Avast disparando alertas de ameaças na pasta Temp

# AdwCleaner v4.112 - Logfile created 13/03/2015 at 14:55:41

# Updated 09/03/2015 by Xplode

# Database : 2015-03-05.1 [Server]

# Operating system : Windows 8.1 Single Language  (x64)

# Username : Jonas - JONAS

# Running from : C:\Users\Jonas\Downloads\AdwCleaner (1).exe

# Option : Cleaning



***** [ Services ] *****



[#] Service Deleted : hshld



***** [ Files / Folders ] *****



Folder Deleted : C:\ProgramData\Browser

File Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default\searchplugins\speedbit.xml

File Deleted : C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default\user.js

File Deleted : C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage



***** [ Scheduled tasks ] *****



Task Deleted : update-sys

Task Deleted : update-S-1-5-21-2826467952-3774677869-3750621921-1002



***** [ Shortcuts ] *****





***** [ Registry ] *****



Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\<a href="'http://www.superfish.com'" target="_blank">www.superfish.com</a>

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Lightshot]

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}

Key Deleted : HKCU\Software\anchorfree

Key Deleted : HKLM\SOFTWARE\Baidu

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;192.168.*.*

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 97.77.104.22:80



***** [ Web browsers ] *****



-\\ Internet Explorer v11.0.9600.17416





-\\ Mozilla Firefox v36.0.1 (x86 pt-BR)



[nxq34qmg.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage_override_url", "hxxp://go.speedbit.com/?s=ECCaya1&quot;



-\\ Google Chrome v41.0.2272.89



[C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}</a>

[C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}</a>

[C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}</a>

[C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://<a href="'http://www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}'" target="_blank">www.mystartsearch.com/web/?type=ds&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKRY9CKRY9&q={searchTerms}</a>

[C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://br.ask.com/web?q={searchTerms}



*************************



AdwCleaner[R0].txt - [9524 bytes] - [10/12/2014 20:52:05]

AdwCleaner[R1].txt - [3765 bytes] - [13/03/2015 14:54:46]

AdwCleaner[S0].txt - [8351 bytes] - [10/12/2014 21:05:11]

AdwCleaner[S1].txt - [3686 bytes] - [13/03/2015 14:55:41]



########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3745  bytes] ##########

Mauriciodez disse:

Velho .. c está acusando vírus na pasta temp .. apague o conteúdo da pasta temp e pronto ...

Zoek.exe v5.0.0.0 Updated 13-March-2015

Tool run by Jonas on 13/03/2015 at 15:14:20,81.

Microsoft Windows 8.1 Single Language 6.3.9600  x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Jonas\Desktop\zoek.exe [Scan all users] [Script inserted] 



==== System Restore Info ======================



13/03/2015 15:17:48 Zoek.exe System Restore Point Created Successfully.



==== Empty Folders Check ======================



C:\PROGRA~2\New Folder deleted successfully

C:\Program Files\Common Files\SpeedBit deleted successfully

C:\PROGRA~3\Office2013 deleted successfully

C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully

C:\Users\Jonas\AppData\Roaming\Mouse Recorder Pro deleted successfully

C:\Users\Jonas\AppData\Roaming\Opera Software deleted successfully

C:\Users\Jonas\AppData\Local\LSC deleted successfully

C:\Users\Jonas\AppData\Local\Opera Software deleted successfully

C:\Users\Jonas\AppData\Local\Warface deleted successfully

C:\Users\pernambucana\AppData\Local\VirtualStore deleted successfully



==== Deleting CLSID Registry Keys ======================





==== Deleting CLSID Registry Values ======================





==== Deleting Services ======================



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssTrayService deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssWd deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HssWd deleted successfully



==== FireFox Fix ======================



Deleted from C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default\prefs.js:

user_pref("browser.startup.homepage", "https://www.google.com/?trackid=sp-006"

user_pref("browser.search.defaulturl", "https://www.google.com/search/?trackid=sp-006"

user_pref("browser.search.defaultengine", "Google (avast)"

user_pref("browser.search.selectedEngine", "Google"

user_pref("browser.search.order.1", "Google (avast)"



Added to C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default\prefs.js:

user_pref("browser.startup.homepage", "about:home"

user_pref("browser.newtab.url", "about:newtab"



