Ir para conteúdo

FranciscoNarde

  • Postagens

    5
  • Desde

  • Última visita

Últimos Visitantes

O bloco dos últimos visitantes está desativado e não está sendo visualizado por outros usuários.

  1. FranciscoNarde

    Infectado com o malware "Goto.maxdealz.com Search Redirect"

    Muito obrigado pela assistência, Mr.Million. Irei recomendá-los sempre. Abraço.
  2. FranciscoNarde

    Infectado com o malware "Goto.maxdealz.com Search Redirect"

    C:\Users\All Users\Blogger\Blogger.exe multiple threats C:\Users\All Users\dlzzschoizmhuh\lkwfhu.vbs VBS/CoinMiner.KS trojan C:\Users\All Users\dlzzschoizmhuh\xqtehdd.vbs VBS/CoinMiner.KS trojan C:\Users\Narde\AppData\Local\Temp\nsqF481.tmp\xZaNzxuQKtQ.dll a variant of Win32/Adware.Zdengo.AZZ application C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe Win32/OpenCandy.J potentially unsafe application C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.3_44428.exe a variant of MSIL/WebCompanion.A potentially unwanted application C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\Lavasoft.Utils.dll a variant of MSIL/WebCompanion.D potentially unwanted application C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\Lavasoft.WCAssistant.WinService.exe a variant of MSIL/WebCompanion.D potentially unwanted application C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\WebCompanion.exe a variant of MSIL/WebCompanion.D potentially unwanted application C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\WebCompanionInstaller.exe a variant of MSIL/WebCompanion.C potentially unwanted application C:\Users\Narde\Downloads\Baixaki_fb-checker [1].exe a variant of Win32/InnovativeSolutions.A potentially unwanted application C:\Users\Todos os Usuários\Blogger\Blogger.exe multiple threats C:\Users\Todos os Usuários\dlzzschoizmhuh\lkwfhu.vbs VBS/CoinMiner.KS trojan C:\Users\Todos os Usuários\dlzzschoizmhuh\xqtehdd.vbs VBS/CoinMiner.KS trojan C:\Windows\Temp\nsb1BC0.tmp\xZaNzxuQKtQ.dll a variant of Win32/Adware.Zdengo.AZZ application D:\Meus documentos\Documentos\Instaladores\aTubeCatcher.exe a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application D:\Meus documentos\Documentos\Instaladores\PlayStorePRO_v13.3.4.apk a variant of Android/Autoins.C potentially unsafe application D:\Meus documentos\Documentos\Instaladores\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application D:\Meus documentos\Documentos\Instaladores\Windows-movie-maker-2016.exe a variant of Win32/Hoax.MovieMaker.A application D:\Meus documentos\Documentos\Instaladores\Manga Studio EX 5.0.3 WIN+MAC+Materials - by X-FORCE\Manga Studio EX 5.0.3 Windows.7z a variant of Win32/Keygen.HA potentially unsafe application D:\Meus documentos\Documentos\Instaladores\Manga Studio EX 5.0.3 WIN+MAC+Materials - by X-FORCE\Windows\xf-sms502ex.exe a variant of Win32/Keygen.HA potentially unsafe application C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RNTS205.rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application deleted C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RDL1NEL.Multilingual-iCV-CreW\Fix\Adobe CC 2015 Universal Patcher 1.5\adobe.snr.patch-painter.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application cleaned by deleting C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RDL1NEL.Multilingual-iCV-CreW\Fix\Adobe CC 2015.5 XFORCE Activation\Keygen_XF-adobecc2015.exe a variant of Win32/Keygen.HA potentially unsafe application cleaned by deleting C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RDL1NEL.Multilingual-iCV-CreW\Fix\amtemu.v0.9.1.win-painter\amtemu.v0.9.1-painter.exe Win32/HackTool.Crack.FS potentially unsafe application cleaned by deleting C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMaker.exe a variant of Win32/Hoax.MovieMaker.A application cleaned by deleting C:\ProgramData\Blogger\Blogger.exe multiple threats cleaned by deleting C:\ProgramData\dlzzschoizmhuh\lkwfhu.vbs VBS/CoinMiner.KS trojan cleaned by deleting C:\ProgramData\dlzzschoizmhuh\xqtehdd.vbs VBS/CoinMiner.KS trojan cleaned by deleting C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp\3.15_0\js\jquery.js JS/Chromex.Agent.AP trojan Meu PC está funcionando normalmente. Tudo ok aparentemente. O malware não apareceu mais.
  3. FranciscoNarde

    Infectado com o malware "Goto.maxdealz.com Search Redirect"

