Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Alisson C. Lisboa

[Resolvido] gstatic, 123rede, bad_pool_header

Recommended Posts

Bom dia!

Já tentei de diversas formas remover a www.123rede... da minha página inicial e não consigo. O malwarebytes não resolveu.

Desde ontem as páginas da Google, facebook, youtube não quiseram mais abrir. Outras páginas abriram (bing, ask etc). Resolvi essa questão restaurando as configurações originais do chrome, mas nos outros navegadores não funcionou. Entretanto, aparece na barrinha inferior esquerda, que mostra o link, o nome "gstatic". Pesquisei e vi que é um malware. Tenho percebido o note e a navegação mais lentas. E hoje deu um erro de tela azul com o nome "bad_pool_header", reiniciando o computador.

Agradeço toda a ajuda!

Vou colar o log do HijackThis, seguindo as instruções (apareceu uma janela de erro dizendo que não teve acesso à pasta de hosts:

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:38, on 23/05/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1429826701
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1429826701
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\pci\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://*.connectify.me (HKLM)
O15 - ESC Trusted Zone: http://*.fastspring.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBF0A645-32E1-49E2-92A7-37BCD08B8DC6}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Serviço do Mundo Positivo (AppManagerService) - Positivo Informática S.A. - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Battery Manager Service (BatteryManagerSrv) - Positivo Informática S.A - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Program Files\Common Files\ArtistScope\CSHelper64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Tecnologia de armazenamento Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12969 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Alisson.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v4.205 - Relatório criado 23/05/2015 às 22:26:35

# Atualizado 21/05/2015 por Xplode

# Base de dados : 2015-05-21.2 [servidor]

# Sistema operacional : Windows 8.1 Single Language (x64)

# Usuário : Alan Lisboa - ALANLISBOA

# Executando de : C:\Users\pci\Desktop\AdwCleaner (2).exe

# Opção : Limpar


***** [ Serviços ] *****



***** [ Arquivos / Pastas ] *****



***** [ Tarefas agendadas ] *****



***** [ Atalhos ] *****



***** [ Registro ] *****


Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

Chave Apagado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}

Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

Chave Apagado : HKLM\SOFTWARE\SupDp

Chave Apagado : HKU\.DEFAULT\Software\AskPartnerNetwork

Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Linkey


***** [ Navegadores ] *****


-\\ Internet Explorer v11.0.9600.17416



-\\ Mozilla Firefox v31.0 (x86 pt-BR)



-\\ Google Chrome v43.0.2357.65


[C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://www.mystartsearch.com/web/?type=dspp&ts=1428727555&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5EC906954&q={searchTerms}

[C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Extension] : aaaaimdcedbpbcjjbbnfcbbjcngmomic

[C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh

[C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [startup_URLs] : hxxp://www.mystartsearch.com/?type=hppp&ts=1428727555&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5EC906954


*************************


AdwCleaner[R0].txt - [17247 bytes] - [10/03/2015 21:49:45]

AdwCleaner[R1].txt - [17250 bytes] - [10/03/2015 21:52:32]

AdwCleaner[R2].txt - [2340 bytes] - [23/05/2015 22:21:46]

AdwCleaner[s0].txt - [15038 bytes] - [10/03/2015 22:00:30]

AdwCleaner[s1].txt - [2217 bytes] - [23/05/2015 22:26:35]


########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2276 bytes] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

Salve-o no Desktop (Área de Trabalho).

 

Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 04-May-2015

Tool run by Alan Lisboa on 24/05/2015 at 12:15:20,15.

Microsoft Windows 8.1 Single Language 6.3.9600 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\pci\Desktop\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


24/05/2015 12:23:41 Zoek.exe System Restore Point Created Successfully.


==== Reset Hosts File ======================


# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host


127.0.0.1 localhost


==== Empty Folders Check ======================


C:\PROGRA~2\HDPlayer deleted successfully

C:\PROGRA~2\NCWest deleted successfully

C:\PROGRA~2\COMMON~1\PDF Architect deleted successfully

C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully

C:\PROGRA~3\Nero deleted successfully

C:\PROGRA~3\Oracle deleted successfully

C:\Users\Administrator\AppData\Roaming\Positivo deleted successfully

C:\Users\pci\AppData\Roaming\New Version Available deleted successfully

C:\Users\pci\AppData\Local\.# deleted successfully

C:\Users\pci\AppData\Local\._LiveCode_ deleted successfully


==== Deleting CLSID Registry Keys ======================


HKEY_USERS\S-1-5-21-4031994663-3122396859-3881797002-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA} deleted successfully


==== Deleting CLSID Registry Values ======================



==== Deleting Services ======================



==== FireFox Fix ======================


Deleted from C:\Users\pci\AppData\Roaming\Mozilla\Firefox\Profiles\mpdn9vsv.default\prefs.js:

user_pref("browser.startup.homepage", "":{"setting":1}},"geolocation":{},"images":{},"javascript":{},"media_stream":{},"media_stream_camera":{},"media_stream_mic":{},"metro_switch_to_desktop":{},"midi_sysex":{},"mixed_script":{},"mouselock":{},"notifications":{},"plugins":{},"popups":{},"ppapi_broker":{},"protocol_handlers":{},"push_messaging":{},"ssl_cert_decisions":{}},"pattern_pairs":{"http://www.showcarros.net:80,http://assistirplayvideos.blogspot.com.br:80":{"fullscreen":1}},"pref_version":1},"created_by_version":"39.0.2171.95","default_content_settings":{},"exit_type":"Crashed","exited_cleanly":true,"gaia_info_picture_url":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/s256-c/photo.jpg","gaia_info_update_time":"13076878360273550","icon_version":3,"managed_user_id":"","managed_users":{},"migrated_content_settings_exceptions":true,"migrated_default_content_settings":true,"migrated_default_media_stream_content_settings":true,"name":"Pessoa 1","per_host_zoom_levels":{}},"protection":{"macs":{}},"reverse_autologin":{"enabled":false},"safebrowsing":{"extended_reporting_enabled":true},"savefile":{"default_directory":"C:\\Users\\pci\\Documents\\A.'. A.'.,\\Astrologia Hermética","type":1},"selectfile":{"last_directory":"C:\\Users\\pci\\Desktop"},"session":{"restore_on_startup_migrated":true,"startup_urls_migration_time":"13065807877680561"},"signin":{"signedin_time":"13070001370329917"},"sync":{"app_list":true,"app_settings":true,"apps":true,"autofill":true,"autofill_profile":true,"autofill_wallet":true,"bookmarks":true,"dictionary":true,"encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAt7U1x7L9kk2xJI+x5oem9QAAAAACAAAAAAAQZgAAAAEAACAAAAA8/kPaRnnsKmn1qu/IJ6H+Y1CSppcQ9O+Yybka4yO3BQAAAAAOgAAAAAIAACAAAADVHrJKHzCzCu3MWJNZ09P6V8AmQ1od9cBZ4gfeMyUiwEAAAAAINTyMn+NeW/Eaqm0I7AnVVh/nVxouYavRIFh2Vjp9jQ4QdbU/wExI2D3i61RNB+PbXC4/mhTkuwsPnK29ceHgQAAAAHXctOnsGEQT+x86B5tseJLpmWkQeK3m2MxskPNEfG5Fac+YVGne2dxso9Q6c/42NsnuFTCJlvTG+USQnsrkYrY=","extension_settings":true,"extensions":true,"favicon_images":true,"favicon_tracking":true,"first_sync_time":"13070001370509047","has_setup_completed":true,"history_delete_directives":true,"keystore_encryption_bootstrap_token":"AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAt7U1x7L9kk2xJI+x5oem9QAAAAACAAAAAAAQZgAAAAEAACAAAABCGPI6IJiUEe6oH0QCdr5ii2/mCI7iSD/u3Jxfc/MhzAAAAAAOgAAAAAIAACAAAADbGHSVWEa6Uwe9jgGqfX0ago9Q26guRXNKA2Wq/vHNr1AAAABhaxNf759/AzflOcfp1eyhPbreYrMjBt/ODb+ULYgv6oC1cMk+Oz94egDJrCx3DmG//CfAwkIXNZEySsG8IloPRyqg1hWhEKl/iQCfvPAFFUAAAACP2XITdy57i4EX24NqTj6jhR3XFvbKL9RGTft5loA6GG/OSVpeKTCkFNHZIYXisQEBp44ebNgwmJ+redJ+6lf5","last_synced_time":"13076954334307142","managed_user_settings":true,"managed_user_shared_settings":true,"managed_user_whitelists":true,"managed_users":true,"passwords":true,"preferences":true,"priority_preferences":true,"search_engines":true,"session_sync_guid":"session_syncpxxwjOlWsorTnozTOIe2rQ==","sessions":true,"suppress_start":false,"tabs":true,"themes":true,"typed_urls":true},"sync_promo":{"startup_count":4},"translate_accepted_count":{"en":0},"translate_blocked_languages":["pt"],"translate_denied_count":{"en":2},"translate_last_denied_time":1.42136e+12,"translate_too_often_denied":true,"translate_whitelists":{},"zerosuggest":{"cachedresults":""}}

