Conheça os Cursos do BABOO para usuários avançados e profissionais de TI

Ir para conteúdo
FranciscoNarde

Infectado com o malware "Goto.maxdealz.com Search Redirect"

Mensagem Recomendada

Olá; bom dia, administradores e moderadores do Fórum do Baboo.

Já fiz todos os procedimentos solicitados no Tópico Oficial.

O meu problema é com o malware "Goto.maxdealz.com Search Redirect". Toda vez que abro a página de busca do Google digito alguma coisa e dou enter esse malware me direciona para uma página de busca da Yahoo.

 

Desde já agradeço imensamente a vocês.

Segue meu log para exame:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:56:42, on 08/08/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
C:\Users\Narde\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.3_44494\utorrentie.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshot.exe
C:\Users\Narde\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 104.251.211.173 clients2.google.com
O1 - Hosts: 104.251.211.173 clients2.google.com
O1 - Hosts: 104.251.211.173 clients2.google.com
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKCU\..\Run: [Chromium] c:\users\narde\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
O4 - HKCU\..\Run: [FB Checker] C:\Program Files (x86)\Innovative Solutions\FB Checker\fbchecker.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E7CBF322B6233F0A4CB19C2626926271] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Blogger] C:\ProgramData\Blogger\Blogger.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Serviço do %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Serviço do %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: The vSnapshot Service (ThevSnapshotService) - Unknown owner - C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshotServ.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zjg2Nzc4Mzg1ZWI0M2M1 - Unknown owner - rundll32.exe (file missing)

--
End of file - 11802 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o HijackThis e clique em "Do a system scan only" e marque as Entradas listadas abaixo, em seguida clique em "Fix Checked"

0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate

O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKCU\..\Run: [Chromium] c:\users\narde\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
O4 - HKCU\..\Run: [FB Checker] C:\Program Files (x86)\Innovative Solutions\FB Checker\fbchecker.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E7CBF322B6233F0A4CB19C2626926271] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Blogger] C:\ProgramData\Blogger\Blogger.exe

Desinstale o Programa BlueStacks Agent

Reinicie o PC...

 Clique com o botão direito do mouse em Iniciar\ clique em Executar e digite services.msc, ache esse Servico " Zjg2Nzc4Mzg1ZWI0M2M1", dê um duplo clique e escolha Desativado. Clique também em Parar e troque o Tipo de Inicialização para Desativado.
Abra o HijackThis e clique no botão Open the Misc Tools section e depois em Delete an NT service.
Coloque isto:  Zjg2Nzc4Mzg1ZWI0M2M1

Clique em OK.

Clique em Sim, quando for perguntado se deseja reiniciar.

Reinicie......

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackTis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

~ ZHPCleaner v2018.8.6.157 by Nicolas Coolman (2018/08/06)
~ Run by Narde (Administrator)  (08/08/2018 23:04:44)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\Narde\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Narde\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (1)
CLOSED : ReimageRealTimeProtector  =>.SUP.ReimageRepair


---\\  Browser internet (1)
DELETED: [93360peu.default] - user_pref("browser.newtabpage.blocked", "{\"IN6Ib5wmCPgzy1LosioGsA==\":1,\"XfUS9uRaSANyPPOryIuagA==\[...]  =>PUP.Optional.Shopperz


---\\  Hosts file (0)
~ No malicious or unnecessary items found.