Deleted from C:\Users\PERNAM~1\AppData\Roaming\Mozilla\Firefox\Profiles\xydds2cf.default\prefs.js:



Added to C:\Users\PERNAM~1\AppData\Roaming\Mozilla\Firefox\Profiles\xydds2cf.default\prefs.js:

user_pref("browser.startup.homepage", "about:home"

user_pref("browser.newtab.url", "about:newtab"



ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default



user.js not found

---- Lines CommonShare removed from prefs.js ----

user_pref("extensions.CommonShare.asul", "1417368455511"

user_pref("extensions.CommonShare.aul", "1417368360608"

user_pref("extensions.CommonShare.irl", true);

user_pref("extensions.CommonShare.is", "thin"

user_pref("extensions.CommonShare.ug", "e76c6bbf-6195-449f-bb5d-52925c6e8c20"

---- Lines Hold Page removed from prefs.js ----

user_pref("extensions.Hold Page.aul", "1417372306170"

user_pref("extensions.Hold Page.irl", true);

user_pref("extensions.Hold Page.is", "isgiwhBR"

user_pref("extensions.Hold Page.ug", "7F786520-B834-42E1-B72C-35582BB08881"

---- Lines aICNAV48208908SQB67903245com65779 removed from prefs.js ----

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.active", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.addressbar", "NA"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.addressbarenhanced", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.asyncdb.was_copied", "true"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.asyncinternaldb.was_copied", "true"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.backgroundver", 1);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.certdomaininstaller", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.changeprevious", false);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.InstallationTime.value", "%221417304202%22"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do 

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002310%22%2C%22sub_id%22%3A%220%

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.load_balancer.expiration", "Mon Dec 01 2014 03:27:05 GMT-0200 (Hora oficial do Br

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Br

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.previous_page.value", "%22https%3A//www.google.com.br/%3Fgfe_rd%3Dcr%26ei%3D77N7V

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Brasil)"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.cookie.user_id.value", "%2214a01bcbfc2942b61b9d5e52e393d1a2%22"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.description", "Lights out for YouTube"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.domain", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.enablesearch", false);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.homepage", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.ICNAV48208908@SQB67903245.comaICNAV48208908SQB67903245com65779_dbWasSet", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.ICNAV48208908@SQB67903245.comaICNAV48208908SQB67903245com65779_dbWasSet_FF25_FIX", true)

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.ICNAV48208908@SQB67903245.comasyncdb_dbWasSet", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.ICNAV48208908@SQB67903245.comasyncdb_dbWasSet_FF25_FIX", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.ICNAV48208908@SQB67903245.comasyncinternaldb_dbWasSet", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.ICNAV48208908@SQB67903245.comasyncinternaldb_dbWasSet_FF25_FIX", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.iframe", false);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.InstallationThankYouPage", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.InstallationTime", 1417304202);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora ofi

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__defualt_browser__.value", "%22ie%22"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__ad_server_domain.expiration", "Fri Feb 01 2030 00:00:00 GMT-

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__ad_server_domain.value", "%7B%22a%22%3A%22sld.coolad9.com/zT

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__ad_server_domains_last_update.expiration", "Fri Feb 01 2030 

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__ad_server_domains_last_update.value", "1417389969554"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__blacklist_domain.expiration", "Fri Feb 01 2030 00:00:00 GMT-

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__global_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__global_rules.value", "%5B%7B%22rules%22%3A%7B%22delay_betwee

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__global_rules_verion.expiration", "Fri Feb 01 2030 00:00:00 G

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__global_rules_verion.value", "3"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__last_daily_visit.expiration", "Mon Dec 01 2014 05:00:00 GMT-

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__last_daily_visit.value", "1417374490974"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__last_impression_time.expiration", "Fri Feb 01 2030 00:00:00 

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__last_impression_time.value", "1417392616032"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__marketing_rules.expiration", "Fri Feb 01 2030 00:00:00 GMT-0

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__marketing_rules.value", "%7B%22rules%22%3A%5B%7B%22ad_type%2

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.expiration", "Fri Feb 01 2030 00:00:0

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__marketing_rules_verion.value", "48"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__pages_visited_count.expiration", "Fri Feb 01 2030 00:00:00 G

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__pages_visited_count.value", "3"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__pagevies_count_1.11.2014.expiration", "Thu Dec 11 2014 05:00