*.googleusercontent.com/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13065807877700006","location":5,"manifest":{"background":{"persistent":false,"scripts":["utility.js","cards.js","background.js"]},"description":"Integrates Google Now into Chrome.","icons":{"128":"images/icon128.png","16":"images/icon16.png","48":"images/icon48.png"},"key":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhqJr32OFD/bMXW4Md7jMfd7LbwHXVc6x5bBQG5U+dloofoxrICDR20yur/40mQ8O//0sS1b8srvbab1CRlSrxoNCr9T80NAkfzx0gHyVS+p1Zow+1FzLMu9PiGwwFyN80HIB7GI/dIa0wC9K/2OrrzcHEhVH96DacTtWQqjfDVtZPjT7Xwv23dgoWcpbkRC86jMJot3dmX9xnn0KzoVc9gDOHSIkBLbkkr6Sp3LGXCCM4L0DJgxdFwaLr5WBzgC3y5x0/wwPIwN4PtIaK3BhH6njlksfnKwwIJ9iRT41V4BqbWu4mszO/7VJ3HJyw2DBpIc2grU9ZRRxrV3fRQG4wIDAQAB","manifest_version":2,"name":"Google Now","oauth2":{"auto_approve":true,"scopes":["]},"optional_permissions":["background"],"permissions":["alarms","identity","metricsPrivate","notifications","pushMessaging","storage","tabs","webstorePrivate","*://*.google.com/*","*://*.gstatic.com/*","https://*.googleapis.com/chromenow/v1/*","https://*.googleusercontent.com/*"],"version":"1.2.0.1"},"path":"C:\\Program Files (x86)\\Google\\Chrome\\Application\\39.0.2171.95\\resources\\google_now","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":false,"was_installed_by_oem":false},"pjkljhegncpnkpknbcohdijeoejaedia":{"ack_external":true,"active_permissions":{"api":["notifications"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["notifications"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13071981921608433","lastpingday":"13076924406408031","location":1,"manifest":{"app":{"launch":{"container":"tab","web_url":"https://mail.google.com/mail/ca"},"urls":["*://mail.google.com/mail/ca"]},"current_locale":"pt_BR","default_locale":"en","description":"E-mail rápido e pesquisável com menos spam.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB","manifest_version":2,"name":"Gmail","options_page":"https://mail.google.com/mail/ca/#settings","permissions":["notifications"],"update_url":"http://clients2.google.com/service/update2/crx","version":"8.1"},"page_ordinal":"n","path":"pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false}}},"google":{"services":{"last_username":"aclisboa1990@gmail.com","username":"aclisboa1990@gmail.com"}},"homepage":"http://www.google.com.br/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"B535F02B3D78771D5B20C07DD9D28F449E45918F8E5968551A643468D33301A8"},"default_search_provider":{"keyword":"707E9014A9AFDEA3BEB0DCF427AE5EF146387E1E86B2286C09548CCA83AE2E9A","name":"7BAF6A487493CE773DDDF954A9B70521400798BEDB908ECBDFD1E03748D70E17","search_url":"BBB6DE504AB2ECFFB9ED36472B03FB04A17F3CB65BD356383AFF3A7192159539"},"default_search_provider_data":{"template_url_data":"B03A37A9884F620181424FA436F6C722C1DCE5E5EF5231DF47A1D02F1D1F9054"},"extensions":{"settings":{"aapocclcgogkmnckokdopfmhonfmgoek":"3500A1F16F9B443FBB7E33273BB0B182F7EFFE5C5D1BC3941A54F5EC262C53CB","ahfgeienlihckogmohjhadlkjgocpleb":"18326F3FAA18B08C685FC191660A6D07FB9B888094E8B6090DBA3016C7EFA060","aohghmighlieiainnegkcijnfilokake":"1F7C7E1F5E1FAA242D10AF4F7CCFE2460F5A2CCA99E2C20F091291A22DA81963","apdfllckaahabafndbhieahigkjlhalf":"7FF73DD52B7FACC70E5170DF59E420E749C49E4AAC2E3A9DA0663EE149048341","bepbmhgboaologfdajaanbcjmnhjmhfn":"1C43385DC88B9E84BB52276EB6D7E381CD88A12165E465DFBE74E6FCDF98DECD","blpcfgokakmgnkcojhhkbfbldkacnbeo":"EE42D731A2458795B59E464FD7BCC100CC31C3FEFC2BF288282EE874DF879FCB","coobgpohoikkiipiblmjeljniedjpjpf":"4C2D91A0DB14CBC06FB0090FCF1F9F7971D2249B7368837CCC8439AF6E0CEE4E","eemcgdkfndhakfknompkggombfjjjeno":"444A84A1374086CCBF89B3F03B9F1541CDBFF0D4859793B8E23B38F63D8B8F78","ennkphjdgehloodpbhlhldgbnhmacadg":"EDB587BEEBE34C6FBD77778966FD296BAEA9D77F3EBB86E02D3EC1F8B9E74A30","felcaaldnbdncclmgdcncolpebgiejap":"D6B65624B5321DC4C9C55A67A4B28FC3A569030122405FF9E1EDCC5C6FF58229","gfdkimpbcpahaombhbimeihdjnejgicl":"6A0A7BD4697AC1887FF0A83A853864311D203E875513921A768AD74EBC207A91","gmlllbghnfkpflemihljekbapjopfjik":"F26BDAA1EEDBBC3F9ADAFC19DA4DE9E532CA57EFF55311F714E1894AA37B5D71","gomekmidlodglbbmalcneegieacbdmki":"6327874D103B49F32284824BF22D7B29CB3FE17D64418B76CAA1A2353B623833","kmendfapggjehodndflmmgagdbamhnfd":"1345EB2CC934F98FD79B44C75E4D2C122CAD627347D59319A5A607FC13266CAE","lccekmodgklaepjeofjdjpbminllajkg":"B51CA144BB8CE48D104507F2A69A2803D323BC0183D93C003124A2465CBCC4D7","mfehgcgbbipciphmccgaenjidiccnmng":"F474820464D44E415A73AEB69D85F1E84066CFD7FF70E087D3C77ED9C43DA2ED","mfffpogegjflfpflabcdkioaeobkgjik":"CF82F2E80CA99D2AD9F00341CDDEB04F63D3AB436DF68969D392995FCC5AF33D","mgndgikekgjfcpckkfioiadnlibdjbkf":"72A6A2C037858DFC4C5B9F8B39B697E6648067271C30D18B597C4364A860556B","mhjfbmdgcfjbbpaeojofohoefgiehjai":"94082F900C9ACD20A54A318CA5F0AD30E112C27278B12C52A109A4CE34D20234","nbpagnldghgfoolbancepceaanlmhfmd":"212BA47FBAA38611D4F74D6B6F15688669A238AE8AA732C3D063EB24391A6556","neajdppkdcdipfabeoofebfddakdcjhd":"14224ADECDC217BF807D832B7FC30EA8AD5C00FE8E716FB30847466FA0DBF9F9","nkeimhogjdpnpccoofpliimaahmaaome":"8695BA2A4310CD4573C9A849851693E4DA28EF8D6D9005559FF0C2D2E2A783EC","nmmhkkegccagdldgiimedpiccmgmieda":"D0E19C1A39653EDAE409C6BA2816885434FC6B25F4DDB4BD4B814805A9FC7FA2","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"89282A2263D60FF868FD162BEC78EF86F2B7F3B37E2BDAA755C849C7DDB8CC22","pjkljhegncpnkpknbcohdijeoejaedia":"FE8708D1CD3CC549A77BF252870504C0C4F241F788B0A244B88BE584A52F996F"}},"google":{"services":{"last_username":"D7CD56CA84BB5E4AF5788204F18ABA519628C3A9C1C34893404B02FC967C6C43","username":"0414DAC2877F77912D9BC8949A4B8AA39CA876210777E8BB054599349BB88FAB"}},"homepage":"7C998A66ECF6B4A2E526E227FCD4FC74A85AECAAE0797BEA7ADA22FFB1F54DB8","homepage_is_newtabpage":"9A983C37C3B703B5AAF278EB43FE99E1C3C8F439FFE5E4A4A75F37D8322FBA03","pinned_tabs":"3F860D9923668E84DA74152FA18DEE11FE8E4AAE0F593D300B2AC67810B0EA00","prefs":{"preference_reset_time":"4ADB62F23F7CF12B7CCDACDA489B900D49186E239515092EA343E125F880B597"},"profile":{"reset_prompt_memento":"84BC0B4FAFBC543A59AB1C45FD18141BF02CCDB1E056BF16A05CCB267C5CAF9E"},"safebrowsing":{"incidents_sent":"1C7372389ADE5C0227E95E0C38B190AA973CE4B0C7FAB853B5E0111EF0E5F79E"},"search_provider_overrides":"568749948CEDB58AA81432D890E83C834210B0DBA2440793EC896B797D7C96EA","session":{"restore_on_startup":"D81F8D77A90E89093AE368A36E4E9A8D5E03762E35797D535ECD49ED28F5732F","startup_urls":"9EF91CE4E4E9D0673BB4817F61022A96711E2B33C1035A9468AC4EC6F1E3CA1B"},"software_reporter":{"prompt_reason":"32B92246CAFCAD77895AA3B652EBFB23EE15737F65C40647E43C4B15AB066FC5","prompt_seed":"19EE1C870A3261A033378193806832D80162B7E26E3427CEE6ADB914A26E1470","prompt_version":"56E24D544F208CA28D17886FB9805607D511D861C6A9E2A0F3327F3AA55C29AA"},"sync":{"remaining_rollback_tries":"6D14F9B5D1C6E42D5A31003A1A96DB005B11B6503E6DC84203F9020B43400217"}},"super_mac":"8D89B21B7E33397A025662BA609BC49C61D743D86CDEF89479A13898E514B973"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com.br/"]},"sync":{"remaining_rollback_tries":0}}