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (570)
MOVED file: C:\Users\Narde\Desktop\µTorrent.lnk  [Bad : C:\Users\Narde\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Users\Narde\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\Narde\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk  [Bad : C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe](.Reimage.)  =>.SUP.ReimageRepair
MOVED file: C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [Reimage® - Reimage Real Time Protection]  =>.SUP.ReimageRepair
MOVED file: C:\Users\Narde\Desktop\ReimageRepair.exe [Reimage - Reimage Downloader]  =>.SUP.ReimageRepair
MOVED file: C:\Users\Narde\AppData\Local\Temp\Reimage.log    =>.SUP.ReimageRepair
MOVED file: C:\Users\Narde\AppData\Local\Temp\ReimagePackage.exe [Reimage - Reimage Package]  =>.SUP.ReimageRepair
MOVED file*: C:\Program Files (x86)\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
MOVED file: C:\Windows\Reimage.ini    =>.SUP.ReimageRepair
MOVED file*: C:\Windows\SysWOW64\SSL    =>Trojan.Agent
MOVED file*: C:\ProgramData\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
MOVED folder: C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocinjdjondmhheihhgkbmjkofmomnppd  =>.SUP.WonderfulWeather
MOVED folder^: C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocinjdjondmhheihhgkbmjkofmomnppd  =>.SUP.WonderfulWeather
MOVED folder: C:\Users\Narde\AppData\Roaming\vSnapshot  =>.SUP.vSnapshot
MOVED folder: C:\Program Files (x86)\WeatherTool  =>PUP.Optional.WeatherTool
MOVED folder: C:\Program Files (x86)\Webteh  =>.SUP.ABTeam
MOVED folder: C:\Program Files\Reimage  =>.SUP.ReimageRepair
MOVED folder: C:\ProgramData\Reimage Protector  =>.SUP.ReimageRepair
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair  =>.SUP.ReimageRepair
MOVED folder: C:\Windows\System32\config\systemprofile\AppData\Roaming\WeatherTool  =>PUP.Optional.WeatherTool
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign003e3047590a7bfd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign00fe11655f451204  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign01e5efb34647db65  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign020dd9d488602be5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign021f514ae62baec5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0229aeee9ac451c9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign029f8a0475065369  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign02a67fc04d13cd0a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign02c20125ac9fd19a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign02e3c81dc9eaaa7f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0323bedff7b9cc02  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign046904a27b7f7f4a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign04ca5a3995802428  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign04eb8f119491cf14  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign059dd892919fb3ac  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign05f2e74ab9d2c318  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign060c49624a894776  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0634ba58c3db658f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign06583cbed6fe622e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign06c0869a3b357711  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign06ec5812228958a2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign071609f284ccfdcf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0745052591c961fb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign07975f63408b7d9c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign07d7a7c5fd7c81ba  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign081aa22a4b3c30e1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0927dccf7a9b6785  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign09ac2dd6be11fed6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0a07a7cc1073757c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0ae5978990243eec  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0ae9ae31114d0dbf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0b08681b6c17e38c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0b105453a1806994  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0b2723104c01d3bf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0c0c87d3dd2d5981  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0c89aa18e01c5e08  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0c975258ef2a3155  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0d1a97a5ef61187a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0d892168a8678d87  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0d91166738a0c758  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0e501b9c5fb0dbb8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0e62b47cf83e2cff  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0f27c406fd948cf9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign0fe43dc83f4a4224  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1081ec1ba5c24a5d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign10b33a4b632251fb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign10f58e8718021e22  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign11b11068640191b0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign11c2b135ca5a7343  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign11e178fb0403b2d3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1203177dc9498510  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign12ae71a1ce328348  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign12f7b8b99d2900e7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign13f1a755c18324e0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign141f092c11618349  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign142bb14c2cc7109c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign165bce5fae207f01  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign16c6bec025a3f2af  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign176a517afa718876  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign176a6f260676fe0d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign177587d7d8998c41  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign180b1f9201eb1ba7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign181187e0e6cb8bf9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1818e58b548beec2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign186651593489acee  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1921ce7f55bc7fcf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign19d349c4ff170140  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1ab36ac157a67ab7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1b123b54549c98d3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1ce9888254bae1a9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1cf82e65b74cd837  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1d7fccd9dae5d1e4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1d9e84641cacd078  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1dbebf414e4795ea  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1e85b86664524c1f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1eb06e5297856c01  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1f4bd61aff4be792  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign1f8b8c0dcc14090c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign20efc6c42f8b7f31  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign21a913825955afb4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2299ec7995e80379  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign231b8874388ea496  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign235c11a3759ba6ed  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign23845337873b72ac  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2420ae10f2d733f4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign243cefbcb3e7a3e1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign24a2809c0607cdf0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2511ad2672717e13  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign259c0fce4a933fc2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign265d3f9c8c986929  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2758ef087f20f782  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign27a50a38cd382f89  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign28068b5445dc1d9f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign281285b0fcdc4795  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign286bc033dbbc2ed6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign286d54b1076a33b4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2896f0071864d931  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign298003bc1d44b482  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2b007e1770bc768d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2b54a46fc26785ad  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2ba7291af81e49be  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2c58102366114523  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2d36d3b92d93031d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2e2f93738d30e41b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2e8829e4e6d3231d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2ecb464f82839fd4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign2feec41b23acf1af  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3096c125dbc18540  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign30991ab803535365  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign30b1db89fde5276a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign30c8f1666571f691  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign31032831c34c9be2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign32101f97ad939a53  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3214c8491581c6b7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign326b506a6d0c9a54  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign32d46925986dd12c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign335573bb7c17bd1a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign339d01107b69e1d0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign33cb0bbd322bab0f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign34d565bf874a7e98  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign350b6e699fbb8733  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign35390278492fc716  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign355ddb49245f92aa  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign363ac759a1e82e7a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign36b28b55d961fe24  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign37192762223e1514  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign375c026f530654ea  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign376cd8231423fc40  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign378fbaab4562f26f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign37fe271fa03c3955  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign383ddfe62f175884  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign387f6dfc47b1d8c3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign38928c6b72a5482e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign390064b365c0f16e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3997aaf26151c9c4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3a92886db55ac3fc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3ac1e756d438a88e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3b1ab1a0f59f99bd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3b654b2d68435d2b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3cd866469ad77bbe  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d21fda7e40d87bb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d5ac0ec747092c4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d5d1c3cdc1c5563  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3d70eb2cea39e3d0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3e1317e2bcda5638  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign3ed57874a9ed41a1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign40c961aa280ee5f4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign40fb6682bfdd9296  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign418da5863cf7f28e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign419c070a11f97bb7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign43871a079d797f0e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign44138a1803862dcf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign451be9fb7af620d1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign455697f1d0a7bd53  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign45cc8f087a3a46ce  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign45ef842a355540ec  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4757f82f1a53c43d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign47773f0027678413  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign48edfada9bc8cddf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign499d4183e900980c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4a130dc877547eb5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4a675bda4c0faaf2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4b6935f3f5307b37  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4d445e0e754f3860  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4d47dd0f1eae3318  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4e34df686a7c3959  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4e762cb2cb3dbba9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4ec7460bcee75b91  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4f4c36b013d36836  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4fa13b6135912559  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign4fe6f86fe85466b3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign50b77011682d0682  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign51d5ad8187ace299  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign51e8254b0cef668d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign51ffd5c4af09835b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign524dcdf7c09d122d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign52a692178dd261e1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign531b100ab2e9cf46  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign532aca69bb61b5f1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign536c33bb55f9ea6d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign53eba998731625e7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign53ec090b325f3fdb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5415e4ec2cd70644  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign554f64d9b5ec7c0f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign55604fb7f220a68d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign55b609b1c38295bf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign55ba30dc9781871e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5611bdaec85b76d5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign57026cda971d1041  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5705c6f3ca3b9f63  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign57a409199df9edcc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign57da929d7bd00387  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59565dc0a751b6e0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59be28c9e4fca98b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59d98014098b6e58  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign59ee7bbd9c3ad580  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5afaa82a04cb960c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5b36d8d2b7a56da7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5bd1ffd54503da5a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5c087938a8f4c191  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5c59a09b231ab370  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5cf56c3cce5b8211  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5d05cd98af669fc3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5d533937b73349d2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5ddf49ea9411093c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5e903b78d562707e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5ed6786cdf64075e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5ee041bc3d365ddb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5f1734c2e46cced4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5f44c9baef52b483  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign5f71003244924828  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign605a0e15113e08fd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign606142091c716a25  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign606aecc6a8b40828  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign607f3008ae49efcd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign60c7c34f78fcf5cd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6156cd294c496a7e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign62b712ee18e84615  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign63591920f323d18d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign638ab90437b7a874  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign63a589558b44a34b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign63e93591c1631ad5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign64ec7042ec0f23cf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign65293964c20a8598  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign652dd37c12d9ac80  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign65a681e1b55eb967  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign66d672e496ace553  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6736191617a71ea5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign67bcf578924095e6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign682d415c18024427  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign682e915430f75d7b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign68a3893defcd8260  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign68d8fe873cd315ee  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign68e0c60aa70c5419  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign692883a59029d011  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6a088d92e4c7446c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6a0e6e98beda906d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6a80901d5baa37f7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6abb92c25223d02b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6ad8d65fdcf7f6e4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6afe3cd6e305fe25  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6b5d87627093683c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6b735ca97c343591  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6ba355f61bef5f6d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6be3bb41179dd660  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6cd3edbb3409687a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6d57e97fdd062c8d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6de52b5bba6e842e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6e308fee7034e3c0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6f95a019ed40ace0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign6fd7a4e8e21aaf28  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign70fbe3946a40d308  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7226bf6dc04f46e7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7240f34268bd3443  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign728688aaa3783a75  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73389f93c5311e34  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign736e3dbddd1811a2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7376b77a62ce83fe  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73b8e11988d8c3c2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73f437b28aea1efc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73f89dc686969cf2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign73ff6059c5e5ba3d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign751cbe412246ea5d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign75c85c7f93e7ae93  