-3180FAEA79C3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D5399A9-7EC7-423C-B72E-89E96CECB869}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D63DBD0-C8CC-42FC-A35B-F24CDDA9495E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6D6ED033-925D-46EC-B8B7-95B53684379F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6EE591D7-9D43-4397-94A9-E64B672C214C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6F670E26-A9CB-417C-BB56-7927D634C617}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6F9F50CB-AAA7-4176-82D2-5B1A76E045E8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{6FCB023C-6EE6-4F4E-8992-E03DC83F9FC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{70C51B3F-0DE6-442D-932D-16EABDB0E4B5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{719E2620-6B58-4B45-8D8A-DE56B0E0F1E1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{725460C4-5E1B-409A-9A84-44DFB29423F5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7266AB35-D561-430A-BB2E-370D5FD25E7E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{72A636C2-19E3-473F-8876-08F6051DD071}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{732C624D-DBC7-47A1-9F40-D1C7F4A456C4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{737C4481-F5CF-43CB-A3D0-1580A3887E89}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{73988609-9C7F-4A94-9FD1-C43614461B0E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{73F1208A-F5EC-4C8B-8CE4-81C39D25C6E0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7412AFF9-8F60-4B70-A39D-AF493C044ACE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7562AF1F-FAC2-4175-841E-F9CE9FD71A95}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7566D284-3D91-4447-AA56-0EEA62803DCA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{77E43B67-A831-471E-B7F8-905ABF91E817}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{793EF86C-4C61-40D9-B480-A012043581BA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{795086B7-81AD-4440-8F77-73BF296C6397}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{79793B7E-260A-4F80-BAF3-A159878C2596}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{79C083A5-FDAF-439B-92CD-260F88629C1D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{79D3E6C8-A6E6-48EC-B4ED-50F70FA8F043}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7A0BF78E-0E06-4815-A60F-A3336AF4C284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7BE420B3-AD94-4EFA-9650-CE6CB20764FD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7BFA1C49-4FD4-453F-909F-9B79647051F9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7D5DDB6D-61BA-4B02-B0DC-AC8879CED759}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7E0A9537-E8AC-4E21-93D3-9ECB5DA4232E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7E740E7B-44F7-4C01-A612-53B66EB4EA71}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7E9A620E-6B96-481D-94A3-2D631FB72912}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{7F07103D-F1C6-436D-A887-986556636187}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{801B36A4-C69E-4C9E-97D9-68A2ED20E0EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{80D3E844-17C4-4AF8-BA3B-D562040E5527}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8117F616-BAED-413B-87B6-A8009F032284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{812A1A2A-623C-47D3-B745-0B2576AD9284}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{81D83616-A6D3-4ADD-B90C-E04A3614E135}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{82CE14DD-756B-4395-98BC-9954F72911C9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{831AFB9A-CFD4-4287-9363-CC61F3788620}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83293AD5-3E30-468D-A835-6A98DAAC5230}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83E716AE-2FC1-4466-93B7-F88A7E8B558B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83EF1E7D-CFA6-4E75-B1D3-6EFDFD680443}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{83F052F6-9F0C-413C-A2D9-65B04A94E50F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{841C9AFE-A0C1-4358-8B82-94025A593A5D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8508F323-EF23-4CAF-992F-ACC4FF2D900E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{85386A79-3674-4D29-BAD1-415B08B462F0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{853D9947-3B8B-48DC-8121-0AA13C52C12C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{864880B0-1406-484E-8A50-B80B5D1516CE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8686A8E8-6A00-4268-8CD8-0AEDED064CA6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{86B9826F-13C6-4BDF-B6A2-19B302211549}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{86BC52DB-DA66-491F-A36B-FC11D858CB4E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{86FF7D42-CCC5-48AC-A519-A82E72022EE9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{873FF2E4-7E48-4D94-A5F9-1E44A86AE4B3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88103A60-A084-4089-916B-A0762C6081CA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88976F2D-0083-4BBA-87DA-D7AA034C40BA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8899000E-82BB-4DED-BCD7-FA6024FF2877}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88DAD7EE-2AF5-4E4B-8F27-89BB36298C89}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{88FD2E53-E227-44B5-A27E-F97222BC155C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{89D20272-CCF3-4479-A972-94EB345F85E3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{89F35CBB-C6C1-4DEE-B42F-B6CA8CC81E3C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8A19C4E1-3E7A-4BB7-85FB-9C1C18DD4173}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8A4A27D3-DF21-4297-B33D-F31015861141}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8ADBCFA7-5C1A-4D31-942C-1E976837A9B5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8B2AE5D5-2334-40B0-AB9F-D4C0A8282D05}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8CCC4741-7E9F-4495-9FCE-5928E455A077}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8E0D578C-62E9-4396-8589-A305C4D42CEF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8E869F2E-49A8-43A1-BF00-41A32D59F642}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8FA3CA2C-EC73-4159-AF64-8E9403505C07}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8FAC561F-3A39-4403-84DA-0A5A1239E394}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{8FC30D91-6C93-4FA4-AD0F-5B283BF48B78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9027F1D6-4F05-4327-A186-E69FECA52AEA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{907F436C-0EC1-462B-8A7E-02E6BB1C7A93}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{90B0388C-A1DF-4F82-95EC-D7BDA471D952}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{90E2073A-E45F-42A2-A9ED-FFC957ADBDDD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9161E06A-C8C9-477B-B810-F354072BCE0A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9172AC74-F44B-46CB-AE84-63A7F57C968E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9199DE3F-117B-4068-BDEA-06474817D904}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{91B4FE4D-CCB7-4E6A-885D-F8D441EA491B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{91FCCD3D-64B3-48A9-B970-5A722DFAD80F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9233CD94-7880-4209-BBC1-F8E3670A0DA6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9339A80E-2AE9-4BA7-B27C-7AA4F20F8A9A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{937B9D48-F4BB-4ACB-899E-53698C1DA3AD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{93C3976B-DB4D-493E-A3EE-ACDAA72DB896}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{95228A01-1C7F-43AD-B6B0-F02D809902BC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9590D592-A0E4-459A-9D94-3B87DE6D5754}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9634970D-3320-408B-8BD8-C4423E6DD746}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9681D70B-C964-4F38-829B-B79986EBD2EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{97167501-F332-4D59-BF0F-CAEC1BC5A7D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{971BFF9E-AB1B-4699-8B50-292CD3619D0D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{97E2848F-8F0F-463C-9D35-BD57AAEE4F78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{980A1CCC-9505-41E7-BC87-FF088C79B177}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{986DC75B-DC8E-4000-88F0-768741559F95}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{98E06B0B-6D92-477D-991C-455A78DCD5D7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{995F486F-B24B-4F56-B65C-F7AAC2B7AA4C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9A80EDFE-6A88-4A3E-B167-B22FFB2030F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9AA50EC4-85C7-4703-BA19-2680F8702717}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9ADCDAEE-59A7-4FFB-8ACA-4AB3001B7FDC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9B5FD8A1-8D1B-49EC-AE40-A0752DB4DE2D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9B8EDC5E-58E6-42DF-BE8F-E558B1F30ABB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9BABA211-B75A-4803-94D8-3DB04CB0FFC0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9BC71BE8-0B33-4152-8176-8E8D10707F2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9BF42BF7-1293-4583-A538-C2318F57DB38}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9C9D89C4-893A-4BD4-B1A8-B166E34C7E8E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9CBC17AD-018C-4415-BF21-8233CDB537CE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9CF3D18A-1C41-46D6-ABEC-2A64B1D03C87}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9D10F4A8-1D8A-4391-8F1F-31DA3834465A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9DAF2771-6184-4B40-BE83-6403AB7B7FD1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9DBF1006-F721-413B-8B42-EEB81015DE3C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9DCDDEB2-7DFE-4C83-9F06-169F21FD082A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9E500E8D-F63A-4230-8A05-30FB1CE59DF2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9F95EA55-DB82-4D6B-A0A4-CF9288AB97EA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9FB72DAA-77D0-4FFD-AB70-854805CC2F00}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{9FBAFFC9-D7DA-42A8-9DA1-0D3DFC5F3140}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A0A8F1D7-4CB6-4BFD-92CB-DBC3A51C7515}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A0FD390A-013E-4E9F-A801-160E31DAF755}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A111E26F-7665-47AE-9E0E-58BDBAE82D73}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A19A0061-892C-4890-92DB-DAF8E08C3DEC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A1FAE5F8-55E1-4E38-BAF7-531973A3B1EC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A24F74B7-D6B4-4108-800D-FC1E675B0A