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__pagevies_count_1.11.2014.value", "35"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__sent_active.expiration", "Sun Nov 30 2014 23:08:09 GMT-0200 

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__sent_active.value", "true"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__total_impressions_today.expiration", "Mon Dec 01 2014 05:00:

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__total_impressions_today.value", "7"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__total_impressions_today_slider.expiration", "Mon Dec 01 2014

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__total_impressions_today_slider.value", "7"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__verions_data.expiration", "Sun Nov 30 2014 23:08:10 GMT-0200

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.__ICM_DOWNLOADS__verions_data.value", "%7B%22global_rules_version%22%3A3%2C%2

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial do Br

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora of

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2205C51B93AFE84154925

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002310%22%2C%22sub_id%22%3A%

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora of

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002310%22%2C%22sub_id%2

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2205C51B93AF

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT-02

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GM

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_bundledWithHash.value", "null"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_last_executable_request.expiration", "Mon Dec 01 2014 10:

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_last_executable_request.value", "%22http%3A//dl.gta-sa-mp

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_regBundledWithSoftware.expiration", "Fri Feb 01 2030 00:0

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.monetization_plugin_regBundledWithSoftware.value", "%7B%7D"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficia

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_appVer.value", "34"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora o

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_lastVersion.value", "1"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial 

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_meta.value", "%7B%7D"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_nextCheck.expiration", "Mon Dec 01 2014 03:26:44 GMT-0200 (Hora ofi

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_nextCheck.value", "true"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0200 (Hora oficial

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.internaldb.Resources_queue.value", "%7B%7D"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.lastDailyReport", "1417390003243"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.lastUpdate", "1417390003242"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.manifesturl", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.name", "Cinema-Plus-1.7cV29.11"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.newtab", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.opensearch", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.pluginsurl", "http://js.newstaticclientstack.com/plugin/apps/65779/plugins/na/ff/plugins

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.pluginsversion", 29);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.publisher", "Cinema PlusV29.11"

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.searchstatus", 0);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.setnewtab", false);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.thankyou", ""

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.updateinterval", 360);

user_pref("extensions.aICNAV48208908SQB67903245com65779.65779.ver", 34);

user_pref("extensions.aICNAV48208908SQB67903245com65779.apps", "65779"

user_pref("extensions.aICNAV48208908SQB67903245com65779.bic", "14a01bcbfc2942b61b9d5e52e393d1a2"

user_pref("extensions.aICNAV48208908SQB67903245com65779.cid", 65779);

user_pref("extensions.aICNAV48208908SQB67903245com65779.firstrun", false);

user_pref("extensions.aICNAV48208908SQB67903245com65779.hadappinstalled", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.installationdate", 1417368355);

user_pref("extensions.aICNAV48208908SQB67903245com65779.modetype", "production"

user_pref("extensions.aICNAV48208908SQB67903245com65779.reportInstall", true);

user_pref("extensions.aICNAV48208908SQB67903245com65779.statsDailyCounter", 2);

---- FireFox user.js and prefs.js backups ---- 



prefs_032015_1534_.backup



ProfilePath: C:\Users\PERNAM~1\AppData\Roaming\Mozilla\Firefox\Profiles\xydds2cf.default



user.js not found

---- FireFox user.js and prefs.js backups ---- 



prefs_032015_1534_.backup



==== Deleting Files \ Folders ======================



C:\PROGRA~2\New Folder not found

C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found

C:\Users\Jonas\.android deleted

C:\PROGRA~2\Skillbrains deleted

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted

C:\PROGRA~2\Hotspot Shield deleted

C:\Users\Public\Pokki deleted

C:\install.exe deleted

C:\Users\Default\AppData\Roaming\ProductData deleted

C:\Users\Jonas\AppData\Roaming\ProductData deleted

C:\Users\Jonas\AppData\Roaming\Hotspot Shield deleted

C:\PROGRA~3\Hotspot Shield deleted

C:\PROGRA~3\boost_interprocess deleted

C:\PROGRA~3\ProductData deleted

C:\PROGRA~3\SpeedBit deleted

C:\PROGRA~3\Package Cache deleted

C:\PROGRA~3\EmailNotifier deleted

C:\Users\Convidado\AppData\Local\Pokki deleted

C:\Users\Default\AppData\Local\Pokki deleted

C:\Users\Jonas\AppData\Local\updater.log deleted

C:\Users\Jonas\AppData\Local\Pokki deleted

C:\Users\pernambucana\AppData\Local\Pokki deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