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign75deb91204a10e2d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign76a32490b1dab9d4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign774c71e215d80977  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign77b4cd60837225df  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign77cf0f551ed3f558  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign78241eb11b74c141  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign78443c7e5ae75a6e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7970dd68a4cea15e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign79c258828909347a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7a233f5e76259e1a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b09b5dd22318fdd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b3fd04da3b6b97a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b526c255c0d1a3b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7b663d9bc3b2c485  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7c1e9b52004796bf  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7c70fab76a5f3155  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7c85513d6893169c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7cb6c8e1b1cd157b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7e7c39f165ab08d2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7e82640188e61b8a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7ea471303458e602  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7eda02a95b6a0f0a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7f295cd78284408c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign7fbd1cfe2a2f31a2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign80450dade3d1287d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8084a4d83292b54e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign80fa6e3b7d9c8c61  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign811e66ecf868cb9f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign814c40e1f76b88f3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign81a7665b2ad39c76  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign81b34f19e527d5a6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign825e3de505419f3d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign828471b4dd855b66  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign82a3bd79f2351a24  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign835febfa4e86fcf1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign84369af0ebf7c8ab  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign84cdbb11d4864c29  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign852889d37b6b1596  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign85e58ed1b46a76f5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign867dd1d0e3450c0b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8695af4588031f3a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign86a22268eea4b1ed  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign87c62840b1b75e54  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign882bdd46c494ad94  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8865c62a7735314e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8943db27bbee6583  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign89af654575f55d6f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ad428efa7210be0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ae8573261dc0075  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8b55d82e58ed5e9e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8bef11fbf1cb1b7e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8c4d93b7539774e8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8cbdc8ed23899fc5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ccb0879d7b44608  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8cf5c5aa60d51056  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d0d9dab2dd83db2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d2cd85b3f4baa5b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d3cba19e4501586  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8d5ad9493c653427  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8e1eec751c020a01  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8e682c72de318039  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8ead073dc4deb8b4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8f0d3de51ec7edd6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8f4cc6ddd52d5b9e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign8fe5c32c063a1c22  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign901d41c444db4eae  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign90c527d39b9464be  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign915c93ead831443b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9169239e436f646a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign91af22b73547cd74  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign91bd98f1188f6c3d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign923c41d7881c10e2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign923f00ceed958459  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign92c63b24d0524acd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign939239492deb8fcc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9479aa6728da68ff  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign948a15b844520897  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign94aceea0d6cf9bfb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9584ba9e1de268a5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign96165dc7f634b79e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign961f9ee5bd7416d2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign963fc54eec053e6d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign96e70b91f83e9f0b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign96ec58e5b1e68d90  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign984864261bea6038  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign98b1061b9c8d2d4e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9983daf60662ee61  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9a98af4a648b6ba5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9ae8c87722913435  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9b186ee0fa32ac5e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9b949be5acb024cd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9c2901a54ce39cee  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9ca42d869a09d804  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9d679e55f2bdbdfa  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9edb8e302ff9238a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9f02ae5bf3658e7d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsign9f8bd2529966bb0c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna0cdbc22f5fc0733  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna0ff498ebd3b2152  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna2064fda3b42b103  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna241fee3bb4834bb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna2bcc24612028987  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna3966db1f6b00670  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna3bc95db92bfc447  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna3e9442ec9d87511  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna42af60312753fa5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna44e1418d6207f92  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna54ee45b8a36427e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna694aaf8e1c1d15a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna756ea6d0fb1010b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna775ddc3419d998b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna80ef01cb3565d98  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigna8731d6db19925ea  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaa26f29025ed5e3e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaa5d35ae77e428c2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignab0d746ea53959cc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignab2ec0f7856ab1be  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignab93163e382b9a15  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignabc11eec8c4736f6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignacd23b4c4f011a88  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignacda65fe4eaad0e6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignad845095c6e23934  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaf080b7b8f62b474  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignaf5e0c5512971770  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignafae4f1cc2942699  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignafda08fcde815e79  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb05ab66fe68cb777  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb09c6d9edcfc4842  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb14492e9f633e324  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb16d0bf888afc689  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb210882e4eb039e8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb226cb42d2df1fcb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb2443f8b7762c259  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb29c4f4967a70d21  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb3085f93787f0012  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb313f8e13ff96f68  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb3455a7a71ba1078  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb3eea5c73f641532  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb69e825961abf462  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignb91786d8dee50209  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbae98ce54738e63c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbb4e460228b5a16a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbc8b7f4b1ed6fafe  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbce775cad93e9135  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbd7153fd4971e835  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbe985e041e7dd0f2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbebf4e3b1e747731  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbec315649cc96a9c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbf46920f831b0628  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignbf8c783822fd6af8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc04368ff430a6080  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc0b0bace03f0d6b6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc10ed399e0c62967  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc42f2a123c2665af  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc4c34965e326baf8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc4e55e3a7760f300  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc55994265d38201f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc57ee4031eee3b2f  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc76e76c413843115  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc7833318e3f643c2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc7a30821ebf4dae0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignc84f8928a091f4fc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignca9385fdd238ca53  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncaca8a633666272b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncb4a31d568baca7c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncb4b5ccd2541722b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncb53193c4ebe7c1d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncba363afed453ddc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncbe84343c0a3404b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncc36fdd03edb4912  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncc9205642c632002  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncd3715adcd004660  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncd99192e71e35b7b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncda7a433dbf7eb1e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce32387ad597fcc2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce4d4403356d13ed  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce5fd5a5694e11df  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignce904d0eb9eb82ad  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigncf48d68f3e583afe  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd04214e6c398aa61  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd189001dfd708b32  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd304c8090e892674  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd35a04b30fb7a6a5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd410e5a0f6801356  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd43b5654e6a5ccdc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd45d07cc44a0ad96  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd56c74513624b014  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd5f2e101be0367ae  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd67c63a885575b7e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd6be848e6bed4249  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd7b5c68a941d74b2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd7fec58674616ade  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd8262bc26f3bcb90  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd85519ebfc2017d2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd8ac8744580e58ba  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd90b62bb38a46107  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd91d731019c8248c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd944ab56be22ca54  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignd97343d9df5df009  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignda1fa4c7cc353542  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignda85b2eacbbc8b22  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndb74f5b6d9793514  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndb94ee0ecc89d7a9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndc776f30e061955c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndd788b7bcde4c1fd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigndf73577439283e83  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne146afb5f274978e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne196bf0b3b1c2f94  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne1dc41559e5dfb27  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne1e8a763e9bd8db4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne23ed4171552970c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne24d874f49e244d9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne2ebe78fe4b9ecae  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne32d894cd3b222d9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne4bedfef0d68e183  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne4c439b6d63c482a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne4d6e556cc731820  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne530bd0185dcaad2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne5c77ce90197fff4  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne61227dee02e50e7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne6babe40efc85cde  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne6f5f5f4903556c2  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne7657fd625cc07fa  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne78e0dfd776deca5  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne7db422d47a4230d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne8f5559a70d913e7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9102953c7759f16  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne929640ccef2fc95  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9633e763f269e2a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9d86e1a028597e8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigne9eac64cac3543c0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignea1535a038eed9d6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignea1dd5334f921319  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignea65f3642cfe398a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigneab701f2b5258365  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigneb7e04a063f01eb8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsigneccbdb8d57d1f034  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignecd211ff31135eb1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignef0e79be6ba05e73  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignef311f9aea5c2cd1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignef4b675d615f821c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf10099752f2319d0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf103b80681bb5b9e  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf1b4434e6e11517b  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf276f8eda13e1bf7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf2925210b2fa8162  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf31f5e8dd447073a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf3226b7f9a7c28e8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf334296337fda9fb  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf44aafab97d92b9c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf4a09fd077b44bac  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf4b4aaee58f60f6d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf4e31b5007c93f9d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf549cd4c7835c166  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf55ca39079303399  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf5d95a5aca176761  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf629ab0a152ab578  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf71c2fd4503952f8  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf7aa9049a4003da3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf7b9743da9eb7edd  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf858b558fda03596  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf9b2186220d29bed  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignf9e6f584dcf3868a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfa8475130bf9554d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfa99b95bbfe6be9a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfaa71fae6a94a8d6  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfae03ee935dc48f3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfaeb3a40a42a5c73  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfb29052a4f1b49ae  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfb5e3a40026040dc  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfb9470a26dee150c  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfbf6ca8021fc0242  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfc0d8b7529f730c7  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfc1bf05cb2ccc42a  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd0bb65d63fcd065  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd3580e869aa4d5d  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd5328f22dd91ad1  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfd9a5dae564063d9  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfeccc0fa12cd3aea  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignfef13d3b9750d5de  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignff9333d4081a90c0  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignffcb6d9397dc7ec3  =>.SUP.Temporary
MOVED folder: C:\Users\Narde\AppData\Local\Tempzxpsignffcdfec283cdc14b  =>.SUP.Temporary
MOVED folder: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool  =>PUP.Optional.WeatherTool
MOVED folder^: C:\Windows\Temp\reimage.log  =>.SUP.ReimageRepair
MOVED folder: C:\Users\Narde\AppData\Local\Google\Update  =>Heuristic.Suspect