24}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A25E73C5-7F6E-479C-8565-875E178570B4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A2BB754A-45C5-4A27-A146-5489878BD77F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A2BC31C9-88AA-4451-A906-B193A5EC9633}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A37DC381-054C-4929-92A7-D0443617E6F6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A3CAA3BD-3447-4509-8B38-D12257F35B92}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A3CBC9B0-5A8F-4942-B06D-05D4CFA7A59E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A547BFAB-42A6-4130-872A-259127037ADF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A5855CBB-51D2-4876-8C43-D193E5A3975C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A5E6F073-58F8-40B6-91BF-41B60BEE0267}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A6238876-E996-42E3-96CE-FFDD65B7BE1E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A6A5E955-1B48-4B03-98BA-36EB45665051}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A75B5CDF-8113-4451-BD79-BB38B4D38591}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A855A17E-0D47-4D5B-A8C6-820B6DA46C2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A88DADDD-CE9D-4A4C-B417-681AAF08C830}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A8A91AF2-D588-439C-8641-3931CA659EA5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A8EE2ED6-68DA-48FB-98CF-9D2D1734A3D9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A927CB80-D5C8-4BFC-BAF1-4195EF0A2B26}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A928F956-3853-453B-B5CD-8B1EAB97CACD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A9A9AA71-F304-4A8B-B062-0B3E8912700F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{A9AF635F-2CB3-41BA-9FA4-BC21F076B1CC}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AADA5BDC-932E-4053-BE2F-73EB20148F00}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AAFE3101-DBF6-4ADA-81A9-3E8F24F7BEB5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AB89CFAB-6313-456E-8AA1-41FEFE410E07}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AB974355-7090-4F28-B050-ADD24508BD25}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ABD1B55B-C6EE-441D-8BE8-3326BEB28C67}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AD4A3304-A6E2-4D59-9966-5018CB760912}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AD99D1F3-F904-4186-8939-98AABD5EA97A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ADC7C133-A25A-48E9-AB1B-02CA4D186104}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ADFD3F87-DE98-404F-BDE4-10C6CE7B4F2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AE6852EB-A32E-45D8-87D1-BCD8833388D5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AE8E7EA6-1137-477E-A8F6-11151791649B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AF491AF3-CFEC-45B4-9066-76D6EF41AB72}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{AFC4242A-FDD9-4FD6-94F3-35BD6872FE83}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B07F8028-02DD-496D-BE41-62F21D053295}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B09530BA-B0E5-46CF-BE03-5E89CE406F78}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B12E4033-9603-46C3-8609-855B79DEC9E9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B2030255-0CE4-4AE6-A7DD-5F8B3DC14004}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B21C015A-4671-40D0-8AFB-AED29CADDB81}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B2A6A315-DA49-407C-8752-C7A47D9A4944}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B2EE0AAF-F990-4759-BF53-C7ADCE3EE4F7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B328DBD0-27B4-487E-B58F-B1459D9192AF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B333B74A-E7E2-4EA6-9A6C-62E579068687}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B3D90715-8B80-454D-A55D-139234C2FFB0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B43A22CC-F0E4-4687-A2F3-6E5EB852E960}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B49F5EB0-E169-4328-8AFE-5303D1F99ED8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B4F874F3-AA55-4E2A-A463-DD12BB584A1E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B50F70EE-3C9C-43F2-BBBA-AB2A64631C4F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B5C224D5-2181-4AC2-A9ED-44C4609C426D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B5D79DA9-6ADC-43F3-ABC4-62A5544372DB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B5EF3E5D-F08D-479E-A9A4-5EEB233EA177}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B6DA12E3-819E-4258-9895-ECFA2CFF5500}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B6DA45F2-0FBA-4BB7-9533-B5767944A2C7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B73363BB-8E93-4E21-B8A2-0D0B9A754967}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B75FB4EB-293F-4C2E-A7B5-251F0F0A1A73}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B79713DF-A07C-4A51-AEDD-4BD7CD46A678}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{B8300DEE-80B0-48BC-995E-3E9B019920BE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BB32F2DD-1D31-400D-BFFE-988C5B320702}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BB71A77B-F1B2-4619-8458-BB365064AF98}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BC640468-1EF8-4B98-BD24-43A0452A1C5F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BCB28EA0-1D9F-4A7C-9F6E-77EB82D37917}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BD550366-5FD5-4C70-A1C5-E003A21D879B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BDA74804-D0C0-447B-92D2-FDCAEEB09422}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BDEC7160-E767-4034-92CA-370B6C2CD8E5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BEFDFD48-8163-4C37-97DB-8B760CF0E49E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{BEFEF6FC-7209-438E-BC55-22944546681B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C00C5D5E-19E4-444B-AA60-BC6C2D9F3198}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C0139997-592B-4F79-A5F0-AD57415694B2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C09042A3-4E55-4500-B1F9-25B5D998FBA9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C0C2FB4B-CB06-4F39-9793-1B42C35E4BBD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C12079DC-177F-45F3-850D-8F72525C8AA4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C16626AF-DB27-48AB-8A05-2D483D3BA62E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C198690C-856F-48FD-B8AA-185329792BA3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C232F7DA-7580-41BD-86A0-EAE49C6DA173}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C32C190E-1B26-4198-8437-10CC74D43017}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C3C705D9-9A03-46C2-936C-58BC0B5D42E9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C3DF0764-BBF9-4789-8938-ED27C2D58377}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C3F6A0B8-CEE6-441A-B216-F0D7913C3AC7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C4EDC50A-A1BE-4906-AEBD-4C5D64BDDF28}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C54E7B9B-18EA-44F9-AD88-D8973BB35D03}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C5EA7382-764C-4B10-9EC9-31FF87CD4552}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C60D977F-D3FC-4163-8553-9E7A04B7BC02}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C6404E5B-33B4-4AD1-A78E-44C87E306D08}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C6A3CA7D-3727-4560-A306-EEF926974579}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C6ACBCB5-2363-4CE9-AFFE-5C17D64EF980}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C87DE2CC-ABBB-4882-B1DD-5F2639AB1BE5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C887E6C9-F1FF-4831-9BD1-316A11EABDED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C8FA5103-4C45-4AF2-9D15-AF0DEE876250}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{C9AA0B04-0363-47E8-A2D0-BCB3C3E1798E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CA2BA984-F4AC-459A-90F3-6823E86401C4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CA31779C-C5E9-4C2F-9D86-1526FD69C1DF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CA855B0B-8D68-4F48-B235-CDBCA6850B98}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CB4CA646-DA84-4B69-AE30-286E1A4401AB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CB4FCA01-F86F-432B-85A6-ED2D1996E558}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CCA16974-41CB-47BB-BF7D-AF8E6A35B7B7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CD6097E2-D46C-4FAF-9C81-E44DC862EDE3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CD6B6354-0A43-48C9-BC45-5E423E12697F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CDA780A1-1EDA-4E16-8F3F-B151D935AC1E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CE2D9C72-1188-4365-944A-8C23E58D2F46}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CE4E3D29-061D-4B96-A9C8-ACDFFB7FE764}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CE84888E-A244-48D0-A35E-BC83E081B625}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CEA82792-81DB-4A45-89B5-C3BDBFCF0503}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CF39E726-FFCF-450B-8FF7-9B9A20576406}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{CF9AD1B6-06A8-4CE4-BD46-AAC240E41D5A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D1953C6B-BF20-4D40-B817-C4C6548D9E62}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D1DB7769-0067-4200-8897-83DFA62AB6F2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D1F73584-6E07-4E64-BD5D-05EA75FFB4BE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D2419666-AD1D-4D70-84BB-9A5C61E4DB10}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D34038B3-44B7-44CB-A9FF-BD8BB789BD48}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D410CFCD-F8BD-4EDF-8E5F-D89328E6F7EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D42CC1F2-180C-4903-AB98-985CC9996D05}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D4668099-ACD2-42E8-B341-2A136A7724B3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D536EC74-A989-416E-867C-3F4F661FDF2E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D6220DF1-E36A-4575-A8D9-0CE6356DB48D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D7475426-7034-45FC-901B-B4E085C4D1D5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D87B68F0-52DD-4D53-8E60-A89EA1343F93}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D88D6970-A3B9-4535-9668-AA9CA9372B30}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D91A5FE4-8598-48B1-AA8A-CDB9DA8DF2CD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D9741CA0-4FDF-42FF-9848-A8CFA6EBD8F9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{D98AD0D1-8C82-4E98-8450-CB8BB3E54BED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DA18BC4A-4D1D-434D-ACAB-1386E09483F3}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