==== Set IE to Default ======================


Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"


New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"


==== Reset Google Chrome ======================


C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal.protect was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data-journal was reset successfully


==== Deleting CLSID Registry Keys ======================



==== Deleting CLSID Registry Values ======================


HKEY_USERS\S-1-5-21-4031994663-3122396859-3881797002-1001\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} deleted successfully


==== shortcuts on Users Desktops ======================


C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe

C:\Users\pci\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\Desktop\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\Desktop\NeroExpress.exe - Atalho.lnk - C:\NeroPortable\App\Nero\Nero Burning ROM\NeroExpress.exe

C:\Users\pci\Desktop\PhotoshopCS6Portable.exe - Atalho.lnk - C:\Instaladores\PhotoshopPortable\PhotoshopCS6Portable.exe

C:\Users\pci\Desktop\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\Desktop\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\Desktop\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

C:\Users\pci\Desktop\WoW Brasil.lnk - C:\Downloads\World of Warcraft\game.exe


==== shortcuts on All Users Desktop ======================


C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe

C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk - C:\Program Files (x86)\Intel Driver Update Utility\DriverUpdateUI.exe

C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Users\Public\Desktop\Mundo Positivo Webcam.lnk - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Webcam\WebCam.exe

C:\Users\Public\Desktop\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\Public\Desktop\Tim Communicator.lnk - C:\Program Files (x86)\Tim\Tim Communicator\Tim_ConnectionManager.exe


==== shortcuts in Users Start Menu ======================


C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\CopySafe PDF Reader.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CSPDFreader.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\Sample.lnk - C:\Program Files (x86)\CopySafe PDF Reader\Sample.ENC

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopySafe PDF Reader\User Guide.lnk - C:\Program Files (x86)\CopySafe PDF Reader\CopysafePDFreader.pdf

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\pci\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\pci\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\pci\AppData\Local\Popcorn Time\Uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\Program Files (x86)\The KMPlayer\KMPSetup.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\KMPlayer.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\Program Files (x86)\The KMPlayer\uninstall.exe

C:\Users\pci\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visagesoft\PDF Reader\Free eXPert PDF Reader.lnk - C:\Program Files (x86)\Visagesoft\pdfreader\vspdfreader.exe


