Adware Adw Cleaner hilft nicht Google Chrome infiziert

Tepcon · 09.03.2017, 16:47

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Princhi (09-03-2017 16:42:34)
Gestartet von C:\Users\Princhi\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-05 15:59:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-88799701-2343346839-193955109-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-88799701-2343346839-193955109-503 - Limited - Disabled)
Gast (S-1-5-21-88799701-2343346839-193955109-501 - Limited - Disabled)
Princhi (S-1-5-21-88799701-2343346839-193955109-1001 - Administrator - Enabled) => C:\Users\Princhi

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
American Truck Simulator MULTi23 - ElAmigos Version 1.3.1.1 (HKLM-x32\...\{1E1A283E-DA44-4DCB-BC57-295E54DF18CA}_is1) (Version: 1.3.1.1 - SCS Software)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series Benutzerregistrierung (HKLM-x32\...\Canon MG6600 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CASIO FA-124 (HKLM-x32\...\{FB47E710-6249-4EFA-BE36-E922B0612AF4}) (Version: 2.04.0000 - CASIO COMPUTER CO., LTD.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duke Nukem Forever (HKLM\...\Steam App 57900) (Version:  - Gearbox Software)
Dying Light Ultimate Edition MULTi2 1.0 (HKLM-x32\...\Dying Light Ultimate Edition MULTi2 1.0) (Version:  - )
Euro Truck Simulator 2 Demo (HKLM\...\Steam App 231120) (Version:  - SCS Software)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version:  - )
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version:  - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
fx-Manager PLUS (90-Day Trial) (HKLM-x32\...\{80447814-A99C-415D-B019-7A825CEE064B}) (Version: 02.04.4100.0291 - CASIO COMPUTER CO., LTD.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID (HKLM\...\Steam App 12750) (Version:  - Codemasters Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HMA! Pro VPN 3.2.13.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.2.13.0 - Privax Ltd)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.2 - Smith Micro)
Microsoft OneDrive (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{180b9d5a-5197-4326-bcb0-fe448086015b}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version:  - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Risen 3 Titan Lords Enhanced Edition MULTI2 1.0 (HKLM-x32\...\Risen 3 Titan Lords Enhanced Edition MULTI2 1.0) (Version:  - )
RPG MAKER VX Ace (HKLM-x32\...\RPG MAKER VX Ace_is1) (Version: 1.01a - )
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SABnzbd 0.7.19 (HKLM-x32\...\SABnzbd) (Version: 0.7.19 - The SABnzbd Team)
Samsung Connection Manager (HKLM-x32\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112.6 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9C926493-16C0-438E-8E51-BC3638E29ABB}) (Version: 6.1.4.0 - Husdawg, LLC)
Tales of Symphonia Version 1.0 u3 (HKLM-x32\...\{1E213234-7E5C-42A5-8FA1-766E7728015D}_is1) (Version: 1.0 u3 - Bandai Namco Entertainment)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Sims 3 Ultimate Collection Version 1.67.2 (HKLM-x32\...\The Sims 3 Ultimate Collection_is1) (Version: 1.67.2 - EA Games)
The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22) (Version:  - )
The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02) (Version:  - )
Trillian (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Trillian) (Version:  - Cerulean Studios, LLC)
Undertale version 1.0 u09.03.2016 (HKLM-x32\...\{800C5999-FCC6-4C6D-95B6-5E8574896874}_is1) (Version: 1.0 u09.03.2016 - tobyfox)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.1.2.104 - Vodafone)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0E524B03-1D26-41B6-ABD2-F29FB4F8B41D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-24] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {36FA50E1-D56E-483F-AEE3-3F296E349404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4B9C0926-CF32-484A-A741-A6E2C89BC329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {59D17917-85E1-4E2E-959F-2F02B05AA878} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {B5BB4BD1-F18C-40B3-8925-0E98012E2F12} - System32\Tasks\{BAAF7A63-576A-4E4E-96F8-72A8EBB68660} => pcalua.exe -a "D:\Games\The Witcher 3 Wild Hunt\Uninstall.exe"
Task: {CCE2E5E1-F1F1-4AF8-A21C-2B15C00FCB0D} - System32\Tasks\{D07A19C7-CDC4-4BD3-B00B-C2829140E6CD} => pcalua.exe -a "C:\Users\Princhi\Downloads\skse_1_07_01_installer (1).exe" -d C:\Users\Princhi\Downloads
Task: {D533BD21-EC84-4A14-AEE8-FB6F0D3FAD3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe 
Task: {DDE677D5-0F3E-48FB-B0D1-BC1F907283F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-05 16:36 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-03-08 18:20 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-08 18:20 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-01-18 19:06 - 2015-08-21 19:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-09-13 19:42 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 21:54 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-04-01 22:05 - 2013-10-29 13:49 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-04-01 22:05 - 2013-06-26 16:01 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2016-08-12 13:20 - 2016-08-12 13:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-09-15 12:55 - 2017-02-14 01:06 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-04-14 16:46 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 22:05 - 2013-01-15 16:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-04-01 22:05 - 2013-06-26 16:01 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7866 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-07-26 00:22 - 00450771 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15463 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "FlashUpdate"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{649C4E67-76FA-41B2-AC20-CB9A7DCE0AC1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9D6995F4-621F-468C-9927-30F9F39A47E4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{AC17E31E-0877-4B73-BF4F-CE51AE51DB23}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C56E2EF1-A1A8-44ED-87DD-E3972842FDB1}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