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 09/08/18 Hora da análise: 16:30 Arquivo de registro: ade5e47e-9c0a-11e8-beb6-000000000000.json Administrador: Sim -Informação do software- Versão: 3.5.1.2522 Versão de componentes: 1.0.391 Versão do pacote de definições: 1.0.6277 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: Narde-PC\Narde -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 266485 Ameaças detectadas: 296 Ameaças em quarentena: 296 Tempo decorrido: 31 min, 31 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 23 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\REIMAGEUPDATER, Quarentena, [1366], [327190],1.0.6277 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{775AA926-907A-45A7-9C07-AA3927557007}, Quarentena, [1366], [327190],1.0.6277 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{775AA926-907A-45A7-9C07-AA3927557007}, Quarentena, [1366], [327190],1.0.6277 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C6393780-D69B-4C25-89D3-673DE7E96BCA}, Quarentena, [248], [308968],1.0.6277 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C6393780-D69B-4C25-89D3-673DE7E96BCA}, Quarentena, [248], [308968],1.0.6277 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered ferid, Quarentena, [248], [308968],1.0.6277 PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarentena, [245], [476595],1.0.6277 PUP.Optional.SearchManager, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarentena, [245], [476595],1.0.6277 PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarentena, [245], [476595],1.0.6277 PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarentena, [245], [260991],1.0.6277 PUP.Optional.SearchManager, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarentena, [245], [260991],1.0.6277 PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarentena, [245], [260991],1.0.6277 PUP.Optional.vSnapShot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ThevSnapshotService, Quarentena, [4378], [495669],1.0.6277 Trojan.Agent.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System\SystemChecks, Quarentena, [1136], [537823],1.0.6277 Trojan.Agent.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [537823],1.0.6277 Trojan.Agent.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [537823],1.0.6277 Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System\SystemChecks, Quarentena, [1136], [-1],0.0.0 Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [-1],0.0.0 Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [-1],0.0.0 PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, Quarentena, [272], [550469],1.0.6277 PUP.Optional.vSnapShot, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{F772C08E-9F61-45c6-982F-ADDEEE0D0407}, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.Reimage, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarentena, [1366], [327205],1.0.6277 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [453], [-1],0.0.0 Valor de registro: 7 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{775AA926-907A-45A7-9C07-AA3927557007}|PATH, Quarentena, [1366], [332365],1.0.6277 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C6393780-D69B-4C25-89D3-673DE7E96BCA}|PATH, Quarentena, [248], [308967],1.0.6277 Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0 Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0 Dados de registro: 1 PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|START PAGE, Substituído, [248], [293461],1.0.6277 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 39 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Temp\20180808_0348\DownloaderTemp, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Temp\20180808_0348, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Temp, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\REI, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\629518291, Quarentena, [406], [463480],1.0.6277 PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE, Quarentena, [4548], [443706],1.0.6277 PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\630382692, Quarentena, [406], [463480],1.0.6277 PUP.Optional.vSnapShot, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\vSnapshot\dump, Quarentena, [4378], [495671],1.0.6277 PUP.Optional.vSnapShot, C:\Windows\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\VSNAPSHOT, Quarentena, [4378], [495671],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\browsericons, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\de, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\en, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\es, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\fr, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_metadata, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\lib, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, Quarentena, [272], [550469],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\USERS\NARDE\APPDATA\LOCAL\{6416524A-40BE-3EF2-2D26-1B1A094EE782}, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\UPDData, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\PROGRAM FILES (X86)\VSNAPSHOT, Quarentena, [4378], [495664],1.0.6277 Arquivo: 226 Trojan.Downloader, C:\PROGRAMDATA\1.exe, Quarentena, [856], [198764],1.0.6277 Trojan.Downloader, C:\PROGRAMDATA\2.exe, Quarentena, [856], [198764],1.0.6277 PUP.Optional.Reimage, C:\REI\AV\HBEDV.KEY, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\cacert.crt, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\msvcr120.dll, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\productname.dat, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\savapi.exe, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\savapi_restart.exe, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\savapi_stub.exe, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\AV\xbvRei.vdf, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\debug-repair-2.log, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\debug-repair.log, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\Info_EnvironmentVars.res, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\Info_Installed.rec, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\JunkScanRes.xml, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\out.log, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\RegistryScanRes.xml, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\StabilityScanRes.xml, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\Temp\20180808_0348\ApplicationList.ini, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\About.txt, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\cfl.rei, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\QRes.rei, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\rei1874nvt.ini, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\reimage.qsr, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, Quarentena, [1366], [327187],1.0.6277 PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarentena, [248], [254335],1.0.6277 PUP.Optional.Reimage, C:\Windows\SYSTEM32\TASKS\REIMAGEUPDATER, Quarentena, [1366], [327190],1.0.6277 PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\629518291\ic-0.46a9e60dde1a7c.exe, Quarentena, [406], [463480],1.0.6277 PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\629518291\dlreport, Quarentena, [406], [463480],1.0.6277 PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\629518291\ic-0.5af5f0e381b3b.exe, Quarentena, [406], [463480],1.0.6277 PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\629518291\ic-0.f454bcb5c9c4c.exe, Quarentena, [406], [463480],1.0.6277 PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE\CONF.DB, Quarentena, [4548], [443706],1.0.6277 PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\630382692\ic-0.08dbc4b815206c.exe, Quarentena, [406], [463480],1.0.6277 PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\630382692\dlreport, Quarentena, [406], [463480],1.0.6277 PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\630382692\ic-0.6dac169cc2ef54.exe, Quarentena, [406], [463480],1.0.6277 PUP.Optional.vSnapShot, C:\Windows\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\VSNAPSHOT\DUMP\BUGREPORTCONFIG.INI, Quarentena, [4378], [495671],1.0.6277 PUP.Optional.SearchManager, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [245], [476595],1.0.6277 PUP.Optional.SearchManager, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [245], [260991],1.0.6277 Trojan.Agent.TskLnk, C:\Windows\SYSTEM32\TASKS\System\SystemChecks, Quarentena, [1136], [537823],1.0.6277 Trojan.Agent.TskLnk, C:\USERS\PUBLIC\LIBRARIES\CHECKS.VBS, Quarentena, [1136], [537823],1.0.6277 Trojan.Agent.TskLnk, C:\Windows\SYSTEM32\TASKS\System\SystemChecks, Quarentena, [1136], [-1],0.0.0 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.eot, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.svg, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.woff, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-book.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-bookitalic.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-light.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-lightitalic.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-medium.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-mediumitalic.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-semibold.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-semibolditalic.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\fontawesome-webfont.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\segoeui.ttf, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\auto-complete.css, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\flexbox.css, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\new-tab.css, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\normalize.css, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\roboto.css, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\browsericons\icon19.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\browsericons\icon38.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\abstract_default.jpg, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\adaware_secure_search.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\animals_default.jpg, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\dot.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\dot_color.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\dropdown_arrow.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\icon_128.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\icon_16.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\icon_check.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\magnifier_icon.