C:\Users\Jonas\Downloads\HSS-3.42-install-hss-686-conduit.exe deleted

C:\windows\SysNative\tasks\SBW_UpdateTask_Time_313631353232323935372d23787845322a5b3434322d57 deleted

C:\WINDOWS\SysNative\config\systemprofile\Searches deleted

C:\windows\SysNative\GroupPolicy\Machine deleted

C:\windows\SysNative\GroupPolicy\User deleted

C:\windows\SysNative\GroupPolicy\gpt.ini deleted

C:\WINDOWS\Syswow64\GroupPolicy\gpt.ini deleted

C:\WINDOWS\Syswow64\Hotspot Shield deleted

C:\Users\Jonas\Desktop\Instagram Downloader.lnk deleted

C:\Users\Jonas\AppData\Roaming\unins000.exe deleted

C:\Users\PERNAM~1\AppData\Roaming\Mozilla\Firefox\Profiles\xydds2cf.default\extensions\ICNAV48208908@SQB67903245.com deleted

"C:\Users\Jonas\AppData\Roaming\DZ" deleted

"C:\Users\Jonas\AppData\Roaming\WJGXDXQ" deleted



==== Firefox Start and Search pages ======================



ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default

user_pref("browser.startup.homepage", "about:home"

user_pref("browser.newtab.url", "about:newtab"



ProfilePath: C:\Users\PERNAM~1\AppData\Roaming\Mozilla\Firefox\Profiles\xydds2cf.default

user_pref("browser.startup.homepage", "about:home"

user_pref("browser.newtab.url", "about:newtab"



==== Firefox Extensions Registry ======================



[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{338950EA-82DB-44C1-930D-0C28E023C9F0}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [15/01/2015 16:03]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Jonas\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [25/12/2014 01:43]



==== Firefox Extensions ======================



ProfilePath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default

- Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

- Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\iobitascsurfingprotection@iobit.com



ProfilePath: C:\Users\PERNAM~1\AppData\Roaming\Mozilla\Firefox\Profiles\xydds2cf.default

- Undetermined - C:\Users\pernambucana\AppData\Roaming\Mozilla\Firefox\Profiles\xydds2cf.default\extensions\ICNAV48208908@SQB67903245.com



AppDir: C:\Program Files (x86)\Mozilla Firefox

- Hotspot Shield Extension - %AppDir%\browser\extensions\afproxy@anchorfree.com

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}



==== Firefox Plugins ======================



Profilepath: C:\Users\Jonas\AppData\Roaming\Mozilla\Firefox\Profiles\nxq34qmg.default

ECAA8B7CFE5AF18BFAB1F7D2AB731E4D    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealPlayer Video Downloader for HTML5  (32-bit)

5599683705687DD14E5052423FAFEE00    - C:\Users\Jonas\AppData\Roaming\raidcall\plugins\nprcplugin.dll -    Raidcall plugin

C62322C77D1AAB77B1CF1130FCC3673A    - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll -    Shockwave Flash

F6419D3B99616C80C947B9D7B427348B    - C:\Users\Jonas\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll -    Guardião Itaú 30 horas

3CD19649B2C3023D65E67C056457A2BC    - C:\Users\Jonas\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin

B8CFF778A75C685AAC275BFC00BB8FD8    - C:\Users\Jonas\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll -    Guardião Itaú 30 horas





==== Deleted Firefox Extensions ======================



C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com deleted



==== Fake Chromium Profiles Check ======================



Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome deleted



==== Chromium Look ======================



Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)



HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[30/11/2014 16:56]



selector is not a valid CSS selector - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Desprotetor.com - Desprotetor de links - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocohmmjllchepkjocddkihldoiillkl

KeyRocket for Gmail - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmocchgkijnbjdjkmlglaemjhhdiobbp

Invite All (for Facebook) - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopekjehpibhfpjjcokfmhcaeiclddih

A Journey through Middle-earth - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni

Avast Online Security - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

Instagram Photos Downloader - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdhkgpjchikknkkdcgkhbompedeidoe