22-02-2017 15:40:58 Windows Update
01-03-2017 18:18:03 Geplanter Prüfpunkt
08-03-2017 19:00:32 JRT Pre-Junkware Removal
08-03-2017 19:11:46 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/08/2017 10:45:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1dc8
Startzeit der fehlerhaften Anwendung: 0x01d298550b243af7
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 8ae22f7a-487c-4e62-a2ae-cc3a78999c4e
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (03/08/2017 10:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: microsoftedgecp.exe, Version: 11.0.14393.82, Zeitstempel: 0x57a55786
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000604
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x1dc8
Startzeit der fehlerhaften Anwendung: 0x01d298550b243af7
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 801a5b1f-4695-49f0-b359-5b4b5343b76c
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: EPONA)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: EPONA)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: EPONA)
Description: Das lokal gespeicherte Profil kann nicht geladen werden. Mögliche Fehlerursachen sind nicht ausreichende Sicherheitsrechte oder ein beschädigtes lokales Profil. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (03/08/2017 09:33:27 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT-AUTORITÄT)
Description: Die Registrierung konnte nicht geladen werden. Dieses Problem wird oft durch zuwenig Arbeitsspeicher oder nicht ausreichende Sicherheitsberechtigungen verursacht. 

 Details - Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
 for C:\Users\Princhi\ntuser.dat

Error: (03/08/2017 09:18:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x15d4
Startzeit der fehlerhaften Anwendung: 0x01d2984920e296f4
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 35ce3851-9dbd-4bae-85c7-1866b810869e
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/08/2017 08:30:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0xad8
Startzeit der fehlerhaften Anwendung: 0x01d29842638728cf
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 6ce37961-428a-4096-9c21-dca2ab62a126
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/08/2017 08:06:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0x2158
Startzeit der fehlerhaften Anwendung: 0x01d2983f2651c8c1
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: c72ded85-bd64-4cdf-9441-67a61655a778
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (03/08/2017 07:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: chrome.exe, Version: 56.0.2924.87, Zeitstempel: 0x58916dcd
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000409
Fehleroffset: 0x5c9ad473
ID des fehlerhaften Prozesses: 0xe9c
Startzeit der fehlerhaften Anwendung: 0x01d2983c41b4dd1a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Footper\Application\chrome.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 63bfd0ff-31d2-4912-abe0-ec59e5a3ba0a
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (03/09/2017 04:38:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (03/09/2017 04:36:03 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{784E29F4-5EBE-4279-9948-1E8FE941646D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/09/2017 04:32:08 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (03/09/2017 04:09:14 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (03/09/2017 04:08:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/09/2017 04:08:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/09/2017 04:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer 11" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/09/2017 04:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/09/2017 04:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/09/2017 04:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Ntp2NetSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2017-03-07 15:34:35.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-03-07 15:08:10.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-03 17:00:27.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-03 16:56:56.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-21 01:08:28.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-21 00:12:20.064
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 23:15:15.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 22:03:49.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 21:52:52.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 21:12:20.027
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 8093.39 MB
Verfügbarer physikalischer RAM: 5905.97 MB
Summe virtueller Speicher: 9373.39 MB
Verfügbarer virtueller Speicher: 7190.68 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:390.16 GB) (Free:142.18 GB) NTFS
Drive d: (Volume) (Fixed) (Total:540.4 GB) (Free:152.63 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

M-K-D-B · 09.03.2017, 16:51

Servus,

wir kontrollieren nochmal alles... und so wie ich ESET und HitmanPro kenne, werden die auch noch was finden...