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\nature_default.jpg, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\settings_icon.png, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\urban_default.jpg, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\lib\auto-complete.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\lib\publicsuffixlist.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\adaware-telemetry.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\adaware-utils.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\background.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\i18n.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\load-new.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\messaging.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\new-tab.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\pagestore.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\polyfill.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\start.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\storage.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\tab.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\traffic.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\uritools.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\vapi-background.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\vapi-client.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\vapi-common.js, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\de\messages.json, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\en\messages.json, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\es\messages.json, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\fr\messages.json, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_metadata\verified_contents.json, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\background.html, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\LICENSE.txt, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\load-new.html, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\manifest.json, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\new-tab.html, Quarentena, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [272], [550469],1.0.6277 PUP.Optional.DefaultSearch, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [272], [550469],1.0.6277 MachineLearning/Anomalous.100%, C:\Windows\MJCXNGU.EXE, Quarentena, [0], [392687],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\USERS\NARDE\APPDATA\LOCAL\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\chromium-min.jpg, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\control panel-min-min.JPG, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\down.png, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\ff menu.JPG, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\ff search engine-min.png, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\hp-min ff.png, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\hp-min ie.png, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\search engine.gif, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\setup pages.gif, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\sp-min.png, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\start-min.jpg, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\up.png, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\camafare, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\install.log, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\linamot.dat, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\locecefo, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\ritenocet, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\sanamaset, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\sitiramot.dat, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\Sqlite3.dll, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\ticate.dat, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\tolifi, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\uninst.dat, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\uninst.exe, Quarentena, [3725], [542290],1.0.6277 PUP.Optional.vSnapShot, C:\PROGRAM FILES (X86)\VSNAPSHOT\1.2.0.0\UPDATA.INI, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\MainFrame.xml, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\PopupFontSize.xml, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\PopupLineType.xml, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\PopupTrayMenu.xml, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\ToolBar.xml, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_linetype_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_list.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_list_font_size.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_option.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_option_triangle.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_bold.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_brush_l.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_brush_m.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_brush_s.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_italic.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_list.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\color_swatches.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\color_swatches_l.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\icn_check_grey.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\icn_check_white.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\icn_list_drop.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_1.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_2.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_3.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_4.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_blur.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_input_error.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_input_focused.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_input_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_popup.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_setting.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_cancel_clicked.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_cancel_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_cancel_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_save_clicked.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_save_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_save_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\dimmed_bg.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\icn_error.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\bg_toolbar_narrow.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_cancel.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_complete.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_save.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_undo.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_arrow.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_brush.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_eclipse.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_mosaic.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_rectangle.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_text.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\bg_menu_clicked.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\bg_menu_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\bg_tray_menu.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\exit.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\icn_open.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\icn_shortcut.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_core.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_core_big.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_function_clicked.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_function_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_close_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_close_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_close_pressed.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_min_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_min_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_min_pressed.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_shortcut_clicked.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_shortcut_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_shortcut_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_conflict.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_custom_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_custom_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_printscreen_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_printscreen_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_region_hover.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_region_normal.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\logo.png, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\UPDData\History.dat, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\CrashReport.exe, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\CrashReportModuleConf.ini, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\CrashUL.exe, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\InstallHelper.exe, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\Report.exe, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\Roboto-Regular.ttf, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\Updata.dll, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshot.exe, Quarentena, [4378], [495664],1.0.6277 PUP.Optional.Reimage, C:\USERS\NARDE\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\REIGUARD.EXE, Quarentena, [1366], [327181],1.0.6277 PUP.Optional.Reimage, C:\USERS\NARDE\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\REIMAGEPACKAGE.EXE, Quarentena, [1366], [331559],1.0.6277 PUP.Optional.Reimage, C:\USERS\NARDE\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\REIMAGEREPAIR.EXE, Quarentena, [1366], [331559],1.0.6277 PUP.Optional.InstallCore, C:\USERS\NARDE\DOWNLOADS\BAIXAKI_FB-CHECKER.EXE, Quarentena, [398], [324268],1.0.6277 Adware.Wajam, C:\Windows\MJCXNGU.EXE, Quarentena, [453], [548516],1.0.6277 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:25:07, on 09/08/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18015) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Windows\SysWOW64\WTClient.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180809 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E7CBF322B6233F0A4CB19C2626926271] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize O15 - Trusted Zone: http://*.webcompanion.com O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Serviço do %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6311 bytes
  4. FranciscoNarde