Mac OS theme - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpadlfbbnobnjaeodjfnkogiigdmgff

GBBD Guardião - Itaú 30 horas - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg

Google Wallet - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Hover Zoom - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl

Proxy List - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn

w3toys - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pccijgeciailcjildclhbjgakoemgjjg

AVG PrivacyFix - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni

Google Slides - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

GBBD Guardião - Itaú 30 horas - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg

Google Wallet - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - pernambucana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

undetermined - Jonas\AppData\Local\Google\Chrome\User Data\Default\Extensions\Config.json



==== Set IE to Default ======================



Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com/"

"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

"Search Bar"="https://www.google.com/?trackid=sp-006"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.com/?trackid=sp-006"

"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

"Search Bar"="https://www.google.com/?trackid=sp-006"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.com/?trackid=sp-006"

"Search Page"="https://www.google.com/search?trackid=sp-006&q={searchTerms}"

"Search Bar"="https://www.google.com/?trackid=sp-006"



New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.google.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"



==== All HKCU SearchScopes ======================



HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}"

{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{83950DC5-07F2-46DC-A9F2-FA5C79418C05} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} Google  Url="https://www.google.com/search?trackid=sp-006&q={searchTerms}"



==== Reset Google Chrome ======================



C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\pernambucana\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\pernambucana\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully



==== shortcuts on Users Desktops ======================



C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jonas\Desktop\Any Video Converter.lnk - C:\Program Files (x86)\Anvsoft\Any Video Converter\AVCFree.exe 

C:\Users\Jonas\Desktop\Dropbox.lnk - C:\Users\Jonas\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

C:\Users\Jonas\Desktop\FileZilla Client.lnk - C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe 

C:\Users\Jonas\Desktop\gta_sa - Atalho.lnk - C:\GTA.San.Andreas\gta_sa.exe 

C:\Users\Jonas\Desktop\Habbo.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --user-data-dir="C:\Users\Jonas\AppData\Local\Google\Chrome\User Data" --app=http://www.habbo.com.br/client

C:\Users\Jonas\Desktop\MEGAsync.lnk - C:\Users\Jonas\AppData\Local\MEGAsync\MEGAsync.exe 

C:\Users\Jonas\Desktop\Notepad.lnk - C:\WINDOWS\system32\notepad.exe 

C:\Users\Jonas\Desktop\oCam.lnk - C:\Program Files (x86)\oCam\oCam.exe 

C:\Users\Jonas\Desktop\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe 

C:\Users\Jonas\Desktop\WhatsApp Web.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --user-data-dir="C:\Users\Jonas\AppData\Local\Google\Chrome\User Data" --app=https://web.whatsapp.com/



==== shortcuts on All Users Desktop ======================



C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 

C:\Users\Public\Desktop\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual

C:\Users\Public\Desktop\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe 

C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 

C:\Users\Public\Desktop\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document

C:\Users\Public\Desktop\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe 

C:\Users\Public\Desktop\Minimal ADB and Fastboot.lnk - C:\Users\Jonas\Documents\Moto E\Minimal ADB and Fastboot\py_cmd.exe 

C:\Users\Public\Desktop\MTA San Andreas 1.4.lnk - C:\Program Files (x86)\MTA San Andreas 1.4\Multi Theft Auto.exe 

C:\Users\Public\Desktop\RealPlayer Cloud.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop

C:\Users\Public\Desktop\Transformice.lnk - C:\Program Files (x86)\Transformice\Transformice.exe 

C:\Users\Public\Desktop\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 



==== shortcuts in Users Start Menu ======================



C:\Users\Convidado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast antivirus.lnk -  

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grupo doméstico.lnk -  

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk - C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk - C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Hoplon\APB Reloaded\APB Reloaded.lnk - C:\Program Files (x86)\Hoplon\APB Reloaded\Launcher\APBLauncher.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Hoplon\APB Reloaded\Desinstalar.lnk - C:\Program Files (x86)\Hoplon\APB Reloaded\Desinstalar.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Hoplon\APB Reloaded\Screenshot.lnk - C:\Program Files (x86)\Hoplon\APB Reloaded\Media\Screenshots 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Hoplon\APB Reloaded\Video.lnk - C:\Program Files (x86)\Hoplon\APB Reloaded\Media\Videos 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk - C:\Users\Jonas\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Uninstall.lnk - C:\Users\Jonas\AppData\Roaming\IMVUClient\Uninstall.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader\Instagram Downloader Website.lnk -  