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
FF :::
setze bitte Firefox wie folgt zurück:
Firefox zurücksetzen

CHR:::
Setze Google Chrome nach dieser Anleitung zurück.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

Tepcon · 09.03.2017, 19:37

Zu Schritt 1, Google Chrome wurde gelöscht und Firefox, was sich ja ursprünglich von selbst installiert hat, ist auch weg. Soll ich die dann nochmal runterladen? - Danke schon mal im voraus, der PC fühlt sich schon viel sauberer an :')

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=819c0d301ffe42448a552b4e8e016b62
# end=init
# utc_time=2017-03-09 04:07:32
# local_time=2017-03-09 05:07:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32661
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=819c0d301ffe42448a552b4e8e016b62
# end=updated
# utc_time=2017-03-09 04:43:05
# local_time=2017-03-09 05:43:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=819c0d301ffe42448a552b4e8e016b62
# engine=32661
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-03-09 06:32:18
# local_time=2017-03-09 07:32:18 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12370068 20414954 0 0
# scanned=412689
# found=177
# cleaned=0
# scan_time=6552
sh=62469BCAFCB65DFDBC5862BD9685929B948BAAF1 ft=1 fh=df85e497f56b6a57 vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cjbdryeluomaiotoxjodgetulhhykehz.back"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\dvsoyhmzswauqgqyobpbgvwnaqjofbxy.back"
sh=623843773350AA5F780C19EC6022776FF20E37E0 ft=1 fh=90df97ff6331c41b vn="Variante von Win64/Riskware.Komodia.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\hfuvidrwwnbwcqboixydtocyjyzzutit.back"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\jzpvhfoftmvoxokhwnomaqxputvbtbkj.back"
sh=163161C4C7BC4F9939BA63F5625C12E54D9ED6AC ft=1 fh=c6fc775abdf2f8ea vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\kcuueprhtyzxtkbslnobdijsnseplyrt.back"
sh=B45F4C759DF4AFFBA7D3D1257784820F928AAF27 ft=1 fh=a755d756e8b5ef1b vn="Variante von Win64/Packed.Komodia.F verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\kmtjqwbaqepqerqivytqqioayrlrioac.back"
sh=F6D414BC1AF351C106117F6961ABC0DBBF525BC6 ft=1 fh=bf0121d16f795e3a vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ligtggkfqpwipiwsgkmxuabzgnstywsz.back"
sh=98EB30DC8C27BDC38BAC419047BE16C8414D9A72 ft=1 fh=6886c33ba3f81d84 vn="Variante von Win32/Packed.Komodia.E verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\ohxewlbzlcjdhiaglxnscczbrrngxvyh.back"
sh=623843773350AA5F780C19EC6022776FF20E37E0 ft=1 fh=90df97ff6331c41b vn="Variante von Win64/Riskware.Komodia.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xzgwwfptptmdmurjibfuiotxqdmwrwjj.back"
sh=CDD75CB2EC8BC78D5DA7961DC86CC514464B5292 ft=1 fh=87b70ef0b65eb28d vn="Variante von Win32/Adware.ELEX.DC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\anwovnweyhyrygdmbrmzvdyailxdcxpw\GubedZL.dll"
sh=5E8A41964C319F045E31E7129EB89119D017AACA ft=1 fh=e64f4b733747afe2 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\bdbhdpggensejjwczvifunkrvljgzlqw\WinSAP.dll"
sh=ECA35CB90C1711D82A6552F278AB654F6FEABBE8 ft=1 fh=5b41a4ba2ffec283 vn="Variante von Win32/Obfuscated.NKY Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\files\bvvtrgjexpurclgtpzuygtqvuvinzkod\QQ\qmdr\dr.dll"
sh=63380E8CD5FF4B4FB1128FF173899636AFB7D20F ft=1 fh=b95e4a90f2b30670 vn="Variante von Win32/Adware.ELEX.FP Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\bwxnjcaufxumosjyjgmgsqqvlwhptble\bin\FirefoxUpdate.exe"