    Infectado com o malware "Goto.maxdealz.com Search Redirect"

    ~ ZHPCleaner v2018.8.6.157 by Nicolas Coolman (2018/08/06) ~ Run by Narde (Administrator) (08/08/2018 23:04:44) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Narde\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Narde\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (1) CLOSED : ReimageRealTimeProtector =>.SUP.ReimageRepair ---\\ Browser internet (1) DELETED: [93360peu.default] - user_pref("browser.newtabpage.blocked", "{\"IN6Ib5wmCPgzy1LosioGsA==\":1,\"XfUS9uRaSANyPPOryIuagA==\[...] =>PUP.Optional.Shopperz ---\\ Hosts file (0) ~ No malicious or unnecessary items found. ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (570) MOVED file: C:\Users\Narde\Desktop\µTorrent.lnk [Bad : C:\Users\Narde\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Narde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Narde\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk [Bad : C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe](.Reimage.) =>.SUP.ReimageRepair MOVED file: C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [Reimage® - Reimage Real Time Protection] =>.SUP.ReimageRepair MOVED file: C:\Users\Narde\Desktop\ReimageRepair.exe [Reimage - Reimage Downloader] =>.SUP.ReimageRepair MOVED file: C:\Users\Narde\AppData\Local\Temp\Reimage.log =>.SUP.ReimageRepair MOVED file: C:\Users\Narde\AppData\Local\Temp\ReimagePackage.exe [Reimage - Reimage Package] =>.SUP.ReimageRepair MOVED file*: C:\Program Files (x86)\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion MOVED file: C:\Windows\Reimage.ini =>.SUP.ReimageRepair MOVED file*: C:\Windows\SysWOW64\SSL =>Trojan.Agent MOVED file*: C:\ProgramData\Lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion MOVED folder: C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocinjdjondmhheihhgkbmjkofmomnppd =>.SUP.WonderfulWeather MOVED folder^: C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocinjdjondmhheihhgkbmjkofmomnppd =>.SUP.WonderfulWeather MOVED folder: C:\Users\Narde\AppData\Roaming\vSnapshot =>.SUP.vSnapshot MOVED folder: C:\Program Files (x86)\WeatherTool =>PUP.Optional.WeatherTool MOVED folder: C:\Program Files (x86)\Webteh =>.SUP.ABTeam MOVED folder: C:\Program Files\Reimage =>.SUP.ReimageRepair MOVED folder: C:\ProgramData\Reimage Protector =>.SUP.ReimageRepair MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair =>.SUP.ReimageRepair MOVED folder: C:\Windows\System32\config\systemprofile\AppData\Roaming\WeatherTool =>PUP.Optional.WeatherTool MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign003e3047590a7bfd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign00fe11655f451204 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign01e5efb34647db65 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign020dd9d488602be5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign021f514ae62baec5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0229aeee9ac451c9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign029f8a0475065369 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign02a67fc04d13cd0a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign02c20125ac9fd19a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign02e3c81dc9eaaa7f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0323bedff7b9cc02 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign046904a27b7f7f4a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign04ca5a3995802428 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign04eb8f119491cf14 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign059dd892919fb3ac =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign05f2e74ab9d2c318 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign060c49624a894776 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0634ba58c3db658f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign06583cbed6fe622e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign06c0869a3b357711 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign06ec5812228958a2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign071609f284ccfdcf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0745052591c961fb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign07975f63408b7d9c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign07d7a7c5fd7c81ba =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign081aa22a4b3c30e1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0927dccf7a9b6785 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign09ac2dd6be11fed6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0a07a7cc1073757c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0ae5978990243eec =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0ae9ae31114d0dbf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0b08681b6c17e38c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0b105453a1806994 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0b2723104c01d3bf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0c0c87d3dd2d5981 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0c89aa18e01c5e08 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0c975258ef2a3155 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0d1a97a5ef61187a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0d892168a8678d87 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0d91166738a0c758 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0e501b9c5fb0dbb8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0e62b47cf83e2cff =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0f27c406fd948cf9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0fe43dc83f4a4224 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1081ec1ba5c24a5d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign10b33a4b632251fb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign10f58e8718021e22 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign11b11068640191b0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign11c2b135ca5a7343 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign11e178fb0403b2d3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1203177dc9498510 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign12ae71a1ce328348 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign12f7b8b99d2900e7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign13f1a755c18324e0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign141f092c11618349 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign142bb14c2cc7109c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign165bce5fae207f01 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign16c6bec025a3f2af =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign176a517afa718876 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign176a6f260676fe0d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign177587d7d8998c41 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign180b1f9201eb1ba7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign181187e0e6cb8bf9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1818e58b548beec2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign186651593489acee =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1921ce7f55bc7fcf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign19d349c4ff170140 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1ab36ac157a67ab7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1b123b54549c98d3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1ce9888254bae1a9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1cf82e65b74cd837 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1d7fccd9dae5d1e4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1d9e84641cacd078 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1dbebf414e4795ea =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1e85b86664524c1f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1eb06e5297856c01 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1f4bd61aff4be792 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1f8b8c0dcc14090c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign20efc6c42f8b7f31 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign21a913825955afb4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2299ec7995e80379 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign231b8874388ea496 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign235c11a3759ba6ed =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign23845337873b72ac =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2420ae10f2d733f4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign243cefbcb3e7a3e1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign24a2809c0607cdf0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2511ad2672717e13 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign259c0fce4a933fc2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign265d3f9c8c986929 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2758ef087f20f782 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign27a50a38cd382f89 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign28068b5445dc1d9f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign281285b0fcdc4795 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign286bc033dbbc2ed6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign286d54b1076a33b4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2896f0071864d931 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign298003bc1d44b482 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2b007e1770bc768d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2b54a46fc26785ad =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2ba7291af81e49be =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2c58102366114523 