---\\  Registry ( Key, Value, Data) (54)
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg[...]] [Yahoo! Powered]  =>Adware.YahooPowered
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg[...]] [Yahoo! Powered]  =>Adware.YahooPowered
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg[...]] [Yahoo! Powered]  =>Adware.YahooPowered
DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}]  =>Adware.YahooPowered
DELETED key: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}]  =>Adware.YahooPowered
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [https://br.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_bxinw_17_42_ssg02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dbr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0AtA0F0A0DtC0FyCzytA0A0B0CtN0D0Tzu0StBtCtCzytN1L2XzutAtFtAyDtFtAtFyDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StDzzyEtA0D0EtAyCtGyCyC0AtCtGyEyB0EyDtGtCzzzztBtGyC0D0EtDtB0EtAyB0EyByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0ByB0DyBtC0DyD0FtG0E0F0A0DtGyEzyyC0DtG0A0F0C0FtG0F0DyD0F0E0EtAtA0CtB0E0E2QtN0A0LzuyE%26cr%3D1165171333%26a%3Dwbf_bxinw_17_42_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}]  =>Adware.YahooPowered
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\ReimageRealTimeProtector [C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Not File)]  =>.SUP.ReimageRepair
DELETED key*: HKEY_USERS\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\Conduit []  =>.SUP.Conduit
DELETED key*: HKEY_USERS\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\Reimage []  =>.SUP.ReimageRepair
DELETED key*: HKEY_USERS\.DEFAULT\Software\ByteFence []  =>.SUP.ByteFence
DELETED key: HKCU\Software\Conduit []  =>.SUP.Conduit
DELETED key: HKCU\Software\Reimage []  =>.SUP.ReimageRepair
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key: HKU\.DEFAULT\Software\ByteFence []  =>.SUP.ByteFence
DELETED key: HKU\S-1-5-18\Software\ByteFence []  =>.SUP.ByteFence
DELETED key*: HKCU\Software\Local AppWizard-Generated Applications\Reimage - Windows Problem Relief. []  =>.SUP.ReimageRepair
DELETED key*: HKCU\Software\csastats []  =>Adware.InstallCore
DELETED key*: HKCU\Software\ProductSetup []  =>Adware.InstallCore
DELETED key*: HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion []  =>PUP.Optional.LavasoftWebCompanion
DELETED key: HKLM\SOFTWARE\Lavasoft\Web Companion []  =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} []  =>PUP.Optional.Legacy
DELETED key*: HKLM\System\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents]  =>PUP.Optional.Legacy
DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine]  =>PUP.Optional.Legacy
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [REI_AxControl]  =>.SUP.ReimageRepair
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 []  =>PUP.Optional.Wajam
DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL []  =>.SUP.ReimageRepair
DELETED key*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine [ReiEngine Class]  =>PUP.Optional.GetLiveSupport
DELETED key*: [X64] HKLM\SOFTWARE\Classes\REI_AxControl.ReiEngine.1 [ReiEngine Class]  =>PUP.Optional.GetLiveSupport
DELETED key*: HKLM\SYSTEM\CurrentControlSet\Services\WCAssistantService []  =>PUP.Optional.LavasoftWebCompanion
DELETED key*: [X64] HKLM\SOFTWARE\DtsEncodeTools []  =>PUP.Optional.WeatherTool
DELETED key*: [X64] HKLM\SOFTWARE\Reimage []  =>.SUP.ReimageRepair
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASAPI32 []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFenceService_RASMANCS []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASAPI32 []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\ByteFence_RASMANCS []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Reimage Repair [Reimage]  =>.SUP.ReimageRepair
DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [C:\Program Files\Reimage\Reimage Repair\Reimage.exe (Not File)]  =>.SUP.ReimageRepair
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater []  =>.SUP.ReimageRepair
DELETED key^: [X64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Yahoo! Powered ferid []  =>Adware.YahooPowered
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Conduit []  =>.SUP.Conduit
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents]  =>PUP.Optional.Legacy
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine]  =>PUP.Optional.Legacy
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A} [REI_AxControl]  =>.SUP.ReimageRepair
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 []  =>PUP.Optional.Wajam
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\REI_AxControl.DLL []  =>.SUP.ReimageRepair
DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\Reimage.exe [C:\Program Files\Reimage\Reimage Repair\Reimage.exe (Not File)]  =>.SUP.ReimageRepair
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceScan_RASAPI32 []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ByteFenceScan_RASMANCS []  =>.SUP.ByteFence
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484} [ReiEngine Class]  =>.SUP.ReimageRepair
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)]  =>.SUP.ReimageRepair
DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB} [CompReg Class]  =>.SUP.ReimageRepair
DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32 [C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.dll (Not File)]  =>.SUP.ReimageRepair
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_E7CBF322B6233F0A4CB19C2626926271 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5]  =>PUP.Optional.MyBrowser