sh=7E85F47BC6041DFD84CCD26F5A0040D0E86D80E5 ft=1 fh=f2b8f94100b127f2 vn="Variante von Win32/ProxyGate.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\bzqwtaduxyoljoudcfnzgxemrimckkpa\MainService.exe"
sh=A381430826F0B4E88CF9E39F9C7C968503A87803 ft=1 fh=ae366bbd20dbc338 vn="Variante von Win32/ProxyGate.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\bzqwtaduxyoljoudcfnzgxemrimckkpa\PGChk.exe"
sh=95D0FDDF5794E6B7105D442FF7A755DE83FAA01A ft=1 fh=48acea7e1fbf5801 vn="Variante von Win32/ProxyGate.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\bzqwtaduxyoljoudcfnzgxemrimckkpa\ProxyGate.exe"
sh=A08A0655E32062C043C7B0DA92FA1B6C24D98263 ft=1 fh=96f8869dc20a5d1f vn="Variante von Win32/ProxyGate.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\bzqwtaduxyoljoudcfnzgxemrimckkpa\Socket.exe"
sh=EE05E27A26C3852A835A007ADD1B89AFE5DD9B88 ft=1 fh=389f12129e92bc03 vn="Variante von Win32/ProxyGate.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\bzqwtaduxyoljoudcfnzgxemrimckkpa\TrafficMonitor.exe"
sh=A751AB2E928FCCD684EF81292E063F10D73837DD ft=1 fh=8eadfcd707dda20a vn="Variante von Win32/Adware.ELEX.EN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\SETUP.dll"
sh=D273B6474FB2DA5AB0F7ADA7C6A6FEBD934D5229 ft=1 fh=c71c0011829d7e43 vn="Variante von Win32/Adware.ELEX.FW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\WinSAP.dll"
sh=094F160B4561D40BD45CF477F5D6EAA827B95485 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\amule.msi"
sh=4D1DCE639F8127D940B5FDCB19B510AEB3AD8ECF ft=1 fh=c71c00112874f58f vn="Variante von Win32/Adware.ELEX.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\Archer.dllEx.dll"
sh=573B1087AC05705EE041161138F1C702A6CA6B2C ft=1 fh=c71c00110a12a4cf vn="Variante von Win32/Adware.ELEX.EE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\ClearLog.dll"
sh=B6E07EC887FBB9547CD04DFA48819928CAC0F8E4 ft=1 fh=1364595b1c2f76ca vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\de_svr.exe"
sh=CDD75CB2EC8BC78D5DA7961DC86CC514464B5292 ft=1 fh=87b70ef0b65eb28d vn="Variante von Win32/Adware.ELEX.DC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\GubedZL.dll"
sh=CD92F9125F872F5380C2C62B260598F894D12245 ft=1 fh=c71c00116877a058 vn="Win32/Adware.ELEX.EN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\Install.dll"
sh=73F75B719C002EB8C0A377D5049A0D1CDFD9D9BE ft=1 fh=c71c0011e89d9474 vn="Variante von Win32/Adware.ELEX.DT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\Lancer.dll"
sh=75032BD5172C4F4F8465409C6063E2976E12E989 ft=1 fh=c71c0011fea09079 vn="Variante von Win32/Adware.ELEX.AJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\QQBrowserFrame.dll"
sh=D273B6474FB2DA5AB0F7ADA7C6A6FEBD934D5229 ft=1 fh=c71c0011829d7e43 vn="Variante von Win32/Adware.ELEX.FW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\WinSAP.dll"
sh=1CF3B36F9421590B2F0F5FA405C0D54EFA66760F ft=1 fh=a671f5fc17b079df vn="Variante von Win32/Adware.ELEX.EE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cavaxkvapjmhkcwgwpmkcqipsncnefvx\winsap_update\wintooll.exe"
sh=9075092093489ECBC4877317DE8AAF3DAC4E8178 ft=1 fh=2733cc05055beb02 vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\dmr_72.exe"
sh=EE6B0DCFD78AE0C9F4AE96F437D6BCA7176F1C8E ft=1 fh=c71c0011edc45ce9 vn="Variante von Win32/Adware.ELEX.EI Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\dtyeifmpxnsqobqqjmcilffdfztkwftg\Archer.dll"
sh=5B8CA30CC338F369A2DECA1CD43B7057296E7C6B ft=1 fh=d8cd74b4b4f6fa21 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\eaoykrymjkezvatognutcmpzmjmmckvd\ed2k.exe"