DA1F01CB-CEA1-4E42-B047-662D6CF96184}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DA9B41EE-DDF5-4571-8119-96EC03B45B43}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DAD3BEF0-CA5C-4311-B12C-CD5543AB5072}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DADCEA36-7AE3-4FF3-8189-8E28582C4B3F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DBAE9354-D8D6-4135-946E-4F9B3F1CAB95}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DBB75385-073D-4A85-B299-7D3304D940DE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DBC51F7E-9C98-408F-8C6C-9FDC2EF8E7D1}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC2FFF10-1DC7-4D64-9B8F-C77CE6F2820E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC41A9BC-D041-4F16-822B-30EB16495A50}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC4F4751-ECCE-44EF-B335-9147DB94CFD2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC61EB50-845B-49BE-812E-A2EBF69E231D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DC84E5A0-878A-43A6-A697-6E96DE26D4DB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DD082B0C-23DF-436C-96AB-21C474B2E71F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DD1C4F72-4C9C-4C2F-B0CE-22641E6B4174}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DD2A3B19-0962-470F-9073-C6DFE919FDC4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DDAE47E2-30CE-4282-BB9A-2FCD6BFAA648}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DE0BA04C-508D-4D74-A988-B73954C5A207}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DE119A93-B6D3-4983-B04E-D497F85062DD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DE50DB5C-E41C-450E-AFA2-6C76B01FADB9}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DEA27C21-CC49-48A2-BDCF-0955DA4B8A4E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DEFE8769-F5E8-4835-93C9-DB0D8CC381BA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF034A46-2E17-4CCE-A571-4E0C9142F59C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF11EC33-348F-4743-8688-B3AD58FF0779}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF417B34-EF0E-4CDA-9EBE-88906E325255}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF60BAFD-DD0A-4A0C-B833-4CB2B25645A6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{DF6B3E8F-7531-417F-9223-CA63E79ACC1D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E03BD24C-7E0D-464B-9AD6-F3081E0E9022}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E0ADC804-095A-4F10-9D7F-8C161784CE8C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E0C41565-6F92-4E2B-AD07-ACF0C895F4E4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E1B12CD0-430B-44B1-B8E5-77899D3B44EE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E1C253C8-6C6F-412F-ADA4-47C468F9F703}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E235CFE7-AE57-4D28-9C06-1096CB8D9B46}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E2BBAA3C-9C60-445B-9315-115274D0F54C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E44B8035-9499-4298-8EEF-F9D10FDAD3D6}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E49F9A7C-B231-4824-ACE1-8610262236FF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E513F3BA-7879-48DD-8DF3-1AD71B0826B8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E5592871-6F7E-473B-95CF-9E2EADD56EF8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E57BAFE7-BA2F-4BED-BA1C-E47C6B501544}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E5B78AF9-EB1A-4DEE-ADFA-8605ACB84706}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E5F741E2-0C1C-46B2-8857-C13A18DE6751}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E6638870-24E9-4DA4-B0E4-4B054C69DE0D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E67975BD-8A97-440C-80B5-5C163286EA5D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E68F0202-47FF-4723-AC52-096F526D2651}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E6F1EAD8-1519-4023-82C2-D1DC3FB635DD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E7074575-FA38-47F9-93F3-CF2224B41A39}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E7D2C527-3A3F-42B3-A696-488151CD5D70}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E8B3B02F-2B77-4838-9D34-9BCE08CDFD3B}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E914C31A-5C4B-459E-94BA-AD63FE4161ED}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{E9876F42-2CBD-4FDD-97DB-9557507359C2}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EA92D624-2CF0-4D9C-A2D4-912207339E05}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EB1C1422-9CE6-4415-A2D0-54FD977126BF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EB4FB6A2-E6BF-4627-9D79-D2B7F3FC6095}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EB5D6FA7-D964-49B7-AE12-16260F6B8086}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED1E285F-D23C-464B-8917-05F3ED55556D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED2F7CB7-7A0E-46D7-9335-97C0C35342E4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED4C46E2-5728-4068-9A57-1B3356E6D0C4}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{ED9024EA-1DED-418C-9359-57FDCC59EEF8}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EE7A6257-D915-4A3D-9390-24C30183CC33}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EE93C074-5AF5-4136-8DD7-4494B2A42F5A}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EEECEE70-B731-4B73-94F7-5A1382DB4D66}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EF57566D-8C69-46A9-893C-94A931E5A973}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EF6DE2F1-322A-4395-8D4F-4A693D438EF5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EF86A87B-66A2-4151-8A1F-C94A4583593D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EFAB69CC-4283-41CE-A57C-3ED04683BD5F}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{EFABFF8E-C99B-4B00-B0D4-541B51AEF297}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F06174D4-6BA2-480D-A40A-84B90B576553}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F17D77BD-34B7-4DBC-A34F-2901377233D0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F1832660-C6FB-4D06-8E14-193E0912BC41}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F1E5F90A-9E83-44FB-AD58-62DA7C45B155}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F2918DDC-F8FF-49BC-898C-2DF5233902AB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F2B80724-21E8-4CB4-8627-5591DE636327}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F34B6608-01E2-43E5-B0D1-790E225F82E5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F382CDCF-54E3-4473-92F0-1428B50FA34E}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F3DD9334-D49D-47C4-825B-8277C84A96E0}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F5116F38-5D55-4162-BAD6-897D3DBDD7DE}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F5A69386-A938-4DD6-A0A5-186F1024300C}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F5AE716D-E518-40BC-B0FF-8084C49818CF}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F7061617-4F8C-4BBB-9BDC-CF245150F446}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F7321E7F-08BE-49FB-830E-5572AB910B70}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F74E4A8E-0380-4363-A904-B9447E38DD47}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F760570B-7324-405B-92FA-885E86065E65}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F91CBE00-854F-4455-8DA5-B8FF3103A3F7}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F93ABCD2-4DE4-46EC-ACB0-8C742E3BA580}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F95AEB71-B6E1-4B8A-BE4F-41DC89E65FA5}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{F97B39DD-0E40-4948-B007-56AF943048FA}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FA7224CF-F9AF-4CC8-A71F-71D9AAFCB063}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FAA927A7-FC76-4E96-BD00-A37270F2365D}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FC800634-1505-42A9-B107-72B67CCC83DD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FD6F95D6-61DF-4FC3-922D-F86265882856}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FDDC2C18-35D9-45E8-820A-485B686EFA32}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FF36F5DF-668D-42BA-AAC6-2BBC168D6CFD}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FFCA8AA6-DCF5-45C6-907F-278F89EA78AB}
Successfully deleted: [Empty Folder] C:\Users\tatiana\appdata\local\{FFD2B7D7-2523-4E4F-91A5-D09B7B7978EC}



~~~ FireFox

Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\web search.xml"
Emptied folder: C:\Users\tatiana\AppData\Roaming\mozilla\firefox\profiles\jknh4or1.default\minidumps [74 files]



~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16/05/2013 at 20:25:53,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Versão da Base de Dados:  v2013.05.16.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
tatiana :: TATIANA-STI [administrador]

Proteção: Permitir

16/05/2013 20:39:36
mbam-log-2013-05-16 (20-39-36).txt

Tipo de Verificação:  Verificação Rápida
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  217416
Tempo decorrido: 5 minuto(s), 25 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 1
C:\Users\tatiana\Downloads\PDFReaderSetup.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

(fim)
 



#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Faça o download do OTL by OldTimer, e salve na sua área de trabalho:
http://oldtimer.geekstogo.com/OTL.exe

** Usuários do Windows Vista e Windows 7/8:
Clique com o direito sobre o arquivo OTL.exe, depois clique em execadmin.png
.

Onde diz Saída, marque Padrão
Marque também estas opções:

  • Data de Criação -> mude para 90 dias
  • Verificar All Users
  • Usar WhiteList para Nomes de Companhias.

  • Ignorar Arquivos Microsoft
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

CREATERESTOREPOINT
netsvcs
%SYSTEMDRIVE%\*.*
%systemdrive%\drivers\*.* /s
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.com
%systemroot%\*.scr
%PROGRAMFILES%\*.*
%LOCALAPPDATA%\*.exe
%LOCALAPPDATA%\*.txt
%LOCALAPPDATA%\*.ini
%LOCALAPPDATA%\*.dll
%LOCALAPPDATA%\*.dat
%USERPROFILE%\*.exe
%USERPROFILE%\*.txt
%USERPROFILE%\*.ini
%USERPROFILE%\*.dll
%USERPROFILE%\*.dat /30
%appdata%\*.*
%windir%\tasks\*.* /s
%systemroot%\system32\tasks\*.*
%PROGRAMFILES%\Internet Explorer\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP
HKCU\Software\Microsoft\Internet Explorer\Downloads
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
/md5start

services.*
/md5stop

 

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão verif.png

O OTL começará a examinar seu computador. Não interrompa o processo e nem use outras janelas até que ele termine.

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt
Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do OTL.txt e cole na sua resposta.
Anexe o arquivo Extras.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.