---\\  Summary of the elements found (19)
https://nicolascoolman.eu/2017/01/27/superfluous-reimagerepair/  =>.SUP.ReimageRepair
https://www.anti-malware.top/2016/04/21/pup-optional-shopperz/  =>PUP.Optional.Shopperz
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/  =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Trojan.Agent
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.WonderfulWeather
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.vSnapshot
https://www.nicolascoolman.com/fr/pup-optional-weathertool  =>PUP.Optional.WeatherTool
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.ABTeam
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Adware.YahooPowered
https://nicolascoolman.eu/2017/02/06/superfluous-conduit/  =>.SUP.Conduit
https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/  =>.SUP.ByteFence
https://nicolascoolman.eu/2017/09/19/adware-installcore-3/  =>Adware.InstallCore
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Legacy
https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/  =>PUP.Optional.Wajam
https://nicolascoolman.eu/2017/10/05/sup-systemoptimizer/  =>PUP.Optional.GetLiveSupport
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser


---\\  Other deletions. (38)
~ Registry Keys Tracing deleted (36)
~ Remove the old reports ZHPCleaner. (2)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 1049
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0


~ End of clean in 00h03mn30s

---\\  Reports (2)
ZHPCleaner--08082018-23_02_29.txt
ZHPCleaner-[R]-08082018-23_08_14.txt
 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:18:04, on 08/08/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Serviço do %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Serviço do %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: The vSnapshot Service (ThevSnapshotService) - Unknown owner - C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshotServ.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5716 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mb3-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 09/08/18
Hora da análise: 16:30
Arquivo de registro: ade5e47e-9c0a-11e8-beb6-000000000000.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.391
Versão do pacote de definições: 1.0.6277
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Narde-PC\Narde