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader\Instagram Downloader.lnk - C:\Program Files (x86)\Instagram Downloader\InstagramDownloaderStarter.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader\Open Install Location.lnk - C:\Program Files (x86)\Instagram Downloader 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Instagram Downloader\Uninstall Instagram Downloader.lnk - C:\Windows\System32\msiexec.exe /x {9DFA525A-6D12-444B-8F5A-63E2947FFC5D}

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk - C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk - C:\Windows\SysWOW64\msiexec.exe /X {4FC9DA9D-F608-454E-8191-D7EFFDCC5726}

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 

C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 



==== shortcuts in All Users Start Menu ======================



C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transformice.lnk - C:\Program Files (x86)\Transformice\Transformice.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Desinstalar Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\unins000.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Protect.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /Protect

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /toolbox

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8\Turbo Boost.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /turboboost

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid\Uninstall.lnk - C:\Program Files (x86)\AirDroid\uninst.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Desinstalar Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\unins001.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2\Driver Booster 2.lnk - C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free Video Editor.lnk - C:\Program Files (x86)\DVDVideoSoft\Free Video Editor\FreeVideoEditor.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio\Grand Theft Auto IV\Atualizador GameVicio.lnk - C:\Program Files (x86)\GameVicio\Grand Theft Auto IV\Atualizador.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio\Grand Theft Auto IV\Desinstalar a Tradução.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio\Grand Theft Auto IV\Leia-me.lnk - C:\Program Files (x86)\GameVicio\Grand Theft Auto IV\Instruções de instalação.txt 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio\Grand Theft Auto IV\Problemas Técnicos.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameVicio\Grand Theft Auto IV\Página GameVicio.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_40\bin\javacpl.exe -tab about

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Messenger.lnk - C:\Program Files (x86)\Lenovo\Lenovo Messenger\NotificationsViewHost.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Desinstalar Lightshot.lnk - C:\Program Files (x86)\Skillbrains\lightshot\unins000.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot\Lightshot.lnk - C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Reset settings.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe --remove-settings

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam\Uninstall ManyCam.lnk - C:\Program Files (x86)\ManyCam\uninstall.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Enviar para o OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe  /design 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pubs.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Centro de Carregamento do Office 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\msouc.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Database Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Gerenciador de Gravação do Lync.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Log de Telemetria do Office 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Painel de Telemetria do Office 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Preferências de Idioma do Office 2013.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Ferramentas do Office 2013\Spreadsheet Compare 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot\Minimal ADB and Fastboot.lnk - C:\Users\Jonas\Documents\Moto E\Minimal ADB and Fastboot\py_cmd.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot\Uninstall Minimal ADB and Fastboot.lnk - C:\Users\Jonas\Documents\Moto E\Minimal ADB and Fastboot\unins000.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager\Motorola Device Manager.lnk - C:\WINDOWS\Installer\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}\_EED70B3E82A514A7A6E8F1.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oCam\oCam.lnk - C:\Program Files (x86)\oCam\oCam.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\oCam\Uninstall.lnk - C:\Program Files (x86)\oCam\unins000.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\Montador do RealPlayer.lnk - C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Cloud.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:start_menu

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files (x86)\Real\RealPlayer\realconverter.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Downloader.lnk - C:\WINDOWS\Installer\{6FCD4D5A-20B9-4D79-ABA5-4E7048944025}\recordingmanager.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer\Uninstall Second Life Viewer.lnk - C:\Program Files (x86)\SecondLifeViewer\uninst.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\RealPlayer Cloud Service UI.lnk - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Desinstalar Winamp.lnk - C:\Program Files (x86)\Winamp\uninstwa.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\O Que há de Novo.lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Modo de Segurança).lnk -  

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 



==== shortcuts in Quick Launch ======================



C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AirDroid.lnk - C:\Program Files (x86)\AirDroid\Launcher.exe 

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\UserGuide.lnk - C:\Program Files (x86)\Lenovo\UserGuide\UserGuide.exe 