#5
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

segue os resultados:

otl.txt

OTL logfile created on: 16/05/2013 22:06:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tatiana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,86 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 63,63% Memory free
5,73 Gb Paging File | 4,68 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,97 Gb Total Space | 143,94 Gb Free Space | 49,30% Space Free | Partition Type: NTFS
Drive Z: | 5,93 Gb Total Space | 5,87 Gb Free Space | 99,04% Space Free | Partition Type: NTFS
 
Computer Name: TATIANA-STI | User Name: tatiana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/16 22:00:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
PRC - [2013/05/06 17:55:50 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Arquivos de Programas\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/04/23 13:48:16 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Arquivos de Programas\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/04/23 13:48:12 | 001,561,968 | ---- | M] (Samsung) -- C:\Arquivos de Programas\Samsung\Kies\Kies.exe
PRC - [2013/04/23 04:48:17 | 010,244,448 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/23 04:40:59 | 000,193,888 | ---- | M] (TeamViewer GmbH) -- C:\Arquivos de Programas\TeamViewer\Version8\tv_w32.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Microsoft Security Client\msseces.exe
PRC - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/11/27 21:08:28 | 000,739,936 | ---- | M] (Sony Corporation) -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/11/22 23:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/03/28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe
PRC - [2010/01/21 17:14:50 | 000,537,504 | ---- | M] (OEM) -- C:\Arquivos de Programas\OEM\LIVE! OSD 1.27\osd.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Arquivos de Programas\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/16 17:31:01 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1f0bb5336d1706c9b8ad2330f3642760\PresentationFramework.ni.dll
MOD - [2013/05/16 17:30:23 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9b2940478ec555990b37af5448b8f509\PresentationCore.ni.dll
MOD - [2013/05/16 17:30:16 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ddc3e8c2774eaec614d6775983652980\System.Configuration.ni.dll
MOD - [2013/05/16 17:30:07 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\93a17ba6cb6753328f25466bc0bf1cb1\System.Core.ni.dll
MOD - [2013/05/16 17:29:57 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a1949f57d2ec260e09768e98fecb0559\WindowsBase.ni.dll
MOD - [2013/05/13 19:59:40 | 017,554,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\71b6200b469ae31187226c5634b6d6bb\Kies.Theme.ni.dll
MOD - [2013/05/13 19:59:01 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\52207264bac5068c2de665b3f41e8964\ASF_cSharpAPI.ni.dll
MOD - [2013/05/13 19:57:34 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\f93e893f927f890bffe924ec7e8c1323\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/05/13 19:56:57 | 001,644,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\c5572a7e44449de16eb4e7db6b7b5b82\Kies.Locale.ni.dll
MOD - [2013/05/13 19:56:53 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\2cbf81c1b1b5e7bd6a4758bd057e2d4c\Kies.MVVM.ni.dll
MOD - [2013/05/13 19:55:53 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7d8f6866864f78cf83d3701641c46178\System.ServiceProcess.ni.dll
MOD - [2013/05/13 19:54:59 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dbe82a95ee3feebc5999138fdf36d3c9\System.Runtime.Remoting.ni.dll
MOD - [2013/05/13 19:54:41 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013/05/13 19:36:16 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013/05/13 19:35:38 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013/05/13 19:35:22 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/01/08 11:04:14 | 000,100,352 | ---- | M] () -- C:\Arquivos de Programas\OEM\LIVE! OSD 1.27\LiveIO.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/05/16 19:04:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 19:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/23 04:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Arquivos de Programas\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Arquivos de Programas\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Arquivos de Programas\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/01 11:12:03 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de Programas\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/03/08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011/03/28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/11/20 18:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/07/13 22:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 15:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/05/16 21:28:25 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0769FD2B-F79E-4488-8DF2-9818DBF53F98}\MpKsl03af7695.sys -- (MpKsl03af7695)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/29 17:59:38 | 000,024,184 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2012/09/17 19:58:32 | 000,064,048 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360SpOEM.sys -- (360SpOEM)
DRV - [2012/09/17 19:58:32 | 000,061,488 | R--- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\360HookOem.sys -- (360HookOem)
DRV - [2012/09/17 19:58:32 | 000,029,744 | R--- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360RegOem.sys -- (360RegOem)
DRV - [2012/09/17 19:58:30 | 000,152,880 | R--- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360FileOem.sys -- (360FileOem)
DRV - [2012/08/23 11:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 11:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 11:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/08/26 11:13:24 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2010/07/01 11:09:35 | 000,209,920 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010/04/01 10:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/01/21 11:59:32 | 000,005,120 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveGpdKBFilter.sys -- (LiveGpdKBFilter)
DRV - [2010/01/21 11:58:50 | 000,010,752 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveIO.sys -- (LiveIO)
DRV - [2010/01/21 11:57:16 | 000,005,120 | ---- | M] (Systems Internals) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Livemouclass.sys -- (Livemouclass)
DRV - [2010/01/21 11:56:34 | 000,005,120 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Livekbc.sys -- (Livekbc)
DRV - [2010/01/14 08:04:04 | 000,106,496 | ---- | M] (ZD Secret Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZDDriver.sys -- (hwdatacard)
DRV - [2009/07/13 20:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/03/30 09:38:20 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/03/30 09:38:18 | 000,105,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/03/30 09:38:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/09/20 00:41:50 | 000,037,560 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CamSuiteVAC.sys -- (CamSuiteVAC)
DRV - [1996/04/03 16:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5F209F84-D600-42F8-B6EC-9AD178F9DD73}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.semptoshiba.com.br [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.semptoshiba.com.br [binary data]
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-85846730-1419635560-680840718-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "http://www.linhadefe...muda-home-page/"
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\tatiana\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\mfgt@live.com: C:\Program Files\\Firebirdc\mfgt@live.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/16 16:08:44 | 000,000,000 | ---D | M]
 
[2012/10/13 22:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tatiana\AppData\Roaming\mozilla\Extensions
[2013/05/16 09:18:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tatiana\AppData\Roaming\mozilla\Firefox\Profiles\jknh4or1.default\Extensions
[2013/02/16 10:29:00 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\tatiana\AppData\Roaming\mozilla\firefox\profiles\jknh4or1.default\Extensions\newtabgoogle@graememcc.co.uk.xpi
[2013/05/16 18:13:13 | 000,000,000 | ---D | M] (No name found) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions
[2013/05/16 18:13:13 | 000,000,000 | ---D | M] (Default) -- C:\Arquivos de Programas\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://pt-br.facebook.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\tatiana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/12/06 11:53:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Arquivos de Programas\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Arquivos de Programas\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [] C:\Arquivos de Programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [Facebook Update] C:\Users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-85846730-1419635560-680840718-1000..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Enviar para o OneNote - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xportar para o Microsoft Excel - C:\Arquivos de Programas\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Arquivos de Programas\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Arquivos de Programas\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Arquivos de Programas\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Arquivos de Programas\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Arquivos de Programas\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de Programas\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 18:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
========== Files/Folders - Created Within 90 Days ==========
 
[2013/05/16 21:59:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
[2013/05/16 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Malwarebytes
[2013/05/16 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/16 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/16 20:33:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/16 20:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/16 20:04:17 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\tatiana\Desktop\JRT.exe
[2013/05/16 19:32:20 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\tatiana\Desktop\FSS.exe
[2013/05/16 19:31:56 | 000,147,456 | ---- | C] (Eric_71) -- C:\Users\tatiana\Desktop\MbrScan.exe
[2013/05/16 19:30:38 | 000,218,112 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Users\tatiana\Desktop\HijackThis.exe
[2013/05/16 18:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/16 18:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/05/14 22:02:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/05/13 19:55:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/05/13 19:55:17 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Samsung
[2013/05/13 19:55:14 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Samsung
[2013/05/13 19:55:07 | 000,000,000 | ---D | C] -- C:\Users\tatiana\Documents\samsung
[2013/05/13 19:53:13 | 000,181,912 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/05/13 19:53:13 | 000,083,864 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/05/13 19:47:18 | 000,000,000 | ---D | C] -- C:\Program Files\MyFree Codec
[2013/05/13 19:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013/05/13 19:43:18 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013/05/13 19:42:58 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013/05/13 19:39:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/05/13 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2013/05/13 19:28:38 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Downloaded Installations
[2013/05/10 15:05:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/02 09:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/23 13:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/04/23 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013/04/23 13:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013/04/23 12:39:42 | 000,000,000 | ---D | C] -- C:\Users\tatiana\Documents\Sony PMB
[2013/04/23 12:34:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2013/04/23 12:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2013/04/23 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Sony Corporation
[2013/04/23 12:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2013/04/23 12:00:03 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\InstallShield
[2013/04/22 20:23:43 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/04/18 19:07:00 | 000,330,240 | ---- | C] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2013/04/18 19:07:00 | 000,090,112 | ---- | C] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2013/04/18 19:06:46 | 000,569,344 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2013/04/18 19:06:46 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2013/04/18 19:06:46 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2013/04/18 19:06:46 | 000,258,048 | ---- | C] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2013/04/18 19:06:46 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2013/04/18 19:06:46 | 000,200,704 | ---- | C] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2013/04/18 19:06:46 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2013/04/18 19:06:46 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2013/04/18 19:06:46 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2013/04/18 19:06:46 | 000,131,072 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2013/04/18 19:06:46 | 000,122,880 | ---- | C] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2013/04/18 19:06:46 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2013/04/18 19:06:46 | 000,110,592 | ---- | C] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2013/04/18 19:06:46 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2013/04/18 19:06:46 | 000,045,320 | ---- | C] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2013/04/18 19:06:46 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2013/04/18 19:06:46 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2013/04/14 19:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/04/08 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\PSafe