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2d36d3b92d93031d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2e2f93738d30e41b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2e8829e4e6d3231d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2ecb464f82839fd4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2feec41b23acf1af =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3096c125dbc18540 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign30991ab803535365 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign30b1db89fde5276a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign30c8f1666571f691 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign31032831c34c9be2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign32101f97ad939a53 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3214c8491581c6b7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign326b506a6d0c9a54 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign32d46925986dd12c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign335573bb7c17bd1a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign339d01107b69e1d0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign33cb0bbd322bab0f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign34d565bf874a7e98 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign350b6e699fbb8733 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign35390278492fc716 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign355ddb49245f92aa =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign363ac759a1e82e7a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign36b28b55d961fe24 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign37192762223e1514 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign375c026f530654ea =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign376cd8231423fc40 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign378fbaab4562f26f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign37fe271fa03c3955 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign383ddfe62f175884 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign387f6dfc47b1d8c3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign38928c6b72a5482e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign390064b365c0f16e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3997aaf26151c9c4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3a92886db55ac3fc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3ac1e756d438a88e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3b1ab1a0f59f99bd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3b654b2d68435d2b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3cd866469ad77bbe =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d21fda7e40d87bb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d5ac0ec747092c4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d5d1c3cdc1c5563 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d70eb2cea39e3d0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3e1317e2bcda5638 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3ed57874a9ed41a1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign40c961aa280ee5f4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign40fb6682bfdd9296 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign418da5863cf7f28e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign419c070a11f97bb7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign43871a079d797f0e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign44138a1803862dcf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign451be9fb7af620d1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign455697f1d0a7bd53 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign45cc8f087a3a46ce =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign45ef842a355540ec =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4757f82f1a53c43d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign47773f0027678413 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign48edfada9bc8cddf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign499d4183e900980c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4a130dc877547eb5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4a675bda4c0faaf2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4b6935f3f5307b37 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4d445e0e754f3860 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4d47dd0f1eae3318 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4e34df686a7c3959 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4e762cb2cb3dbba9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4ec7460bcee75b91 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4f4c36b013d36836 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4fa13b6135912559 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4fe6f86fe85466b3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign50b77011682d0682 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign51d5ad8187ace299 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign51e8254b0cef668d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign51ffd5c4af09835b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign524dcdf7c09d122d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign52a692178dd261e1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign531b100ab2e9cf46 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign532aca69bb61b5f1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign536c33bb55f9ea6d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign53eba998731625e7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign53ec090b325f3fdb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5415e4ec2cd70644 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign554f64d9b5ec7c0f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign55604fb7f220a68d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign55b609b1c38295bf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign55ba30dc9781871e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5611bdaec85b76d5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign57026cda971d1041 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5705c6f3ca3b9f63 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign57a409199df9edcc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign57da929d7bd00387 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59565dc0a751b6e0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59be28c9e4fca98b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59d98014098b6e58 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59ee7bbd9c3ad580 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5afaa82a04cb960c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5b36d8d2b7a56da7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5bd1ffd54503da5a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5c087938a8f4c191 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5c59a09b231ab370 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5cf56c3cce5b8211 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5d05cd98af669fc3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5d533937b73349d2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5ddf49ea9411093c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5e903b78d562707e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5ed6786cdf64075e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5ee041bc3d365ddb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5f1734c2e46cced4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5f44c9baef52b483 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5f71003244924828 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign605a0e15113e08fd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign606142091c716a25 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign606aecc6a8b40828 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign607f3008ae49efcd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign60c7c34f78fcf5cd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6156cd294c496a7e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign62b712ee18e84615 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign63591920f323d18d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign638ab90437b7a874 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign63a589558b44a34b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign63e93591c1631ad5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign64ec7042ec0f23cf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign65293964c20a8598 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign652dd37c12d9ac80 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign65a681e1b55eb967 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign66d672e496ace553 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6736191617a71ea5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign67bcf578924095e6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign682d415c18024427 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign682e915430f75d7b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign68a3893defcd8260 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign68d8fe873cd315ee =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign68e0c60aa70c5419 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign692883a59029d011 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6a088d92e4c7446c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6a0e6e98beda906d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6a80901d5baa37f7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6abb92c25223d02b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6ad8d65fdcf7f6e4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6afe3cd6e305fe25 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6b5d87627093683c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6b735ca97c343591 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6ba355f61bef5f6d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6be3bb41179dd660 