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\AirDroid.lnk - C:\Program Files (x86)\AirDroid\Launcher.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk - C:\Program Files (x86)\ManyCam\ManyCam.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d3e708a23e0ffba6\Jogos.lnk - C:\WINDOWS\explorer.exe shell:::{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\(1) WhatsApp Web.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --user-data-dir="C:\Users\Jonas\AppData\Local\Google\Chrome\User Data" --app=https://web.whatsapp.com/

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 8.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe /manual

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Habbo.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --user-data-dir="C:\Users\Jonas\AppData\Local\Google\Chrome\User Data" --app=http://www.habbo.com.br/client

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

C:\Users\pernambucana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\pernambucana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\pernambucana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\pernambucana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

C:\Users\pernambucana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  

C:\Users\pernambucana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\pernambucana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  



==== shortcuts After Repair ======================



C:\Users\Jonas\Desktop\Habbo.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jonas\Desktop\WhatsApp Web.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\(1) WhatsApp Web.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

C:\Users\Jonas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Habbo.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 



==== Reset IE Proxy ======================



Value(s) before fix:

"ProxyOverride"=";192.168.*.*"

"ProxyEnable"=dword:00000000



Value(s) after fix:

"ProxyEnable"=dword:00000000



==== Deleting Registry Keys ======================



HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully



==== Empty IE Cache ======================



C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Convidado\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\Users\pernambucana\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\pernambucana\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\Convidado\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\Jonas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\Users\pernambucana\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\pernambucana\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully



==== Empty FireFox Cache ======================



C:\Users\Jonas\AppData\Local\Mozilla\Firefox\Profiles\nxq34qmg.default\cache2 emptied successfully

C:\Users\pernambucana\AppData\Local\Mozilla\Firefox\Profiles\xydds2cf.default\cache2 emptied successfully



==== Empty Chrome Cache ======================



C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\pernambucana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully



==== Empty All Flash Cache ======================



Flash Cache Emptied Successfully



==== Empty All Java Cache ======================



Java Cache cleared successfully



==== C:\zoek_backup content ======================



C:\zoek_backup (files=14922 folders=398 719273947 bytes)



==== Empty Temp Folders ======================



C:\Users\Convidado\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Jonas\AppData\Local\Temp will be emptied at reboot

C:\Users\pernambucana\AppData\Local\Temp emptied successfully

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot



==== After Reboot ======================



==== Reset Hosts File ======================



Hosts File Reset Successfully



==== Empty Temp Folders ======================



C:\WINDOWS\Temp successfully emptied

C:\Users\Jonas\AppData\Local\Temp successfully emptied



==== Empty Recycle Bin ======================



C:\$RECYCLE.BIN successfully emptied



==== EOF on 13/03/2015 at 15:48:13,64 ======================

JonasDi disse:

Não adiantaria, pois se a cada vez que o Avast dispara um alerta, o arquivo muda, significa que existe algum programa criando arquivos temporários infectados.

~ ZHPCleaner v2015.3.12.117 by Nicolas Coolman (12/03/2015)

~ Run by Jonas (Administrator)  (13/03/2015 16:16:36)

~ Forum : http://forum.nicolascoolman.fr

~ Facebook : https://www.facebook.com/nicolascoolman1

~ State version : Version OK

~ Type : Repair

~ Report : C:\Users\Jonas\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\Jonas\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

~ Windows 81, 64-bit  (Build 9600)





---\\  Services (2)

DELETED : esgiguard (Crapware.SpyHunter)

CLOSED : SpyHunter 4 Service (Crapware.SpyHunter)





---\\  Browser internet (2)

MOVED file: C:\Users\Jonas\Desktop\SpyHunter.lnk  [Bad : C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe] (Crapware.SpyHunter)

REPLACED Chrome URL: hxxp://www.mystartsearch.com/?type=hp&ts=1417304538&from=tt4u&uid=WDCXWD10JPCX-24UE4T0_WD-WXD1EB3CKR[...] (PUP.StartSearch)





---\\  Hosts file (0)

~ No malicious items found.





---\\  Scheduled automatic tasks. (0)

~ No malicious items found.