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 266485
Ameaças detectadas: 296
Ameaças em quarentena: 296
Tempo decorrido: 31 min, 31 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 23
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\REIMAGEUPDATER, Quarentena, [1366], [327190],1.0.6277
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{775AA926-907A-45A7-9C07-AA3927557007}, Quarentena, [1366], [327190],1.0.6277
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{775AA926-907A-45A7-9C07-AA3927557007}, Quarentena, [1366], [327190],1.0.6277
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C6393780-D69B-4C25-89D3-673DE7E96BCA}, Quarentena, [248], [308968],1.0.6277
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{C6393780-D69B-4C25-89D3-673DE7E96BCA}, Quarentena, [248], [308968],1.0.6277
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered ferid, Quarentena, [248], [308968],1.0.6277
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarentena, [245], [476595],1.0.6277
PUP.Optional.SearchManager, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\NAHHMPBCKPGDIDFNMFKFGIFLPJIJILCE, Quarentena, [245], [476595],1.0.6277
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nahhmpbckpgdidfnmfkfgiflpjijilce, Quarentena, [245], [476595],1.0.6277
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarentena, [245], [260991],1.0.6277
PUP.Optional.SearchManager, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\PILPLLOABDEDFMIALNFCHJOMJMPJCOEJ, Quarentena, [245], [260991],1.0.6277
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarentena, [245], [260991],1.0.6277
PUP.Optional.vSnapShot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ThevSnapshotService, Quarentena, [4378], [495669],1.0.6277
Trojan.Agent.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\System\SystemChecks, Quarentena, [1136], [537823],1.0.6277
Trojan.Agent.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [537823],1.0.6277
Trojan.Agent.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [537823],1.0.6277
Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System\SystemChecks, Quarentena, [1136], [-1],0.0.0
Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [-1],0.0.0
Trojan.Agent.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A370C445-38AC-49D2-89BF-81FEB550D0D1}, Quarentena, [1136], [-1],0.0.0
PUP.Optional.DefaultSearch, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nladljmabboanhihfkjacnnkgjhnokhj, Quarentena, [272], [550469],1.0.6277
PUP.Optional.vSnapShot, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{F772C08E-9F61-45c6-982F-ADDEEE0D0407}, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.Reimage, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Quarentena, [1366], [327205],1.0.6277
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [453], [-1],0.0.0

Valor de registro: 7
PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{775AA926-907A-45A7-9C07-AA3927557007}|PATH, Quarentena, [1366], [332365],1.0.6277
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C6393780-D69B-4C25-89D3-673DE7E96BCA}|PATH, Quarentena, [248], [308967],1.0.6277
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-2848946255-2003669021-1647865840-1000\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [453], [-1],0.0.0

Dados de registro: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|START PAGE, Substituído, [248], [293461],1.0.6277

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 39
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Temp\20180808_0348\DownloaderTemp, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Temp\20180808_0348, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Temp, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\REI, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\629518291, Quarentena, [406], [463480],1.0.6277
PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE, Quarentena, [4548], [443706],1.0.6277
PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\630382692, Quarentena, [406], [463480],1.0.6277
PUP.Optional.vSnapShot, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\vSnapshot\dump, Quarentena, [4378], [495671],1.0.6277
PUP.Optional.vSnapShot, C:\Windows\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\VSNAPSHOT, Quarentena, [4378], [495671],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\browsericons, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\de, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\en, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\es, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\fr, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_metadata, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\lib, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, Quarentena, [272], [550469],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\USERS\NARDE\APPDATA\LOCAL\{6416524A-40BE-3EF2-2D26-1B1A094EE782}, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\UPDData, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\PROGRAM FILES (X86)\VSNAPSHOT, Quarentena, [4378], [495664],1.0.6277