[2013/04/08 13:35:42 | 000,322,560 | R--- | C] (PSafe Tecnologia S.A.) -- C:\Windows\System32\PsClikS.dll
[2013/04/08 13:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe
[2013/04/04 09:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/31 10:46:24 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Leadertech
[2013/03/05 10:21:14 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/05 10:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/05 09:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013/03/05 09:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/05 09:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/03/05 09:06:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/03/05 09:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013/03/05 09:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2013/03/05 09:03:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/03/05 09:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/05 09:02:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/03/05 06:51:38 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Microsoft Help
[2013/03/05 06:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/03/03 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Local\Facebook
[2013/02/24 23:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/02/24 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
 
========== Files - Modified Within 90 Days ==========
 
[2013/05/16 22:01:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 22:00:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tatiana\Desktop\OTL.exe
[2013/05/16 21:57:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 20:59:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/05/16 20:59:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/05/16 20:55:59 | 000,025,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 20:55:59 | 000,025,520 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/16 20:48:45 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 20:48:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/16 20:48:31 | 2306,256,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/16 20:04:27 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\tatiana\Desktop\JRT.exe
[2013/05/16 20:04:11 | 000,632,031 | ---- | M] () -- C:\Users\tatiana\Desktop\adwcleaner.exe
[2013/05/16 19:41:00 | 000,000,512 | ---- | M] () -- C:\Users\tatiana\Desktop\Dump_Hdd0_DR0.mbr
[2013/05/16 19:32:31 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\tatiana\Desktop\FSS.exe
[2013/05/16 19:31:58 | 000,147,456 | ---- | M] (Eric_71) -- C:\Users\tatiana\Desktop\MbrScan.exe
[2013/05/16 19:30:39 | 000,218,112 | ---- | M] (Soeperman Enterprises Ltd.) -- C:\Users\tatiana\Desktop\HijackThis.exe
[2013/05/16 17:39:45 | 000,440,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/16 17:28:04 | 000,664,038 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2013/05/16 17:28:04 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/16 17:28:04 | 000,128,328 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2013/05/16 17:28:04 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/10 22:22:55 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 13:12:29 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013/04/18 19:08:14 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\Windows\System32\Redemption.dll
[2013/04/18 19:07:00 | 000,330,240 | ---- | M] ((주)마크애니) -- C:\Windows\MASetupCaller.dll
[2013/04/18 19:07:00 | 000,090,112 | ---- | M] ((주)마크애니) -- C:\Windows\MAMCityDownload.ocx
[2013/04/18 19:07:00 | 000,030,568 | ---- | M] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | M] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 19:06:46 | 000,569,344 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzdecode.ax
[2013/04/18 19:06:46 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.dll
[2013/04/18 19:06:46 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\System32\MSLUR71.dll
[2013/04/18 19:06:46 | 000,258,048 | ---- | M] (© PeeringPortal) -- C:\Windows\System32\muzoggsp.ax
[2013/04/18 19:06:46 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSCLib.dll
[2013/04/18 19:06:46 | 000,200,704 | ---- | M] ( © MusicCity) -- C:\Windows\System32\muzwmts.dll
[2013/04/18 19:06:46 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzapp.exe
[2013/04/18 19:06:46 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\System32\MSFLib.dll
[2013/04/18 19:06:46 | 000,143,360 | ---- | M] () -- C:\Windows\System32\3DAudio.ax
[2013/04/18 19:06:46 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\System32\muzaf1.dll
[2013/04/18 19:06:46 | 000,131,072 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmpgsp.ax
[2013/04/18 19:06:46 | 000,122,880 | ---- | M] (© MUSICCITY) -- C:\Windows\System32\muzeffect.ax
[2013/04/18 19:06:46 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MaDRM.dll
[2013/04/18 19:06:46 | 000,110,592 | ---- | M] (© MusicCity) -- C:\Windows\System32\muzmp4sp.ax
[2013/04/18 19:06:46 | 000,081,920 | ---- | M] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\System32\MK_Lyric.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\System32\MTXSYNCICON.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | M] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/04/18 19:06:46 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaJGUILib.dll
[2013/04/18 19:06:46 | 000,045,320 | ---- | M] (MARKANY) -- C:\Windows\System32\MAMACExtract.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MaXMLProto.dll
[2013/04/18 19:06:46 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\System32\MACXMLProto.dll
[2013/04/18 19:06:46 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\System32\MTTELECHIP.dll
[2013/04/18 19:06:46 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\System32\MASetupCleaner.exe
[2013/04/18 19:06:08 | 000,821,824 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgderapi.dll
[2013/04/16 13:40:11 | 000,005,632 | ---- | M] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/08 13:36:39 | 000,003,768 | ---- | M] () -- C:\Windows\System32\PsClikSeguro.ini
[2013/04/08 13:36:39 | 000,002,136 | ---- | M] () -- C:\Windows\System32\PsClikSeguroOff.ini
[2013/04/08 13:20:47 | 000,000,047 | ---- | M] () -- C:\Archive.ini
[2013/04/05 17:34:18 | 000,322,560 | R--- | M] (PSafe Tecnologia S.A.) -- C:\Windows\System32\PsClikS.dll
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudmdm.sys
[2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\System32\drivers\ssudbus.sys
[2013/03/19 06:41:40 | 000,016,896 | ---- | M] () -- C:\Windows\Launcher.exe
[2013/03/05 09:16:57 | 000,000,135 | ---- | M] () -- C:\Windows\AutoKMS.ini
[2013/02/24 17:05:27 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
 
========== Files Created - No Company Name ==========
 
[2013/05/16 20:03:58 | 000,632,031 | ---- | C] () -- C:\Users\tatiana\Desktop\adwcleaner.exe
[2013/05/16 19:39:01 | 000,000,512 | ---- | C] () -- C:\Users\tatiana\Desktop\Dump_Hdd0_DR0.mbr
[2013/05/16 19:04:28 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 18:13:29 | 000,001,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/10 22:22:55 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/04/23 13:11:51 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013/04/23 12:34:58 | 000,001,922 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 19:06:46 | 000,143,360 | ---- | C] () -- C:\Windows\System32\3DAudio.ax
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/04/08 13:36:39 | 000,003,768 | ---- | C] () -- C:\Windows\System32\PsClikSeguro.ini
[2013/04/08 13:36:39 | 000,002,136 | ---- | C] () -- C:\Windows\System32\PsClikSeguroOff.ini
[2013/04/08 13:32:39 | 000,016,896 | ---- | C] () -- C:\Windows\Launcher.exe
[2013/04/08 13:20:47 | 000,000,047 | ---- | C] () -- C:\Archive.ini
[2013/03/05 09:16:57 | 000,000,135 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/03/03 18:14:26 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/03/03 18:14:25 | 000,000,914 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/02/04 08:55:25 | 000,005,632 | ---- | C] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/30 21:24:45 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2012/06/07 18:41:49 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/07 18:41:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/06/07 18:41:47 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2012/06/07 18:41:47 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012/06/07 18:41:47 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012/06/07 18:41:46 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/01/10 22:17:08 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/01/10 22:17:04 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/01/10 22:17:02 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2012/01/10 21:14:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/10 21:12:12 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/06/29 20:01:26 | 000,000,182 | ---- | C] () -- C:\Users\tatiana\AppData\Roaming\default.rss
 
========== ZeroAccess Check ==========
 
[2009/07/14 01:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 18:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 22:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/10/30 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Broad Intelligence
[2012/12/01 10:58:07 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\BSplayer
[2011/07/10 11:48:22 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\BSplayer Pro
[2012/12/30 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Cycling '74
[2013/04/21 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\GetRightToGo
[2011/06/28 13:52:48 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\GuiaMultimidia
[2013/03/31 10:46:24 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Leadertech
[2012/10/30 09:36:36 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\mkvtoolnix
[2012/10/11 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Positivo
[2013/04/08 13:36:30 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\PSafe
[2013/01/13 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\RapidTyping
[2013/05/13 19:55:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Samsung
[2013/03/05 08:23:56 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\SoftGrid Client
[2012/10/09 05:45:31 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\SumatraPDF
[2013/03/27 18:33:19 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TeamViewer
[2013/03/05 07:12:58 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TP
[2012/12/01 09:53:13 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\TuneUp Software
[2013/05/16 17:14:44 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\uTorrent
[2012/10/24 09:37:23 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\VitySoft
[2012/06/16 21:52:14 | 000,000,000 | ---D | M] -- C:\Users\tatiana\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2013/05/16 20:14:50 | 000,011,896 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2013/05/16 20:17:37 | 000,012,195 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/04/08 13:20:47 | 000,000,047 | ---- | M] () -- C:\Archive.ini
[2009/06/10 18:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 18:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/05/16 20:48:31 | 2306,256,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 12:33:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2013/02/13 12:33:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/05/16 20:48:31 | 3075,010,560 | -HS- | M] () -- C:\pagefile.sys
 
< %systemdrive%\drivers\*.* /s >
 
< %systemdrive%\drivers\*.exe >
 
< %systemroot%\system32\drivers\*.* /90 >
[2013/04/10 02:18:40 | 000,728,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgkrnl.sys
[2013/04/10 02:18:40 | 000,218,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\dxgmms1.sys
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys
[2013/04/12 10:45:29 | 001,211,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ntfs.sys
[2013/04/03 04:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\system32\drivers\ssudbus.sys
[2013/04/03 04:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\system32\drivers\ssudmdm.sys
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 18:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.com >
[2009/07/14 01:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %PROGRAMFILES%\*.* >
[2009/07/14 01:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2012/12/30 21:24:45 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier
 
< %LOCALAPPDATA%\*.exe >
 
< %LOCALAPPDATA%\*.txt >
 
< %LOCALAPPDATA%\*.ini >
[2013/04/16 13:40:11 | 000,005,632 | ---- | M] () -- C:\Users\tatiana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
< %LOCALAPPDATA%\*.dll >
 
< %LOCALAPPDATA%\*.dat >
[2013/03/05 09:09:44 | 000,124,640 | ---- | M] () -- C:\Users\tatiana\AppData\Local\GDIPFONTCACHEV1.DAT
 
< %USERPROFILE%\*.exe >
 
< %USERPROFILE%\*.txt >
 