---\\  Explorer ( File, Folder) (16)

MOVED file: C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [ - ] (Crapware.SpyHunter)

MOVED file: C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe [Enigma Software Group USA, LLC. - Service scanner interface] (Crapware.SpyHunter)

MOVED file: C:\WINDOWS\System32\DRIVERS\hssdrv6.sys [AnchorFree Inc. - Hotspot Shield Routing Driver] (PUP.HotspotShieldToolbar)

MOVED file: C:\WINDOWS\System32\DRIVERS\taphss6.sys [Anchorfree Inc. - Anchorfree HSS VPN Adapter] (PUP.AnchorFree)

MOVED folder*: C:\ProgramData\Baidu Security\PC Faster (Adware.BDPlugin)

MOVED folder*: C:\ProgramData\Baidu Security\RpData (Adware.BDPlugin)

MOVED folder*: C:\ProgramData\Baidu Security (Adware.BDPlugin)

MOVED file: C:\spyhunter.fix [ - ] (Crapware.SpyHunter)

MOVED file: C:\WINDOWS\Prefetch\SPYHUNTER4.EXE-F92A78C9.pf [ - ] (Crapware.SpyHunter)

MOVED file: C:\WINDOWS\Installer\13531570.msi [ - ] (PUP.EnigmaSoftware)

MOVED file: C:\Users\Jonas\Downloads\Crack spyhunter 4 japa tutoriais.rar [ - ] (Crapware.SpyHunter)

MOVED file: C:\Users\Jonas\Downloads\SpyHunter + Crack japatutoriais.rar [ - ] (Crapware.SpyHunter)

MOVED file: C:\Users\Jonas\Downloads\setup-lightshot.exe [Skillbrains - lightshot Setup] (PUP.SkillBrains)

MOVED file*: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lp.ilividnewtab.com_0.localstorage [ - ] (Adware.Bandoo)

MOVED file*: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_software.maxiget.com_0.localstorage [ - ] (PUP.Maxiget)

MOVED file*: C:\Users\Jonas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.hotspotshield.com_0.localstorage [ - ] (PUP.HotspotShieldToolbar)





---\\  Registry ( Key, Value, Data) (22)

DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\esgiguard [C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys] (Crapware.SpyHunter)

DELETED key^: [X64] HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [C:\PROGRA~2\Enigma Software Group\SpyHunter\SH4Service.exe] (Crapware.SpyHunter)

DELETED data: HKCR\BaiduSparkHTML\Shell\Open\Command\\Default [Bad : ]  (Broken.OpenCommand)

DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\HssDRV6 [C:\WINDOWS\System32\DRIVERS\hssdrv6.sys] (PUP.HotspotShieldToolbar)

DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\taphss6 [C:\WINDOWS\System32\DRIVERS\taphss6.sys] (PUP.AnchorFree)

DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BDDD3E16100308F511510A7DA36C6F65 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.Vosteran)

DELETED key*: HKEY_USERS\S-1-5-21-2826467952-3774677869-3750621921-1002\Software\SkillBrains [] (Adware.SkillBrains)

DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Avast Packages [Avast Packages] (Adware.InstallCore)

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\anchorfree.com [] (PUP.AnchorFree)

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\anchorfree.us [195] (PUP.AnchorFree)

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\api.commonshare.net [173358] (PUP.CommonShare)

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\commonshare.net [] (PUP.CommonShare)

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.mystartsearch.com [87] (PUP.StartSearch)

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\anchorfree.us [195] (PUP.AnchorFree)

DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.anchorfree.us [256] (PUP.AnchorFree)

DELETED key*: [X64] HKLM\SOFTWARE\Classes\ASCPlugin_Protection.TASCBrowserProtection [Advanced SystemCare Surfing Protection] (Hijacker.Eazel)

DELETED key*: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update Hold Page [] (PUP.HoldPage)

DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2826467952-3774677869-3750621921-1002\Products\D9AD9CF4806FE45418197DFEDFCC7562 [SpyHunter] (Crapware.SpyHunter)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\HotspotShield [C:\Program Files (x86)\Hotspot Shield] (PUP.HotspotShieldToolbar)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\Skillbrains [] (Adware.SkillBrains)

DELETED key*: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726} [SpyHunter] (Crapware.SpyHunter)







---\\ Result of repair

~ Repair carried out successfully

~ Browser not found (Opera Software)

~ The system has been restarted.





---\\ Statistics

~ Items scanned : 98355

~ Items found : 0

~ Items repaired : 24





End of clean at 16:24:08

===================

ZHPCleaner-[R]-13032015-16_24_08.txt