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6cd3edbb3409687a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6d57e97fdd062c8d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6de52b5bba6e842e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6e308fee7034e3c0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6f95a019ed40ace0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6fd7a4e8e21aaf28 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign70fbe3946a40d308 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7226bf6dc04f46e7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7240f34268bd3443 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign728688aaa3783a75 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73389f93c5311e34 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign736e3dbddd1811a2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7376b77a62ce83fe =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73b8e11988d8c3c2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73f437b28aea1efc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73f89dc686969cf2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73ff6059c5e5ba3d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign751cbe412246ea5d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign75c85c7f93e7ae93 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign75deb91204a10e2d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign76a32490b1dab9d4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign774c71e215d80977 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign77b4cd60837225df =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign77cf0f551ed3f558 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign78241eb11b74c141 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign78443c7e5ae75a6e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7970dd68a4cea15e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign79c258828909347a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7a233f5e76259e1a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b09b5dd22318fdd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b3fd04da3b6b97a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b526c255c0d1a3b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b663d9bc3b2c485 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7c1e9b52004796bf =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7c70fab76a5f3155 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7c85513d6893169c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7cb6c8e1b1cd157b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7e7c39f165ab08d2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7e82640188e61b8a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7ea471303458e602 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7eda02a95b6a0f0a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7f295cd78284408c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7fbd1cfe2a2f31a2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign80450dade3d1287d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8084a4d83292b54e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign80fa6e3b7d9c8c61 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign811e66ecf868cb9f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign814c40e1f76b88f3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign81a7665b2ad39c76 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign81b34f19e527d5a6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign825e3de505419f3d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign828471b4dd855b66 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign82a3bd79f2351a24 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign835febfa4e86fcf1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign84369af0ebf7c8ab =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign84cdbb11d4864c29 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign852889d37b6b1596 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign85e58ed1b46a76f5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign867dd1d0e3450c0b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8695af4588031f3a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign86a22268eea4b1ed =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign87c62840b1b75e54 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign882bdd46c494ad94 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8865c62a7735314e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8943db27bbee6583 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign89af654575f55d6f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ad428efa7210be0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ae8573261dc0075 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8b55d82e58ed5e9e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8bef11fbf1cb1b7e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8c4d93b7539774e8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8cbdc8ed23899fc5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ccb0879d7b44608 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8cf5c5aa60d51056 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d0d9dab2dd83db2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d2cd85b3f4baa5b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d3cba19e4501586 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d5ad9493c653427 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8e1eec751c020a01 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8e682c72de318039 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ead073dc4deb8b4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8f0d3de51ec7edd6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8f4cc6ddd52d5b9e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8fe5c32c063a1c22 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign901d41c444db4eae =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign90c527d39b9464be =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign915c93ead831443b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9169239e436f646a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign91af22b73547cd74 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign91bd98f1188f6c3d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign923c41d7881c10e2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign923f00ceed958459 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign92c63b24d0524acd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign939239492deb8fcc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9479aa6728da68ff =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign948a15b844520897 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign94aceea0d6cf9bfb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9584ba9e1de268a5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign96165dc7f634b79e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign961f9ee5bd7416d2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign963fc54eec053e6d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign96e70b91f83e9f0b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign96ec58e5b1e68d90 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign984864261bea6038 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign98b1061b9c8d2d4e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9983daf60662ee61 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9a98af4a648b6ba5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9ae8c87722913435 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9b186ee0fa32ac5e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9b949be5acb024cd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9c2901a54ce39cee =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9ca42d869a09d804 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9d679e55f2bdbdfa =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9edb8e302ff9238a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9f02ae5bf3658e7d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9f8bd2529966bb0c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna0cdbc22f5fc0733 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna0ff498ebd3b2152 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna2064fda3b42b103 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna241fee3bb4834bb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna2bcc24612028987 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna3966db1f6b00670 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna3bc95db92bfc447 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna3e9442ec9d87511 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna42af60312753fa5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna44e1418d6207f92 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna54ee45b8a36427e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna694aaf8e1c1d15a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna756ea6d0fb1010b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna775ddc3419d998b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna80ef01cb3565d98 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna8731d6db19925ea =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaa26f29025ed5e3e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaa5d35ae77e428c2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignab0d746ea53959cc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignab2ec0f7856ab1be =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignab93163e382b9a15 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignabc11eec8c4736f6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignacd23b4c4f011a88 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignacda65fe4eaad0e6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignad845095c6e23934 