< %USERPROFILE%\*.ini >
[2011/06/28 13:52:18 | 000,000,020 | -HS- | M] () -- C:\Users\tatiana\ntuser.ini
 
< %USERPROFILE%\*.dll >
 
< %USERPROFILE%\*.dat /30 >
[2013/05/16 22:08:25 | 007,602,176 | -HS- | M] () -- C:\Users\tatiana\ntuser.dat
 
< %appdata%\*.* >
[2012/12/05 18:15:35 | 000,000,182 | ---- | M] () -- C:\Users\tatiana\AppData\Roaming\default.rss
[2012/12/04 11:30:20 | 000,000,091 | ---- | M] () -- C:\Users\tatiana\AppData\Roaming\Safer-Networking.log
 
< %windir%\tasks\*.* /s >
[2013/05/16 21:57:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/16 20:59:01 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
[2013/05/16 20:59:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
[2013/05/16 20:48:45 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/16 22:01:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 20:48:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2013/04/25 16:46:18 | 000,032,608 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
 
< %systemroot%\system32\tasks\*.* >
[2013/05/16 19:04:29 | 000,003,840 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2012/10/11 20:07:27 | 000,002,776 | ---- | M] () -- C:\Windows\system32\tasks\CCleanerSkipUAC
[2013/04/21 10:33:15 | 000,003,524 | ---- | M] () -- C:\Windows\system32\tasks\DealPly
[2013/05/03 20:54:11 | 000,003,548 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core
[2013/05/03 20:54:12 | 000,003,916 | ---- | M] () -- C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA
[2012/12/01 00:05:41 | 000,002,600 | ---- | M] () -- C:\Windows\system32\tasks\FTZSQ
[2013/04/21 10:32:20 | 000,003,526 | ---- | M] () -- C:\Windows\system32\tasks\Funmoods
[2013/05/06 17:56:02 | 000,003,802 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2013/05/06 17:56:03 | 000,004,054 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/12/12 15:16:42 | 000,003,018 | ---- | M] () -- C:\Windows\system32\tasks\PandaUSBVaccine
[2012/10/11 20:13:36 | 000,003,230 | ---- | M] () -- C:\Windows\system32\tasks\SidebarExecute
[2012/12/02 13:40:38 | 000,003,182 | ---- | M] () -- C:\Windows\system32\tasks\{05A53DBC-AA90-4385-986B-C213695A55AC}
[2011/09/24 17:57:31 | 000,003,176 | ---- | M] () -- C:\Windows\system32\tasks\{9095EE59-2B19-4C86-BAD5-321008251B10}
[2012/05/30 17:14:10 | 000,003,042 | ---- | M] () -- C:\Windows\system32\tasks\{B97297D4-1F30-4EB6-9896-D86F7FAFA037}
[2012/12/02 13:13:12 | 000,003,146 | ---- | M] () -- C:\Windows\system32\tasks\{ED11CE22-DFFA-484E-89A7-07D339CAC3FE}
 
< %PROGRAMFILES%\Internet Explorer\*.* >
[2013/05/10 22:22:55 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ExtExport.exe
[2013/05/10 22:22:57 | 000,002,843 | ---- | M] () -- C:\Program Files\Internet Explorer\ie9props.propdesc
[2013/05/10 22:22:55 | 000,327,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iediagcmd.exe
[2013/05/10 22:22:56 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedvtool.dll
[2013/05/10 22:22:55 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieinstal.exe
[2013/05/10 22:22:55 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ielowutil.exe
[2013/04/05 02:26:21 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2013/04/05 02:26:21 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEShims.dll
[2010/11/20 18:29:06 | 000,005,436 | ---- | M] () -- C:\Program Files\Internet Explorer\iessetup.ceb
[2009/07/13 22:15:28 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iessetup.dll
[2013/04/05 03:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/05/10 22:22:55 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdbgui.dll
[2013/05/10 22:22:56 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsdebuggeride.dll
[2013/05/10 22:22:56 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\JSProfilerCore.dll
[2013/05/10 22:22:55 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\jsprofilerui.dll
[2013/05/10 22:22:56 | 000,285,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\msdbg2.dll
[2013/05/10 22:22:54 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\networkinspection.dll
[2013/05/10 22:22:56 | 000,392,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdm.dll
[2013/05/10 22:22:56 | 000,070,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\pdmproxy100.dll
[2013/04/05 02:27:59 | 000,217,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\sqmapi.dll
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections >
"DefaultConnectionSettings" = 46 00 00 00 49 03 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 0C 54 60 1F E5 4D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 34 7C 33 ED 3F 57 FE F3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"SavedLegacySettings" = 46 00 00 00 65 11 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 0C 54 60 1F E5 4D CE 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 C0 A8 01 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 5E F5 79 FD 34 7C 33 ED 3F 57 FE F3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
"Brasil TIM" = 46 00 00 00 22 01 00 00 09 00 00 00 00 00 00 00 07 00 00 00 3C 6C 6F 63 61 6C 3E 00 00 00 00 04 00 00 00 00 00 00 00 4E B5 17 FA 04 96 CD 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 17 00 00 00 00 00 00 00 20 02 B1 96 85 9C 00 00 00 00 00 00 B1 96 85 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 B1 96 85 9C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 9D 38 6A B8 18 29 04 1D 4E 6A 41 7E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  [Binary data over 200 bytes]
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations >
 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments >
 
< HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run /s >
 
< HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMP >
 
< HKCU\Software\Microsoft\Internet Explorer\Downloads >
 
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
< MD5 for: SERVICES  >
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 18:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
 
< MD5 for: SERVICES.DAT  >
[2013/04/22 00:04:55 | 000,001,720 | ---- | M] () MD5=43C1700D78D89F0B1F6FA88FD132BE1A -- C:\JRT\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\erdnt\cache\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 22:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/20 23:32:43 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\pt-BR\services.exe.mui
[2010/11/20 23:32:43 | 000,018,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_6b6fd3bef3fcc0d1\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\Todos os Usuários\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 18:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
 
< MD5 for: SERVICES.MSC  >
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[2010/11/20 23:32:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\System32\pt-BR\services.msc
[2010/11/20 23:32:42 | 000,092,750 | ---- | M] () MD5=D2C49D7047664C51A9183D4A34C9008C -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_a5b1a3aaca665ac4\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 17:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >
 

extras.txt

OTL Extras logfile created on: 16/05/2013 22:06:07 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tatiana\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
 
2,86 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 63,63% Memory free
5,73 Gb Paging File | 4,68 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291,97 Gb Total Space | 143,94 Gb Free Space | 49,30% Space Free | Partition Type: NTFS
Drive Z: | 5,93 Gb Total Space | 5,87 Gb Free Space | 99,04% Space Free | Partition Type: NTFS
 
Computer Name: TATIANA-STI | User Name: tatiana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-85846730-1419635560-680840718-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DEC9B3-D7C9-4929-81AD-DBD1F6A5AE4F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{11C34BEC-FDD4-4390-8250-E4466D477F0C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{18D83EBA-127B-4753-87A7-C519FB82C1A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{266B72E0-C85B-4103-8D9B-4289E1B13F2D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{638F77D0-7A4F-45D2-9DDF-D0902C0F2F78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EDB6895-A389-4D78-B8E0-09854B45EA1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{83967EBC-F409-4F72-99AF-06AF89F08872}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{905C0741-CF4D-4E1F-9DE9-097F0CBF99DA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B33C2974-CEBC-4E8A-A4EE-47F074B85FAB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BE4CF9B6-AC32-4A9F-8E94-91612A3BD502}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EBEFBF63-5EFC-4482-9EBA-0AE703954117}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EE20889B-337F-4E64-93C4-7F58AE27EE98}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EE37D9F4-58CD-4056-9D80-C592BD3D79A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16EB0FD4-4588-4E54-A03F-CE0F28E776DF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{175A03D2-395A-48AF-A63D-1E715C8E1E8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{20376201-1B94-493A-9A28-19BC2C785D77}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{219BCE3A-9875-4FD2-A910-39DC021B1338}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{30620A7C-F714-42F6-A6E8-6AB1E8E3A959}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{45EFF7BD-F677-485A-A571-D28FDB401091}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{49FF40A4-C976-4F84-8800-C3B05CE388CE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4AC74199-4032-4FAD-A2E5-92E802D5B299}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{641ABAD0-B7B8-49B9-AE20-366D4EB49439}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{6616C7AA-4882-4B24-89B9-FF9E50A92F6E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B25C60B5-8699-46AF-A4E3-A3987E44A991}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{C9E53F67-93E5-42A0-B37C-CF7B9ABA5C35}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{E2E1DEC0-4AF3-40D8-80AF-5037C59FCFA0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{F18F11DF-0649-41F9-AAC2-275F6BEFBA1F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{0A8DA189-5C8C-4836-81AD-DBDF7617E410}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{18399671-AAE6-4931-9E5B-587CA2148ED7}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{6A443671-0005-4AF6-83DB-CC7ECBFFA524}C:\program files\guiamultimidia\guiamultimidia.exe" = protocol=6 | dir=in | app=c:\program files\guiamultimidia\guiamultimidia.exe |
"TCP Query User{786E5F3A-3236-468E-BCD9-110B718B1C8D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{BCFF1AF6-4A79-4EE8-A869-430B8F07E9EC}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
"UDP Query User{7ADE5731-DD58-4FCB-B2B4-CA419570E970}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{973E2183-CCA8-4F26-93A7-BBA75F2A14B1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{A0B75004-8658-4540-97C9-69CFD10881E1}C:\program files\guiamultimidia\guiamultimidia.exe" = protocol=17 | dir=in | app=c:\program files\guiamultimidia\guiamultimidia.exe |
"UDP Query User{C80637CA-C423-4646-A6FB-6D26758880C6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FD1FD1AA-B456-4AD5-8A3C-76DD88320543}C:\program files\java\jre7\launch4j-tmp\frd.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\launch4j-tmp\frd.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{20A15757-4AE4-3C82-9711-863C84AFE6AA}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0015-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{A7200E61-DC93-42E0-BB74-EE59021016EA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-002C-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{13291F79-D997-49AD-9F31-5FAEE1F0FCF5}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{2134F8C8-2AD8-44EE-B86B-1B577FBD8D0E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}_Office14.PROPLUSR_{8E0FD78B-F726-43C8-8D53-44A7E495F3D2}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{FA00C010-CCEA-4FC5-93C2-C948C4336AD5}" = Video HD Player
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)
"MKVToolNix" = MKVToolNix 6.1.0
"Mozilla Firefox 21.0 (x86 pt-BR)" = Mozilla Firefox 21.0 (x86 pt-BR)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"SpeedFan" = SpeedFan (remove only)
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16/05/2013 19:50:21 | Computer Name = tatiana-STI | Source = WinMgmt | ID = 10
Description =
 
 
< End of report >
 



#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Olá,

1)

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar

OBS: Certifique-se de copiar começando pela letra e sinal de dois pontos ": O" de OTL.
 

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2013/04/08 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\tatiana\AppData\Roaming\PSafe
[2013/04/08 13:35:42 | 000,322,560 | R--- | C] (PSafe Tecnologia S.A.) -- C:\Windows\System32\PsClikS.dll
[2013/04/08 13:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PSafe
[2013/04/08 13:36:39 | 000,003,768 | ---- | C] () -- C:\Windows\System32\PsClikSeguro.ini
[2013/04/08 13:36:39 | 000,002,136 | ---- | C] () -- C:\Windows\System32\PsClikSeguroOff.ini
[2013/04/21 10:33:15 | 000,003,524 | ---- | M] () -- C:\Windows\system32\tasks\DealPly
[2013/04/21 10:32:20 | 000,003,526 | ---- | M] () -- C:\Windows\system32\tasks\Funmoods
@Alternate Data Stream - 143 bytes -> C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

:Files
ipconfig /flushdns /c

:Commands
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]

Execute o OTL.exe

Clique com o direito em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção colar

Feche TODAS as janelas (exceto o próprio OTL).