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files (x86)\7-Zip\7zFM.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files (x86)\7-Zip\7-zip.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08\Tuner.lnk - C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\tuner.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AP Tuner 3.08\Uninstall.lnk - C:\Program Files (x86)\AP Tuner\AP Tuner 3.08\uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\DVDVideoSoft Free Studio.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free MP4 Video Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free MP4 Video Converter\FreeMP4VideoConverter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube to MP3 Converter.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk - C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Positivo Games.lnk - C:\Program Files (x86)\Positivo Games\AlawarArcade.exe -local

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 2050 J510 series\HP Deskjet 2050 J510 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe -Start UDCDevicePage

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Desinstalar HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk - C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Graphics and Media Control Panel.lnk - C:\WINDOWS\system32\GfxUI.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility\Intel® Driver Update Utility 2.0.lnk - C:\Program Files (x86)\Intel Driver Update Utility\DriverUpdateUI.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mundo Positivo\Positivo Conecta\Positivo Conecta.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Conecta\PositivoConecta.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mundo Positivo\Positivo Conecta\Positivo Livros.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Conecta\PositivoConecta.exe -bookstore

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática\Mundo Positivo Bateria.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática\Mundo Positivo Monitora.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática\Mundo Positivo Webcam.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática\Mundo Positivo\Mundo Positivo.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Positivo Informática\Positivo Fotos\Positivo Fotos.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk - C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tim\Desinstalar Tim Communicator.lnk - C:\Program Files (x86)\Tim\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tim\Tim Communicator.lnk - C:\Program Files (x86)\Tim\Tim Communicator\Tim_ConnectionManager.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader\save2pc on the Web.lnk - C:\Program Files (x86)\Youtube Downloader\save2pc.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader\Youtube Downloader.lnk - C:\Program Files (x86)\Youtube Downloader\youtube-downloader.exe


==== shortcuts in Quick Launch ======================


C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher (1).lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe www.123rede.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1428797872

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt (1).lnk - C:\WINDOWS\system32\cmd.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -


==== shortcuts After Repair ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\pci\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==== Reset IE Proxy ======================


Value(s) before fix:

"ProxyEnable"=dword:00000000


Value(s) after fix:

"ProxyEnable"=dword:00000000


==== Deleting Registry Keys ======================


HKEY_CURRENT_USER\Software\Policies\Google deleted successfully


==== Empty IE Cache ======================


C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\pci\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\pci\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

C:\Users\pci\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\Users\pci\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully


==== Empty FireFox Cache ======================


C:\Users\pci\AppData\Local\Mozilla\Firefox\Profiles\mpdn9vsv.default\Cache emptied successfully


==== Empty Chrome Cache ======================


C:\Users\pci\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\Users\pci\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=235 folders=122 47316691 bytes)


==== Empty Temp Folders ======================


C:\Users\Administrator\AppData\Local\Temp emptied successfully

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully

C:\Users\pci\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\WINDOWS\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\WINDOWS\Temp successfully emptied

C:\Users\pci\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on 24/05/2015 at 13:45:10,63 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.7.8 (05.23.2015:2)

OS: Windows 8.1 Single Language x64

Ran by Alan Lisboa on 24/05/2015 at 14:11:52,07

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





~~~ Services




~~~ Tasks


Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-4031994663-3122396859-3881797002-1001

Successfully deleted: [Task] C:\WINDOWS\tasks\DriverToolkit Autorun.job




~~~ Registry Values




~~~ Registry Keys




~~~ Files


Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERUPDATEUI.EXE-A933B2EF.pf