Arquivo: 226
Trojan.Downloader, C:\PROGRAMDATA\1.exe, Quarentena, [856], [198764],1.0.6277
Trojan.Downloader, C:\PROGRAMDATA\2.exe, Quarentena, [856], [198764],1.0.6277
PUP.Optional.Reimage, C:\REI\AV\HBEDV.KEY, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\cacert.crt, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\msvcr120.dll, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\productname.dat, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\savapi.exe, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\savapi_restart.exe, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\savapi_stub.exe, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\AV\xbvRei.vdf, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\debug-repair-2.log, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\debug-repair.log, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\Info_EnvironmentVars.res, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\Info_Installed.rec, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\JunkScanRes.xml, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\out.log, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\RegistryScanRes.xml, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Results\EXE1.8.7.4\RUN20180808_0348\StabilityScanRes.xml, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\Temp\20180808_0348\ApplicationList.ini, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\About.txt, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\cfl.rei, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\QRes.rei, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\rei1874nvt.ini, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\reimage.qsr, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, Quarentena, [1366], [327187],1.0.6277
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Quarentena, [248], [254335],1.0.6277
PUP.Optional.Reimage, C:\Windows\SYSTEM32\TASKS\REIMAGEUPDATER, Quarentena, [1366], [327190],1.0.6277
PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\629518291\ic-0.46a9e60dde1a7c.exe, Quarentena, [406], [463480],1.0.6277
PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\629518291\dlreport, Quarentena, [406], [463480],1.0.6277
PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\629518291\ic-0.5af5f0e381b3b.exe, Quarentena, [406], [463480],1.0.6277
PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\629518291\ic-0.f454bcb5c9c4c.exe, Quarentena, [406], [463480],1.0.6277
PUP.Optional.MirageISO, C:\USERS\PUBLIC\DOCUMENTS\XMUPDATE\CONF.DB, Quarentena, [4548], [443706],1.0.6277
PUP.Optional.BundleInstaller, C:\USERS\NARDE\APPDATA\LOCAL\TEMP\630382692\ic-0.08dbc4b815206c.exe, Quarentena, [406], [463480],1.0.6277
PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\630382692\dlreport, Quarentena, [406], [463480],1.0.6277
PUP.Optional.BundleInstaller, C:\Users\Narde\AppData\Local\Temp\630382692\ic-0.6dac169cc2ef54.exe, Quarentena, [406], [463480],1.0.6277
PUP.Optional.vSnapShot, C:\Windows\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\VSNAPSHOT\DUMP\BUGREPORTCONFIG.INI, Quarentena, [4378], [495671],1.0.6277
PUP.Optional.SearchManager, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [245], [476595],1.0.6277
PUP.Optional.SearchManager, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [245], [260991],1.0.6277
Trojan.Agent.TskLnk, C:\Windows\SYSTEM32\TASKS\System\SystemChecks, Quarentena, [1136], [537823],1.0.6277
Trojan.Agent.TskLnk, C:\USERS\PUBLIC\LIBRARIES\CHECKS.VBS, Quarentena, [1136], [537823],1.0.6277
Trojan.Agent.TskLnk, C:\Windows\SYSTEM32\TASKS\System\SystemChecks, Quarentena, [1136], [-1],0.0.0
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.eot, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.svg, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\adaware.woff, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-book.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-bookitalic.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-light.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-lightitalic.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-medium.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-mediumitalic.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-semibold.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\canaro-semibolditalic.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\fontawesome-webfont.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\fonts\segoeui.ttf, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\auto-complete.css, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\flexbox.css, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\new-tab.css, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\normalize.css, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\css\roboto.css, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\browsericons\icon19.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\browsericons\icon38.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\abstract_default.jpg, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\adaware_secure_search.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\animals_default.jpg, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\dot.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\dot_color.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\dropdown_arrow.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\icon_128.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\icon_16.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\icon_check.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\magnifier_icon.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\nature_default.jpg, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\settings_icon.png, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\img\urban_default.jpg, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\lib\auto-complete.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\lib\publicsuffixlist.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\adaware-telemetry.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\adaware-utils.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\background.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\i18n.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\load-new.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\messaging.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\new-tab.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\pagestore.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\polyfill.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\start.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\storage.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\tab.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\traffic.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\uritools.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\vapi-background.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\vapi-client.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\js\vapi-common.js, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\de\messages.json, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\en\messages.json, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\es\messages.json, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_locales\fr\messages.json, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\_metadata\verified_contents.json, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\background.html, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\LICENSE.txt, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\load-new.html, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\manifest.json, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.8.14_0\new-tab.html, Quarentena, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [272], [550469],1.0.6277
PUP.Optional.DefaultSearch, C:\USERS\NARDE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [272], [550469],1.0.6277
MachineLearning/Anomalous.100%, C:\Windows\MJCXNGU.EXE, Quarentena, [0], [392687],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\USERS\NARDE\APPDATA\LOCAL\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HOWTOREMOVE\HOWTOREMOVE.HTML, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\chromium-min.jpg, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\control panel-min-min.JPG, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\down.png, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\ff menu.JPG, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\ff search engine-min.png, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\hp-min ff.png, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\hp-min ie.png, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\search engine.gif, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\setup pages.gif, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\sp-min.png, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\start-min.jpg, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\HowToRemove\up.png, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\camafare, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\install.log, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\linamot.dat, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\locecefo, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\ritenocet, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\sanamaset, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\sitiramot.dat, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\Sqlite3.dll, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\ticate.dat, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\tolifi, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\uninst.dat, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.WinYahoo.TskLnk, C:\Users\Narde\AppData\Local\{6416524A-40BE-3EF2-2D26-1B1A094EE782}\uninst.exe, Quarentena, [3725], [542290],1.0.6277
PUP.Optional.vSnapShot, C:\PROGRAM FILES (X86)\VSNAPSHOT\1.2.0.0\UPDATA.INI, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\MainFrame.xml, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\PopupFontSize.xml, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\PopupLineType.xml, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\PopupTrayMenu.xml, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\EN\ToolBar.xml, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_linetype_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_list.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_list_font_size.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_option.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\bg_option_triangle.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_bold.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_brush_l.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_brush_m.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_brush_s.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_italic.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\btn_list.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\color_swatches.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\color_swatches_l.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\icn_check_grey.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\icn_check_white.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\icn_list_drop.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_1.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_2.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_3.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\optionbar\line_4.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_blur.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_input_error.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_input_focused.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_input_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_popup.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\bg_setting.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_cancel_clicked.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_cancel_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_cancel_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_save_clicked.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_save_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\btn_save_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\dimmed_bg.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\setting\icn_error.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\bg_toolbar_narrow.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_cancel.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_complete.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_save.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_action_undo.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_arrow.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_brush.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_eclipse.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_mosaic.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_rectangle.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\toolbar\btn_tool_text.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\bg_menu_clicked.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\bg_menu_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\bg_tray_menu.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\exit.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\icn_open.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\TrayMenu\icn_shortcut.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_core.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_core_big.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_function_clicked.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\bg_function_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_close_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_close_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_close_pressed.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_min_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_min_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_min_pressed.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_shortcut_clicked.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_shortcut_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\btn_shortcut_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_conflict.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_custom_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_custom_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_printscreen_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_printscreen_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_region_hover.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\icn_region_normal.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\DuiLibResource\picture\logo.png, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\UPDData\History.dat, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\CrashReport.exe, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\CrashReportModuleConf.ini, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\CrashUL.exe, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\InstallHelper.exe, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\Report.exe, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\Roboto-Regular.ttf, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\Updata.dll, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.vSnapShot, C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshot.exe, Quarentena, [4378], [495664],1.0.6277
PUP.Optional.Reimage, C:\USERS\NARDE\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\REIGUARD.EXE, Quarentena, [1366], [327181],1.0.6277
PUP.Optional.Reimage, C:\USERS\NARDE\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\REIMAGEPACKAGE.EXE, Quarentena, [1366], [331559],1.0.6277
PUP.Optional.Reimage, C:\USERS\NARDE\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\REIMAGEREPAIR.EXE, Quarentena, [1366], [331559],1.0.6277
PUP.Optional.InstallCore, C:\USERS\NARDE\DOWNLOADS\BAIXAKI_FB-CHECKER.EXE, Quarentena, [398], [324268],1.0.6277
Adware.Wajam, C:\Windows\MJCXNGU.EXE, Quarentena, [453], [548516],1.0.6277

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:07, on 09/08/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10440__180809
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E7CBF322B6233F0A4CB19C2626926271] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
O15 - Trusted Zone: http://*.webcompanion.com
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Serviço do %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Serviço do %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WinTab Service (WinTabService) - Unknown owner - C:\Windows\System32\Drivers\WTSRV.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6311 bytes
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Redifina as Configurações do Google Chrome. 