Clique no botão BotaoConsertar.png

O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.

Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.

Exemplo: 03142010_145545.log

2)

Poste um novo log do HijackThis.



#7
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

Carlos,segue os resultados requeridos:

  • olt:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Prefs.js: newtabgoogle%40graememcc.co.uk:1.0.2 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
C:\Users\tatiana\AppData\Roaming\PSafe folder moved successfully.
C:\Windows\System32\PsClikS.dll moved successfully.
C:\ProgramData\PSafe\logs folder moved successfully.
C:\ProgramData\PSafe folder moved successfully.
C:\Windows\System32\PsClikSeguro.ini moved successfully.
C:\Windows\System32\PsClikSeguroOff.ini moved successfully.
C:\Windows\System32\Tasks\DealPly moved successfully.
C:\Windows\System32\Tasks\Funmoods moved successfully.
ADS C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\tatiana\Desktop\cmd.bat deleted successfully.
C:\Users\tatiana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: tatiana
->Temp folder emptied: 58133177 bytes
->Temporary Internet Files folder emptied: 219660 bytes
->Java cache emptied: 464279 bytes
->FireFox cache emptied: 242843481 bytes
->Google Chrome cache emptied: 47591207 bytes
->Flash cache emptied: 943 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17655281 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 350,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05182013_145916

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Start Page| /E : value set successfully!
Prefs.js: newtabgoogle%40graememcc.co.uk:1.0.2 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
C:\Users\tatiana\AppData\Roaming\PSafe folder moved successfully.
C:\Windows\System32\PsClikS.dll moved successfully.
C:\ProgramData\PSafe\logs folder moved successfully.
C:\ProgramData\PSafe folder moved successfully.
C:\Windows\System32\PsClikSeguro.ini moved successfully.
C:\Windows\System32\PsClikSeguroOff.ini moved successfully.
C:\Windows\System32\Tasks\DealPly moved successfully.
C:\Windows\System32\Tasks\Funmoods moved successfully.
ADS C:\Users\tatiana\AppData\Roaming\default.rss:OECustomProperty deleted successfully.
ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configura‡Æo de IP do Windows
Libera‡Æo do Cache do DNS Resolver bem-sucedida.
C:\Users\tatiana\Desktop\cmd.bat deleted successfully.
C:\Users\tatiana\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: tatiana
->Temp folder emptied: 58133177 bytes
->Temporary Internet Files folder emptied: 219660 bytes
->Java cache emptied: 464279 bytes
->FireFox cache emptied: 242843481 bytes
->Google Chrome cache emptied: 47591207 bytes
->Flash cache emptied: 943 bytes
 
User: Todos os Usuários
 
User: Usuário Padrão
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17655281 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 350,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05182013_145916

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

  • hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 15:06:36, on 18/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\OEM\LIVE! OSD 1.27\osd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\tatiana\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: Sensor de Proteção STI.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 

 

Depois de todo processo solicitado,o crome não consegue mais abrir(carregar) a página inicial,http://addons-chrome.info/,porém continuo sem conseguir alterar essa opção,Abre uma página específica ou um conjunto de páginas. Configurar páginas,a opção configurar páginas continua inacessível,como se meu usuário não fosse o administrador .



#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Salve seus Favoritos. Tecle Windows+R e na caixa Executar digite (ou copie e cole):

%LOCALAPPDATA%\Google\Chrome\Application

Dê o OK. Na pasta que abrirá, localize o arquivo First Run e delete.

Em alguns sistemas o caminho pode ser diferente. Se não achar a Application, digite (ou copie e cole):

%LOCALAPPDATA%\Google\Chrome\User Data

Verifique agora se consegue acesso.



#9
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

Carlos,fiz como pediu,e não alterou em nada,a tal página voltou a carregar,deixa ver se consigo explicar melhor,essa página sempre é carregada inicialmente,mas o google muda de página quando aperto a Home,abre a página que eu selecionei em "mostrar botão página inicial"...se eu seleciono em "inicialização" a opção "abre uma página específica ou conjunto de páginas..."onde eu deveria selecionar as páginas em "configurar páginas" não é disponível e ao lado tem uma placa com uma gravata que diz"Esta configuração é aplicada por seu administrador."



#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#11
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

desativo o malwarebytes tb?



#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

desativo o malwarebytes tb?

 

:legal:



#13
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

segue os resultados do  ESET e hijackthis,foram executados com antivirus,firewall e anti malware desativados;

 

C:\Users\tatiana\Downloads\4shared_Desktop_4.0.0hbr.exe    a variant of Win32/Hao123.A application    cleaned by deleting - quarantined
C:\Users\tatiana\Downloads\cpu-z_1.63-setup-en.exe    a variant of Win32/Bundled.Toolbar.Ask.C application    cleaned by deleting - quarantined
C:\Users\tatiana\Downloads\FFSetup300.zip    multiple threats    deleted - quarantined
C:\Users\tatiana\Downloads\MediaCoder-0.8.16.5292.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\tatiana\Downloads\winrar-420-baixaki-32-bits-4102012115743.exe    a variant of Win32/InstallCore.AY application    cleaned by deleting - quarantined
 

Logfile of HijackThis v1.99.1
Scan saved at 20:53:16, on 18/05/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\OEM\LIVE! OSD 1.27\osd.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\tatiana\Desktop\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:newtab
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - Global Startup: OSD.lnk = ?
O4 - Global Startup: Sensor de Proteção STI.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
 

Outra duvida,depois da análise do hijackthis,e só para fechar ou tenho que pedir para "Fixar"?



#14
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Eronilson,

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://www.bleepingc...nload/combofix/

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de malwares.


#15
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

log do combofix:

ComboFix 13-05-18.03 - tatiana 19/05/2013   8:52.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.55.1046.18.2933.1971 [GMT -3:00]
Executando de: c:\users\tatiana\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-04-19 to 2013-05-19  ))))))))))))))))))))))))))))
.
.
2013-05-19 11:58 . 2013-05-19 11:58    --------    d-----w-    c:\users\tatiana\AppData\Local\temp
2013-05-19 11:41 . 2013-05-19 11:41    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Apple Computer
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\program files\Common Files\Apple
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\users\tatiana\AppData\Local\Apple
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\program files\Apple Software Update
2013-05-19 03:23 . 2013-05-19 03:23    --------    d-----w-    c:\programdata\Apple
2013-05-18 23:54 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A54EA92A-92B1-42E2-8C0E-C750480B10FC}\mpengine.dll
2013-05-18 22:24 . 2013-05-18 22:24    --------    d-----w-    c:\program files\ESET
2013-05-18 17:59 . 2013-05-18 17:59    --------    d-----w-    C:\_OTL
2013-05-17 00:01 . 2013-05-13 06:19    7016152    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-16 23:33 . 2013-05-16 23:33    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Malwarebytes
2013-05-16 23:33 . 2013-05-16 23:33    --------    d-----w-    c:\programdata\Malwarebytes
2013-05-16 23:33 . 2013-05-16 23:33    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-05-16 23:33 . 2013-04-04 17:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-16 20:31 . 2013-04-05 04:29    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-16 20:16 . 2013-04-10 03:14    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-16 20:16 . 2013-03-19 04:53    186368    ----a-w-    c:\windows\system32\wwansvc.dll
2013-05-16 20:16 . 2013-03-19 03:33    40960    ----a-w-    c:\windows\system32\wwanprotdim.dll
2013-05-16 20:15 . 2013-04-10 05:18    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 20:15 . 2013-04-10 05:18    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 20:15 . 2013-02-27 05:05    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-16 20:15 . 2013-02-27 04:49    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-16 20:15 . 2013-02-27 04:49    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-13 22:55 . 2013-05-13 22:55    --------    d-----w-    c:\users\tatiana\AppData\Local\Samsung
2013-05-13 22:55 . 2013-05-13 22:55    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Samsung
2013-05-13 22:53 . 2013-04-03 07:58    83864    ----a-w-    c:\windows\system32\drivers\ssudbus.sys
2013-05-13 22:53 . 2013-04-03 07:58    181912    ----a-w-    c:\windows\system32\drivers\ssudmdm.sys
2013-05-13 22:47 . 2013-05-16 12:00    --------    d-----w-    c:\program files\MyFree Codec
2013-05-13 22:43 . 2013-04-18 22:08    4659712    ----a-w-    c:\windows\system32\Redemption.dll
2013-05-13 22:42 . 2013-04-18 22:06    821824    ----a-w-    c:\windows\system32\dgderapi.dll
2013-05-13 22:39 . 2013-05-13 22:50    --------    d-----w-    c:\program files\Samsung
2013-05-13 22:39 . 2013-05-13 22:49    --------    d-----w-    c:\programdata\Samsung
2013-05-13 22:28 . 2013-05-13 22:28    --------    d-----w-    c:\users\tatiana\AppData\Local\Downloaded Installations