~~~ Folders


Successfully deleted: [Folder] C:\ProgramData\baidu security

Successfully deleted: [Folder] C:\Users\pci\AppData\Roaming\baidu security




~~~ Chrome


Successfully deleted: [Folder] C:\Users\pci\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 24/05/2015 at 14:32:21,08

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download dele neste site abaixo:

http://pt.kioskea.net/download/start/baixaki-16873-zhpcleaner

 

Para executá-lo corretamente siga as dicas desta postagem:

 

Tutorial completo do ZHPCleaner

 

Após a utilização dele, copie todo o conteúdo do seu relatório ZHPCleaner.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ele havia identificado uns 40 itens, mas quando coloquei reparar foram apenas 19.

 

 

 

 

 

~ ZHPCleaner v2015.4.26.191 by Nicolas Coolman (24/05/2015)
~ Run by Alan Lisboa (Administrator) (24/05/2015 15:19:39)
~ State version : Rede de arquivo
~ Type : Reparo
~ Report : C:\Users\pci\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\pci\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
~ Windows 81, 64-bit (Build 9600)
---\\ Serviços (2)
SUPRIMIDO : EsgScanner (PUP.EnigmaSoftware)
---\\ Navegadores de Internet (1)
MOVIDO pasta: C:\Users\pci\Desktop\SpyHunter.lnk [bad : C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe] (Crapware.SpyHunter)
---\\ Arquivo hosts (2)
SUBSTITUIDO:
Número de redirecionamentos encontrados 1/20
---\\ Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso foi encontrado.
---\\ Explorer ( Arquivos, Pastas) (9)
MOVIDO pasta: C:\WINDOWS\System32\DRIVERS\EsgScanner.sys (PUP.EnigmaSoftware)
MOVIDO pasta: C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [Enigma Software Group USA, LLC. - Service scanner interface] (Crapware.SpyHunter)
MOVIDO pasta: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [Enigma Software Group USA, LLC. - SpyHunter4 application] (Crapware.SpyHunter)
MOVIDO pasta: C:\WINDOWS\Prefetch\SPYHUNTER-INSTALLER.EXE-013F22BD.pf (Crapware.SpyHunter)
MOVIDO pasta: C:\WINDOWS\Prefetch\SPYHUNTER4.EXE-3B4E3201.pf (Crapware.SpyHunter)
MOVIDO arquivo: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)
MOVIDO arquivo: C:\ProgramData\Microsoft Toolkit (Trojan.AutoKMS)
MOVIDO arquivo: C:\WINDOWS\AutoKMS (Trojan.AutoKMS)
MOVIDO arquivo: C:\Users\pci\AppData\Roaming\Enigma Software Group (PUP.EnigmaSoftware)
---\\ Registro ( Chaves, Valores, Dados ) (7)
SUBSTITUIDO dados: [X64] HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BBF0A645-32E1-49E2-92A7-37BCD08B8DC6}\\NameServer [8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 (Not File)][] (Hijacker.Browser)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [C:\WINDOWS\System32\DRIVERS\EsgScanner.sys (Not File)] (PUP.EnigmaSoftware)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Not File)] (Crapware.SpyHunter)
SUPRIMIDO chave: [X64] HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe (Not File)] (Crapware.SpyHunter)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\EnigmaSoftwareGroup [] (PUP.EnigmaSoftware)
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SpyHunter [Enigma Software Group, LLC] (Crapware.SpyHunter)
SUPRIMIDO valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_748B02E6F428C49CCEC73891134AE0C8 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] (PUP.Vosteran)
---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Google Chrome)
~ Este navegador está faltando ! (Opera Software)
---\\ Estatísticas
~ Items scan : 840
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 19
End of clean at 15:20:00
===================
ZHPCleaner-[R]-24052015-15_20_00.txt
ZHPCleaner--24052015-15_17_53.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga as dicas abaixo para acessar o Log (relatório) do Malwarebytes:

Para isto abra o Malwarebytes > Clique no botão Histórico > Clique em Logs do Aplicativo > E dê um duplo clique com o botão esquerdo do mouse sobre o Scan Log mais atual para abri-lo. Isto é mostrado nesta imagem:

tutorial-do-malwarebytes-7.jpg

Na próxima tela que surgirá clique no botão Exportar > e clique na opção Arquivo texto (*.txt):
tutorial-do-malwarebytes-8.jpg

Na outra tela que vai aparecer dê um nome para este relatório (como LOG por exemplo) > Clique em Área de Trabalho (para que ele seja salvo no seu Desktop) > Clique em Salvar:

malwarebytes-tutorial-16.jpg

Clique em OK na próxima mensagem que aparece:

tutorial_do_malwarebytes_8.jpg


Depois disto é só postar este log do Malwarebytes em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware

www.malwarebytes.org


Data da Verificação: 24/05/2015

Hora da Verificação: 02:21:51

Arquivo de Log: log malwarebytes.txt

Administrador: Sim


Versão: 2.01.6.1022

Base de Dados de Malware: v2015.05.23.05

Base de Dados de Rootkit: v2015.05.16.01

Licença: Premium

Proteção de Malware: Habilitado

Proteção de Site Malicioso: Habilitado

Auto-Proteção: Desabilitado


SO: Windows 8.1

Processador: x64

Sistema de Arquivos: NTFS

Usuário: Alan Lisboa


Tipo da Verificação: Verificar Ameaça

Resultado: Terminado

Objetos Verificados: 471107

Tempo Decorrido: 50 min, 36 seg


Memória: Habilitado

Inicialização: Habilitado

Sistema de Arquivos: Habilitado

Arquivos Compactados: Habilitado

Rootkits: Habilitado

Heurística: Habilitado

PUP: Habilitado

PUM: Habilitado


Processos: 0

(Nenhum item malicioso detectado)


Módulos: 0

(Nenhum item malicioso detectado)


Chaves de Registro: 0

(Nenhum item malicioso detectado)


Valores de Registro: 0

(Nenhum item malicioso detectado)


Dados de Registro: 0

(Nenhum item malicioso detectado)


Pastas: 0

(Nenhum item malicioso detectado)


Arquivos: 0

(Nenhum item malicioso detectado)


Setores Físicos: 0

(Nenhum item malicioso detectado)



(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você usou só a verificação de ameaças, que não é tão completa. Siga as dicas abaixo para fazer a limpeza completa:

Como executar uma verificação personalizada com o Malwarebytes:

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Configurar Varredura:
tutorial-do-malwarebytes-1.jpg

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas todas estas opções:

Verificar Objetos na Memória
Verificar Inicialização e Registro
Verificar Arquivos Compactados
Verificar Rootkits


Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

Depois disto clique no botão Verificar Agora como mostra a imagem abaixo:
tutorial-do-malwarebytes-2.jpg

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

tutorial-do-malwarebytes-3.jpg

Assim que a verificação terminar, aparecerá a frase Verificação Personalizada completada com sucesso. Caso seu PC esteja seguro e sem ameaças, uma mensagem parecida com esta abaixo aparecerá informando que "Ameaças Identificadas: 0" (Ou seja: Nenhum ítem malicioso foi detectado). Neste caso tudo está certo, seu computador está normal e você clicará no botão Terminar:

tutorial-do-malwarebytes-4.jpg

Caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows com a frase Verificação Terminada - Malware Detectado na qual você clicará nela:

tutorial-do-malwarebytes-13.jpg

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Para remover a infecção, deixe todas as caixinhas marcadas em todos os itens que queira remover e clique no botão Remover Selecionadas, como mostra esta imagem:
tutorial-do-malwarebytes-14.jpg

Surgirá então uma outra tela parecida com esta abaixo informando que as ameaças foram enviadas à quarentena, na qual você clicará no botão Terminar:

tutorial-do-malwarebytes-15.jpg

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, aceite esta reinicialização pelo Malwarebytes.

Depois disto é só postar o novo Scan Log (log de verificação) que o Malwarebytes irá criar em sua próxima resposta:

tutorial-do-malwarebytes-7.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware

www.malwarebytes.org


Data da Verificação: 25/05/2015

Hora da Verificação: 13:00:50

Arquivo de Log: log malwarebytes.txt

Administrador: Sim


Versão: 0.00.0.0000

Base de Dados de Malware: v2015.05.25.05

Base de Dados de Rootkit: v2015.05.24.01

Licença: Premium

Proteção de Malware: Habilitado

Proteção de Site Malicioso: Habilitado

Auto-Proteção: Desabilitado


SO: Windows 8.1

Processador: x64

Sistema de Arquivos: NTFS

Usuário: Alan Lisboa


Tipo da Verificação: Verificação Personalizada

Resultado: Terminado

Objetos Verificados: 725072

Tempo Decorrido: 4 hr, 24 min, 2 seg


Memória: Habilitado

Inicialização: Habilitado

Sistema de Arquivos: Habilitado

Arquivos Compactados: Habilitado

Rootkits: Habilitado

Heurística: Habilitado

PUP: Habilitado

PUM: Habilitado


Processos: 0

(Nenhum item malicioso detectado)


Módulos: 0

(Nenhum item malicioso detectado)


Chaves de Registro: 0

(Nenhum item malicioso detectado)


Valores de Registro: 0

(Nenhum item malicioso detectado)


Dados de Registro: 0

(Nenhum item malicioso detectado)


Pastas: 0

(Nenhum item malicioso detectado)


Arquivos: 0

(Nenhum item malicioso detectado)


Setores Físicos: 0

(Nenhum item malicioso detectado)



(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo.

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_____________________________________________________________________________

 

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:

http://cjoint.com

 

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

 

Clique no botão Créer le lien Cjoint

 

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

________________________________________________________________________

 

:seta: Selecione e copie todo o texto destacado em vermelho abaixo (começando em script zhpfix e indo até emptyclsid)

 

script zhpfix

SysRestore

R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com

R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.top8844.com

R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com

R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.top8844.com

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd

O4 - HKUS\S-1-5-21-4031994663-3122396859-3881797002-1001\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd

O34 - HKLM BootExecute: (sdnclean64.exe) - File not found

[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Hacktool.AutoKMS

[MD5.2B24F194FC5B657397ECB2923A68350E] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [5503768]

[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core] (...) -- C:\Users\Alan Lisboa\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA] (...) -- C:\Users\Alan Lisboa\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [Game_Booster_AutoUpdate] (...) -- C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core] (...) -- C:\Users\Alan Lisboa\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [GoogleUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA] (...) -- C:\Users\Alan Lisboa\AppData\Local\Google\Update\GoogleUpdate.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [spyHunter4Startup] (...) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (.not file.) [0] =>PUP.EnigmaSoftware

[MD5.00000000000000000000000000000000] [APT] [{1A7A2A13-1488-4D94-A47A-E7A1D45DCCAA}] (...) -- C:\Positivo\Deskmedia\unins000.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{1A9365B6-5370-437D-A248-56750BBE3CA7}] (...) -- C:\Users\Alan Lisboa\AppData\Roaming\mystartsearch\UninstallManager.exe (.not file.) [0] =>PUP.StartSearch

[MD5.00000000000000000000000000000000] [APT] [{33F48EAB-61E9-409B-A6E8-DE262A526C16}] (...) -- C:\Users\Alan Lisboa\AppData\Local\WebPlayer\uninstall.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{8020635C-4E07-40B3-9468-8FF726BF8E12}] (...) -- F:\Setup.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{D1F49752-737E-4983-8395-F88CA4E17479}] (...) -- C:\Users\Alan Lisboa\AppData\Roaming\IDM\bin\chrome_uninstaller.exe (.not file.) [0]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core.job [914]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core [914]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA.job [936]