Abra o Chrome/ Entre em Configurações >  Configurações Avançada > Redefinir configurações/ Restaurar configurações aos padrões originais./ Redefinir configurações..

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.

Informe a situação atual do PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

C:\Users\All Users\Blogger\Blogger.exe    multiple threats    
C:\Users\All Users\dlzzschoizmhuh\lkwfhu.vbs    VBS/CoinMiner.KS trojan    
C:\Users\All Users\dlzzschoizmhuh\xqtehdd.vbs    VBS/CoinMiner.KS trojan    
C:\Users\Narde\AppData\Local\Temp\nsqF481.tmp\xZaNzxuQKtQ.dll    a variant of Win32/Adware.Zdengo.AZZ application    
C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe    Win32/OpenCandy.J potentially unsafe application    
C:\Users\Narde\AppData\Roaming\uTorrent\updates\3.5.3_44428.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    
C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\Lavasoft.Utils.dll    a variant of MSIL/WebCompanion.D potentially unwanted application    
C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\Lavasoft.WCAssistant.WinService.exe    a variant of MSIL/WebCompanion.D potentially unwanted application    
C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\WebCompanion.exe    a variant of MSIL/WebCompanion.D potentially unwanted application    
C:\Users\Narde\AppData\Roaming\ZHP\Quarantine\web companion.VIR\Application\WebCompanionInstaller.exe    a variant of MSIL/WebCompanion.C potentially unwanted application    
C:\Users\Narde\Downloads\Baixaki_fb-checker [1].exe    a variant of Win32/InnovativeSolutions.A potentially unwanted application    
C:\Users\Todos os Usuários\Blogger\Blogger.exe    multiple threats    
C:\Users\Todos os Usuários\dlzzschoizmhuh\lkwfhu.vbs    VBS/CoinMiner.KS trojan    
C:\Users\Todos os Usuários\dlzzschoizmhuh\xqtehdd.vbs    VBS/CoinMiner.KS trojan    
C:\Windows\Temp\nsb1BC0.tmp\xZaNzxuQKtQ.dll    a variant of Win32/Adware.Zdengo.AZZ application    
D:\Meus documentos\Documentos\Instaladores\aTubeCatcher.exe    a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application    
D:\Meus documentos\Documentos\Instaladores\PlayStorePRO_v13.3.4.apk    a variant of Android/Autoins.C potentially unsafe application    
D:\Meus documentos\Documentos\Instaladores\uTorrent.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    
D:\Meus documentos\Documentos\Instaladores\Windows-movie-maker-2016.exe    a variant of Win32/Hoax.MovieMaker.A application    
D:\Meus documentos\Documentos\Instaladores\Manga Studio EX 5.0.3 WIN+MAC+Materials - by X-FORCE\Manga Studio EX 5.0.3 Windows.7z    a variant of Win32/Keygen.HA potentially unsafe application    
D:\Meus documentos\Documentos\Instaladores\Manga Studio EX 5.0.3 WIN+MAC+Materials - by X-FORCE\Windows\xf-sms502ex.exe    a variant of Win32/Keygen.HA potentially unsafe application    
C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RNTS205.rar    a variant of Win32/HackTool.Patcher.CH potentially unsafe application    deleted
C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RDL1NEL.Multilingual-iCV-CreW\Fix\Adobe CC 2015 Universal Patcher 1.5\adobe.snr.patch-painter.exe    a variant of Win32/HackTool.Patcher.CH potentially unsafe application    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RDL1NEL.Multilingual-iCV-CreW\Fix\Adobe CC 2015.5 XFORCE Activation\Keygen_XF-adobecc2015.exe    a variant of Win32/Keygen.HA potentially unsafe application    cleaned by deleting
C:\$Recycle.Bin\S-1-5-21-2848946255-2003669021-1647865840-1000\$RDL1NEL.Multilingual-iCV-CreW\Fix\amtemu.v0.9.1.win-painter\amtemu.v0.9.1-painter.exe    Win32/HackTool.Crack.FS potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Windows Live\Photo Gallery\WinMovieMaker.exe    a variant of Win32/Hoax.MovieMaker.A application    cleaned by deleting
C:\ProgramData\Blogger\Blogger.exe    multiple threats    cleaned by deleting
C:\ProgramData\dlzzschoizmhuh\lkwfhu.vbs    VBS/CoinMiner.KS trojan    cleaned by deleting
C:\ProgramData\dlzzschoizmhuh\xqtehdd.vbs    VBS/CoinMiner.KS trojan    cleaned by deleting
C:\Users\Narde\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp\3.15_0\js\jquery.js    JS/Chromex.Agent.AP trojan    

 

 

Meu PC está funcionando normalmente. Tudo ok aparentemente. O malware não apareceu mais. 
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo. (Y)  

Download  DelFix, e salve no seu Desktop (Área de Trabalho). Dê um duplo-clique no delfix.exe para executá-lo.
 
No Windows 7, 8 e 10: Clique com o direito sobre o delfix.exe e selecione Executar como Administrador
 
Marque a caixa conforme a imagem.abaixo

DellFix.jpg

Clique no botão Executar. Isso removerá os Programas usados na desinfecção, Pastas e Arquivos criados por eles e o próprio DelFix.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×