2013-05-10 17:56 . 2013-04-12 13:45    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-05-02 12:38 . 2013-05-02 12:38    --------    d-----w-    c:\program files\Common Files\Java
2013-05-02 12:38 . 2013-05-02 12:38    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-23 16:12 . 2013-05-18 17:53    --------    d-----w-    c:\program files\SpeedFan
2013-04-23 15:35 . 2007-07-19 21:14    3727720    ----a-w-    c:\windows\system32\d3dx9_35.dll
2013-04-23 15:34 . 2013-04-23 15:34    --------    d-----w-    c:\programdata\Sony Corporation
2013-04-23 15:07 . 2013-04-23 15:39    --------    d-----w-    c:\users\tatiana\AppData\Roaming\Sony Corporation
2013-04-23 15:01 . 2008-07-04 14:22    122864    ------w-    c:\windows\system32\PxInsI64.exe
2013-04-23 15:01 . 2008-07-04 14:22    120816    ------w-    c:\windows\system32\PxCpyI64.exe
2013-04-23 15:01 . 2013-04-23 15:34    --------    d-----w-    c:\program files\Sony
2013-04-23 15:00 . 2013-04-23 15:00    --------    d-----w-    c:\users\tatiana\AppData\Roaming\InstallShield
2013-04-22 23:27 . 2013-04-22 23:27    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2013-04-22 23:23 . 2013-04-22 23:23    --------    d-sh--w-    c:\windows\system32\%APPDATA%
2013-04-22 23:09 . 2013-03-19 05:04    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-04-22 23:09 . 2013-03-19 05:04    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-04-22 23:09 . 2013-03-19 04:48    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-04-22 23:09 . 2013-03-19 02:49    69632    ----a-w-    c:\windows\system32\smss.exe
2013-04-22 23:09 . 2013-02-12 03:32    15872    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-04-22 23:09 . 2013-01-24 04:47    196328    ----a-w-    c:\windows\system32\drivers\fvevol.sys
2013-04-21 13:33 . 2013-04-14 22:16    811928    ----a-w-    c:\program files\Mozilla Firefox\sqlite3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 23:19 . 2011-08-10 22:06    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 22:04 . 2012-12-12 16:47    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-16 22:04 . 2012-12-12 16:47    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 15:28 . 2012-07-11 10:44    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-05-02 12:38 . 2012-10-15 14:39    866720    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-05-02 12:38 . 2011-09-24 21:00    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-18 22:07 . 2013-04-18 22:07    90112    ----a-w-    c:\windows\MAMCityDownload.ocx
2013-04-18 22:07 . 2013-04-18 22:07    330240    ----a-w-    c:\windows\MASetupCaller.dll
2013-04-18 22:07 . 2013-04-18 22:07    30568    ----a-w-    c:\windows\MusiccityDownload.exe
2013-04-18 22:06 . 2013-04-18 22:06    974848    ----a-w-    c:\windows\system32\cis-2.4.dll
2013-04-18 22:06 . 2013-04-18 22:06    81920    ----a-w-    c:\windows\system32\issacapi_bs-2.3.dll
2013-04-18 22:06 . 2013-04-18 22:06    65536    ----a-w-    c:\windows\system32\issacapi_pe-2.3.dll
2013-04-18 22:06 . 2013-04-18 22:06    57344    ----a-w-    c:\windows\system32\MTXSYNCICON.dll
2013-04-18 22:06 . 2013-04-18 22:06    57344    ----a-w-    c:\windows\system32\MK_Lyric.dll
2013-04-18 22:06 . 2013-04-18 22:06    57344    ----a-w-    c:\windows\system32\issacapi_se-2.3.dll
2013-04-18 22:06 . 2013-04-18 22:06    569344    ----a-w-    c:\windows\system32\muzdecode.ax
2013-04-18 22:06 . 2013-04-18 22:06    491520    ----a-w-    c:\windows\system32\muzapp.dll
2013-04-18 22:06 . 2013-04-18 22:06    49152    ----a-w-    c:\windows\system32\MaJGUILib.dll
2013-04-18 22:06 . 2013-04-18 22:06    45320    ----a-w-    c:\windows\system32\MAMACExtract.dll
2013-04-18 22:06 . 2013-04-18 22:06    45056    ----a-w-    c:\windows\system32\MaXMLProto.dll
2013-04-18 22:06 . 2013-04-18 22:06    45056    ----a-w-    c:\windows\system32\MACXMLProto.dll
2013-04-18 22:06 . 2013-04-18 22:06    40960    ----a-w-    c:\windows\system32\MTTELECHIP.dll
2013-04-18 22:06 . 2013-04-18 22:06    352256    ----a-w-    c:\windows\system32\MSLUR71.dll
2013-04-18 22:06 . 2013-04-18 22:06    258048    ----a-w-    c:\windows\system32\muzoggsp.ax
2013-04-18 22:06 . 2013-04-18 22:06    245760    ----a-w-    c:\windows\system32\MSCLib.dll
2013-04-18 22:06 . 2013-04-18 22:06    24576    ----a-w-    c:\windows\system32\MASetupCleaner.exe
2013-04-18 22:06 . 2013-04-18 22:06    200704    ----a-w-    c:\windows\system32\muzwmts.dll
2013-04-18 22:06 . 2013-04-18 22:06    155648    ----a-w-    c:\windows\system32\MSFLib.dll
2013-04-18 22:06 . 2013-04-18 22:06    143360    ----a-w-    c:\windows\system32\3DAudio.ax
2013-04-18 22:06 . 2013-04-18 22:06    135168    ----a-w-    c:\windows\system32\muzaf1.dll
2013-04-18 22:06 . 2013-04-18 22:06    131072    ----a-w-    c:\windows\system32\muzmpgsp.ax
2013-04-18 22:06 . 2013-04-18 22:06    122880    ----a-w-    c:\windows\system32\muzeffect.ax
2013-04-18 22:06 . 2013-04-18 22:06    118784    ----a-w-    c:\windows\system32\MaDRM.dll
2013-04-18 22:06 . 2013-04-18 22:06    110592    ----a-w-    c:\windows\system32\muzmp4sp.ax
2013-04-13 04:45 . 2013-05-16 20:16    474624    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 20:16    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-03-19 09:41 . 2013-04-08 16:32    16896    ----a-w-    c:\windows\Launcher.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-05-03 138096]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-04-23 1561968]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2013-04-18 578560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PMBVolumeWatcher"="c:\program files\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-11-28 739936]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-04-23 311152]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_31212740990385666CEAE7.exe [2011-4-13 3262]
Sensor de Proteção STI.lnk - c:\windows\Installer\{F1D7AA87-5261-441E-BEB5-F9267990B593}\_E338DF3E1C3922315A0807.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Guia Multimidia.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Guia Multimidia.lnk
backup=c:\windows\pss\Guia Multimidia.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-05-05 02:12    802136    ----a-w-    c:\program files\uTorrent\uTorrent.exe
.
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 Livemouclass;Livemouclass; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOEM.sys [x]
S1 360FileOem;360FileOem;c:\windows\system32\drivers\360FileOem.sys [x]
S1 360RegOem;360RegOem;c:\windows\system32\drivers\360RegOem.sys [x]
S1 360SpOEM;360SpOEM;c:\windows\system32\drivers\360SpOEM.sys [x]
S2 LiveGpdKBFilter;LiveGpdKBFilter; [x]
S2 LiveIO;LiveIO; [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 Livekbc;Livekbc; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
GPSvcGroup    REG_MULTI_SZ       GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-16 21:33    1642448    ----a-w-    c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 22:04]
.
2013-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000Core.job
- c:\users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03 23:54]
.
2013-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-85846730-1419635560-680840718-1000UA.job
- c:\users\tatiana\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-03 23:54]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-14 01:45]
.
2013-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-14 01:45]
.
.
------- Scan Suplementar -------
.
uStart Page = about:newtab
uDefault_Search_URL = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
IE: &Enviar para o OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}\E4544574541425: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{6F83E3BD-C82B-4E7D-8984-56FFB0F76ED0}\F496F56556C6F687F575966496F573436403: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\tatiana\AppData\Roaming\Mozilla\Firefox\Profiles\jknh4or1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.linhadefensiva.org/forum/index.php?app=core&module=usercp&tab=core&area=notifications|https://blu172.mail....103625765&fid=1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-05-19  08:59:57
ComboFix-quarantined-files.txt  2013-05-19 11:59
.
Pré-execução: 152.010.678.272 bytes disponíveis
Pós execução: 151.827.103.744 bytes disponíveis
.
- - End Of File - - 157885D4E6D4D742A82FD62CBC06AD05
 



#16
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Olá,

 

O problema inicial persiste?



#17
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts

não houve mudanças... o chrome continua com o mesmo problema...



#18
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

não houve mudanças... o chrome continua com o mesmo problema...

 

Tente reinstalar o chrome.



#19
Eronilson

Eronilson

    Membro

  • Membro
  • PipPip
  • 63 posts
Carlos, desinstalei o Chrome como pediu, inicialmente ele abriu a pagina da conta do google, tentei logo mudar a configuração pra Abre uma página específica ou um conjunto de páginas. Configurar páginas,masConfigurar páginascontinua inoperante, já desinstalei ate o mozilla para ver se estava afetando o chrome,mas tambem não teve nenhuma mudança, o que percebi na instalação do chrome é que só depois da terceira vez que o executei ele voltou abrir a página indesejada,http://addons-chrome.info/,ate então ele parecia normal,apesar de não me deixar escolher a página inicial, eu só consigo fazer isso se escolher a página que eu desejo em nova guia...
ou seja o problema persiste...tb notei que no IExplorer não consigo alterar as opções de inicialização, será que tem alguma relação?





Editado por Eronilson, 19 maio 2013 - 21:15.


#20
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 25.353 posts

Ok,

Baixe e execute o MiniToolBox (por Farbar)

Selecione as opções:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Feche todos os seus navegadores e clique no botão Go.

Aguarde a ferramenta terminar o scan (é bem rapido) e ao final será aberto um bloco de notas.

Copie e cole o conteúdo desse bloco de notas na sua proxima resposta.