O39 - APT: FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA [936]

O42 - Logiciel: Youtube Downloader 4.62 - (.Youtube Downloader.) [HKLM][64Bits] -- Youtube Downloader_is1

[HKCU\Software\Baidu Security]

[HKCU\Software\Baixaki]

[HKCU\Software\youtube downloader]

[HKLM\Software\Wow6432Node\360Safe]

[HKLM\Software\Wow6432Node\Baidu Security]

[HKLM\Software\Wow6432Node\Baidu_Drp_pos]

[HKLM\Software\Wow6432Node\NetTcpHandler]

[HKLM\Software\Wow6432Node\NtSvcHandler]

O43 - CFD: 26/10/2014 - 11:13:16 - [] ----D C:\Program Files (x86)\PSafe

O43 - CFD: 23/03/2015 - 00:12:32 - [] ----D C:\Program Files (x86)\Youtube Downloader

O43 - CFD: 30/08/2013 - 15:14:48 - [] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 20/01/2014 - 15:17:50 - [] ----D C:\ProgramData\Log

O43 - CFD: 24/02/2014 - 23:40:03 - [] ----D C:\ProgramData\PSafe

O43 - CFD: 23/03/2015 - 00:12:33 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Youtube Downloader

O43 - CFD: 11/04/2015 - 01:43:51 - [] ----D C:\Users\pci\AppData\Roaming\NetService

O43 - CFD: 23/04/2015 - 19:04:54 - [] ----D C:\Users\pci\AppData\Roaming\RunDir

O43 - CFD: 25/02/2014 - 16:16:10 - [] ----D C:\Users\pci\AppData\Local\PSafe

O45 - LFCP:[MD5.72FB35904E6FB7C91401B6CD2419EDEF] - 14/04/2015 - 11:36:48 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-29CFB4F2.pf =>Crapware.SpyHunter

O45 - LFCP:[MD5.8FCD3E3243CAB451B371BF6DDBA3A256] - 13/04/2015 - 21:41:16 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA32.EXE-3D256F77.pf =>Crapware.SpyHunter

SS - | Disabled 20/03/2015 211824 | (NetTcpHandler) . (.QNT.) - C:\Users\pci\AppData\Roaming\NetService\netservice.exe

C:\Program Files (x86)\YouTube Downloader =>PUP.Dealio

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader =>PUP.Dealio

ShortcutFix

EmptyTemp

EmptyFlash

emptyclsid

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta.

 

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

 

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015

Fichier d'export Registre :

Run by Alan Lisboa at 01/06/2015 23:29:12

High Elevated Privileges : OK

Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)


Reciclagem vazia (00mn 06s)

Reparação de atalhos do navegador


========== Softwares ==========

ELIMINÉ: Youtube Downloader 4.62


========== Processo memória ==========

AUSENTE Memory Process: O34 - HKLM BootExecute: (sdnclean64.exe) - File not found


========== Chaves do Registo ==========

ELIMINÉ: HKCU\Software\Baidu Security

ELIMINÉ: HKCU\Software\Baixaki

ELIMINÉ: HKCU\Software\youtube downloader

ELIMINÉ: HKLM\Software\Wow6432Node\360Safe

ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security

ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos

ELIMINÉ: HKLM\Software\Wow6432Node\NetTcpHandler

ELIMINÉ: HKLM\Software\Wow6432Node\NtSvcHandler

ELIMINÉ: Service: NetTcpHandler


========== Valores do Registo ==========

ELIMINÉ RunValue: SynTPEnh

ELIMINÉ RunValue: CCleaner Monitoring


========== Elementos dos dados do Registo ==========

ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page

ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page

ELIMINÉ: R1 Search Page = www.top8844.com?oem=smtov3&uid=S2SKJ5EC906954_ST500LM012HN-M500MBB&tm=1429826701


========== Pastas ==========

Nenhuma pasta CLSID local utilizador vazia


========== Ficheiros ==========

ELIMINA REINICIAR: c:\program files\ccleaner\ccleaner64.exe

ELIMINÉ: c:\windows\prefetch\wisecustomcalla31.exe-29cfb4f2.pf

ELIMINÉ: c:\windows\prefetch\wisecustomcalla32.exe-3d256f77.pf

ELIMINÉ Temporários windows (125) (41.076.670 octets)

ELIMINÉ Flash Cookies (0) (0 octets)


========== Tarefa planificada ==========

ELIMINÉ: AutoKMS

ELIMINÉ: AutoKMS

ELIMINÉ: CCleanerSkipUAC

ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core

ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA

ELIMINÉ: Game_Booster_AutoUpdate

ELIMINÉ: GoogleUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001Core

ELIMINÉ: GoogleUpdateTaskUserS-1-5-21-4031994663-3122396859-3881797002-1001UA

ELIMINÉ: SpyHunter4Startup

ELIMINÉ: {1A7A2A13-1488-4D94-A47A-E7A1D45DCCAA}

ELIMINÉ: {1A9365B6-5370-437D-A248-56750BBE3CA7}

ELIMINÉ: {33F48EAB-61E9-409B-A6E8-DE262A526C16}

ELIMINÉ: {8020635C-4E07-40B3-9468-8FF726BF8E12}

ELIMINÉ: {D1F49752-737E-4983-8395-F88CA4E17479}


========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso



========== Recapitulativo ==========

1 : Processo memória

9 : Chaves do Registo

2 : Valores do Registo

3 : Elementos dos dados do Registo

1 : Pastas

5 : Ficheiros

1 : Softwares

14 : Tarefa planificada

1 : Restauração Sistema



End of clean in 06mn 13s


========== Caminho do ficheiro do relatório ==========

C:\Users\pci\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/06/2015 23:29:19 [2951]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra novamente o ( ZHPDiag )

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Clique "COMPLETA" e aguarde a conclusão:

 

tutorial_zhpdiag_1.jpg

 

|- Ao concluir, poste o relatório ZHPDiag.txt

 

zhpdia11.png

_______________________________________________

 

Obs: Caso o relatório do ZHPDiag fique muito grande e não couber na sua resposta, acesse o site Cjoint:

http://cjoint.com

 

Clique no botão Escolher arquivo > Selecione o arquivo do log (relatório) e clique no botão Abrir.

 

Clique no botão Créer le lien Cjoint

 

Copie o link que aparecerá ao lado da frase Le lien a été créé e poste este link em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale o ZHPDiag, baixe ele novamente e o execute. Veja se assim ele executa normalmente, aí é só postar o relatório dele.

 

Se mesmo assim não for possível, me avise por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.