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaf080b7b8f62b474 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaf5e0c5512971770 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignafae4f1cc2942699 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignafda08fcde815e79 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb05ab66fe68cb777 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb09c6d9edcfc4842 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb14492e9f633e324 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb16d0bf888afc689 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb210882e4eb039e8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb226cb42d2df1fcb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb2443f8b7762c259 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb29c4f4967a70d21 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb3085f93787f0012 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb313f8e13ff96f68 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb3455a7a71ba1078 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb3eea5c73f641532 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb69e825961abf462 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb91786d8dee50209 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbae98ce54738e63c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbb4e460228b5a16a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbc8b7f4b1ed6fafe =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbce775cad93e9135 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbd7153fd4971e835 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbe985e041e7dd0f2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbebf4e3b1e747731 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbec315649cc96a9c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbf46920f831b0628 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbf8c783822fd6af8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc04368ff430a6080 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc0b0bace03f0d6b6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc10ed399e0c62967 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc42f2a123c2665af =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc4c34965e326baf8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc4e55e3a7760f300 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc55994265d38201f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc57ee4031eee3b2f =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc76e76c413843115 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc7833318e3f643c2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc7a30821ebf4dae0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc84f8928a091f4fc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignca9385fdd238ca53 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncaca8a633666272b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncb4a31d568baca7c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncb4b5ccd2541722b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncb53193c4ebe7c1d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncba363afed453ddc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncbe84343c0a3404b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncc36fdd03edb4912 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncc9205642c632002 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncd3715adcd004660 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncd99192e71e35b7b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncda7a433dbf7eb1e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce32387ad597fcc2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce4d4403356d13ed =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce5fd5a5694e11df =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce904d0eb9eb82ad =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncf48d68f3e583afe =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd04214e6c398aa61 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd189001dfd708b32 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd304c8090e892674 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd35a04b30fb7a6a5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd410e5a0f6801356 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd43b5654e6a5ccdc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd45d07cc44a0ad96 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd56c74513624b014 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd5f2e101be0367ae =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd67c63a885575b7e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd6be848e6bed4249 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd7b5c68a941d74b2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd7fec58674616ade =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd8262bc26f3bcb90 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd85519ebfc2017d2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd8ac8744580e58ba =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd90b62bb38a46107 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd91d731019c8248c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd944ab56be22ca54 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd97343d9df5df009 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignda1fa4c7cc353542 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignda85b2eacbbc8b22 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndb74f5b6d9793514 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndb94ee0ecc89d7a9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndc776f30e061955c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndd788b7bcde4c1fd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndf73577439283e83 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne146afb5f274978e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne196bf0b3b1c2f94 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne1dc41559e5dfb27 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne1e8a763e9bd8db4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne23ed4171552970c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne24d874f49e244d9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne2ebe78fe4b9ecae =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne32d894cd3b222d9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne4bedfef0d68e183 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne4c439b6d63c482a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne4d6e556cc731820 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne530bd0185dcaad2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne5c77ce90197fff4 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne61227dee02e50e7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne6babe40efc85cde =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne6f5f5f4903556c2 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne7657fd625cc07fa =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne78e0dfd776deca5 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne7db422d47a4230d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne8f5559a70d913e7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9102953c7759f16 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne929640ccef2fc95 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9633e763f269e2a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9d86e1a028597e8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9eac64cac3543c0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignea1535a038eed9d6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignea1dd5334f921319 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignea65f3642cfe398a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigneab701f2b5258365 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigneb7e04a063f01eb8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigneccbdb8d57d1f034 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignecd211ff31135eb1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignef0e79be6ba05e73 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignef311f9aea5c2cd1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignef4b675d615f821c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf10099752f2319d0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf103b80681bb5b9e =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf1b4434e6e11517b =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf276f8eda13e1bf7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf2925210b2fa8162 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf31f5e8dd447073a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf3226b7f9a7c28e8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf334296337fda9fb =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf44aafab97d92b9c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf4a09fd077b44bac =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf4b4aaee58f60f6d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf4e31b5007c93f9d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf549cd4c7835c166 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf55ca39079303399 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf5d95a5aca176761 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf629ab0a152ab578 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf71c2fd4503952f8 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf7aa9049a4003da3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf7b9743da9eb7edd =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf858b558fda03596 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf9b2186220d29bed =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf9e6f584dcf3868a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfa8475130bf9554d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfa99b95bbfe6be9a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfaa71fae6a94a8d6 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfae03ee935dc48f3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfaeb3a40a42a5c73 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfb29052a4f1b49ae =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfb5e3a40026040dc =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfb9470a26dee150c =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfbf6ca8021fc0242 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfc0d8b7529f730c7 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfc1bf05cb2ccc42a =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd0bb65d63fcd065 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd3580e869aa4d5d =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd5328f22dd91ad1 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd9a5dae564063d9 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfeccc0fa12cd3aea =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfef13d3b9750d5de =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignff9333d4081a90c0 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignffcb6d9397dc7ec3 =>.SUP.Temporary MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignffcdfec283cdc14b =>.SUP.Temporary MOVED folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool =>PUP.Optional.WeatherTool MOVED folder^: C:\Windows\Temp\reimage.log =>.SUP.ReimageRepair MOVED folder: C:\Users\Narde\AppData\Local\Google\Update =>Heuristic.Suspect ---\\ Registry ( Key, Value, Data) (54) DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg[...]] [Yahoo! Powered] =>Adware.YahooPowered DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg[...]] [Yahoo! Powered] =>Adware.YahooPowered DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg[...]] [Yahoo! Powered] =>Adware.YahooPowered DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}] =>Adware.YahooPowered DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}] =>Adware.YahooPowered DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}] =>Adware.YahooPowered DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector [C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Not File)] =>.SUP.ReimageRepair DELETED key*: HKEY_USERS\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\Conduit [] =>.SUP.Conduit DELETED key*: HKEY_USERS\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\Reimage [] =>.SUP.ReimageRepair DELETED key*: HKEY_USERS\.DEFAULT\Software\ByteFence [] =>.SUP.ByteFence DELETED key: HKCU\Software\Conduit [] =>.SUP.Conduit DELETED key: HKCU\Software\Reimage [] =>.SUP.ReimageRepair DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key: HKU\.DEFAULT\Software\ByteFence [] =>.SUP.ByteFence DELETED key: HKU\S-1-5-18\Software\ByteFence [] =>.SUP.ByteFence DELETED key*: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. [] =>.SUP.ReimageRepair DELETED key*: HKCU\Software\csastats [] =>Adware.InstallCore DELETED key*: HKCU\Software\ProductSetup [] =>Adware.InstallCore DELETED key*: HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion [] =>PUP.Optional.LavasoftWebCompanion DELETED key: HKLM\SOFTWARE\Lavasoft\Web Companion [] =>PUP.Optional.LavasoftWebCompanion DELETED key*: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} [] =>PUP.Optional.Legacy DELETED key*: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence [] =>.SUP.ByteFence DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents] =>PUP.Optional.Legacy DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine] =>PUP.Optional.Legacy DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [REI_AxControl] =>.SUP.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL [] =>.SUP.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [ReiEngine Class] =>PUP.Optional.GetLiveSupport DELETED key*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [ReiEngine Class] =>PUP.Optional.GetLiveSupport DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\WCAssistantService [] =>PUP.Optional.LavasoftWebCompanion DELETED key*: [X64] HKLM\SOFTWARE\DtsEncodeTools [] =>PUP.Optional.WeatherTool DELETED key*: [X64] HKLM\SOFTWARE\Reimage [] =>.SUP.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASAPI32 [] =>.SUP.ByteFence DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASMANCS [] =>.SUP.ByteFence DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 [] =>.SUP.ByteFence DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS [] =>.SUP.ByteFence DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair [Reimage] =>.SUP.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [C:\Program Files\Reimage\Reimage Repair\Reimage.exe (Not File)] =>.SUP.ReimageRepair DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater [] =>.SUP.ReimageRepair DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered ferid [] =>Adware.YahooPowered DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit [] =>.SUP.Conduit DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents] =>PUP.Optional.Legacy DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine] =>PUP.Optional.Legacy DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [REI_AxControl] =>.SUP.ReimageRepair DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\REI_AxControl.DLL [] =>.SUP.ReimageRepair DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [C:\Program Files\Reimage\Reimage Repair\Reimage.exe (Not File)] =>.SUP.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceScan_RASAPI32 [] =>.SUP.ByteFence DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceScan_RASMANCS [] =>.SUP.ByteFence DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} [ReiEngine Class] =>.SUP.ReimageRepair DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)] =>.SUP.ReimageRepair DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} [CompReg Class] =>.SUP.ReimageRepair DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)] =>.SUP.ReimageRepair DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E7CBF322B6233F0A4CB19C2626926271 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser ---\\ Summary of the elements found (19) https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/ =>.SUP.ReimageRepair https://www.anti-malware.top/2016/04/21/pup-optional-shopperz/ =>PUP.Optional.Shopperz https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.Agent https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.WonderfulWeather https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.vSnapshot https://www.nicolascoolman.com/fr/pup-optional-weathertool =>PUP.Optional.WeatherTool https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.ABTeam https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Adware.YahooPowered https://nicolascoolman.eu/2017/02/06/superfluous-conduit/ =>.SUP.Conduit https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>.SUP.ByteFence https://nicolascoolman.eu/2017/09/19/adware-installcore-3/ =>Adware.InstallCore https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Legacy https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/ =>PUP.Optional.Wajam https://nicolascoolman.eu/2017/10/05/sup-systemoptimizer/ =>PUP.Optional.GetLiveSupport https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser ---\\ Other deletions. (38) ~ Registry Keys Tracing deleted (36) ~ Remove the old reports ZHPCleaner. (2) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1049 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h03mn30s ---\\ Reports (2) ZHPCleaner--08082018-23_02_29.txt ZHPCleaner-[R]-08082018-23_08_14.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:18:04, on 08/08/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18015) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Serviço do %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: The vSnapshot Service (ThevSnapshotService) - Unknown owner - C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshotServ.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5716 bytes
  5. Olá; bom dia, administradores e moderadores do Fórum do Baboo. Já fiz todos os procedimentos solicitados no Tópico Oficial. O meu problema é com o malware "Goto.maxdealz.com Search Redirect". Toda vez que abro a página de busca do Google digito alguma coisa e dou enter esse malware me direciona para uma página de busca da Yahoo. Desde já agradeço imensamente a vocês. Segue meu log para exame: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:56:42, on 08/08/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18015) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\WTClient.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe C:\Users\Narde\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshot.exe C:\Users\Narde\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: 104.251.211.173 clients2.google.com O1 - Hosts: 104.251.211.173 clients2.google.com O1 - Hosts: 104.251.211.173 clients2.google.com O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [WTClient] WTClient.exe O4 - HKCU\..\Run: [Chromium] c:\users\narde\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session O4 - HKCU\..\Run: [FB Checker] C:\Program Files (x86)\Innovative Solutions\FB Checker\fbchecker.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E7CBF322B6233F0A4CB19C2626926271] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKCU\..\Run: [Blogger] C:\ProgramData\Blogger\Blogger.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Serviço do %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: The vSnapshot Service (ThevSnapshotService) - Unknown owner - C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshotServ.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Zjg2Nzc4Mzg1ZWI0M2M1 - Unknown owner - rundll32.exe (file missing) -- End of file - 11802 bytes
×