sh=AECBDC2D25AC8C12607F7219A3B19E6C00C176E4 ft=1 fh=1f875eff70b0a191 vn="Variante von Win32/Obfuscated.NJZ Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\files\enweiqeckiultxokxkkpdzdgdkziinna\yacqq.exe"
sh=5290C50525251472C4CD0C427261B82BB28D931E ft=1 fh=82693138a1f8ddda vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\fvfsreqidppouzhjfarqjuccvuzjdtmm\ed2k.exe"
sh=F274D1FFC1E3C582AE5DEFAE09AE319BFF3587FD ft=1 fh=87764dc63cfa37e4 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\fztulhszulhanxgaybuuoyaxkybxzrgd\WinSAP.dll"
sh=E52F223F41960AC79032A81044E7C1F7483B0248 ft=1 fh=951c32585bc75043 vn="Variante von Win32/ELEX.BP eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iImportLib.dll"
sh=BFC712282D22A4DC02D4594EC5AF71C790347E36 ft=1 fh=91d61e330d1da7f8 vn="Variante von Win32/ELEX.CC eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeKrnlCall64.dll"
sh=BB81439EA817953E9DBE7B7039F29456D4DC64D7 ft=1 fh=3e21a739fcfccdc1 vn="Variante von Win32/ELEX.CC eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeNetFilter.sys"
sh=A340BA98EC7BA228D8E66AC55C47F6A0F0FCCBD2 ft=1 fh=92c69192d39a3ccb vn="Variante von Win32/ELEX.CC eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeSrvMon64.dll"
sh=A6BF69B1148541DB25F0E90A59B9D1C9D40228D7 ft=1 fh=b9ab3950f85f20a2 vn="Variante von Win32/ELEX.CS eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSvc.dll"
sh=950DBB0A7819DB947DDB9E7ED648EF52C2071438 ft=1 fh=cc52ce2f87a1f8a2 vn="Variante von Win32/ELEX.CQ eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSvc2.dll"
sh=5AF0B98E324EB8D81F97EEE2D11E3F996B5C91F5 ft=1 fh=955761e6ce5527b5 vn="Variante von Win32/ELEX.KH eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\ouilibx.dll"
sh=0F14A5E1D85FCA745A03C0936DEFF7D277AEECA0 ft=1 fh=b1192ac96d82188c vn="Variante von Win32/ELEX.DB eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\uninstall.exe"
sh=4BAC7EB623632405322CBD8CCDC3DEC06DDB4AC0 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\data\fst.dat"
sh=F1ECE04FCAEAD729195A84BCB9807563FCDF8A6A ft=1 fh=8eadfcd76b422977 vn="Variante von Win32/Adware.ELEX.EN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\SETUP.dll"
sh=78AA2C0995320C4364032A0CC455C91F195441EA ft=1 fh=c71c00118fe28957 vn="Variante von Win32/Adware.ELEX.FW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\WinSAP.dll"
sh=B17A98A0B426D630F4167B2FFA5CEE316F582B4D ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\amule.msi"
sh=B55F3F7E55432505F78C6A426F7DF2893BA47D51 ft=1 fh=c71c00113c744a2d vn="Variante von Win32/Adware.ELEX.BI Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\ClearLog.dll"
sh=00943D914EF3BC156B686E9029A514A9B08740C1 ft=1 fh=1364595b135fe9df vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\de_svr.exe"
sh=266F885FA6FD6B74C588149CB5EC7C9A2EAB7439 ft=1 fh=a7380f99f8ec4b1f vn="Variante von Win32/Adware.ELEX.CR Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\Gubed.exe"
sh=C822881503B33D4155C163E58465D3116817DF04 ft=1 fh=c71c001184c06f3a vn="Variante von Win32/Adware.ELEX.DB Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\Lancer.dll"
sh=126570690FFEFA26518BBF3B2ACA3F85DAE70EAE ft=1 fh=c71c00116e4cc579 vn="Variante von Win32/Adware.ELEX.AD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\QQBrowserFrame.dll"
sh=6E4935E0975903F3F8BF4A9E09DC145437221E9C ft=1 fh=1ab6dfcc315ee2e6 vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\regkey.exe"
sh=609995CFEBBB5656D029D2F9C5E52982713FF95A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\uvcSetup.msi"
sh=78AA2C0995320C4364032A0CC455C91F195441EA ft=1 fh=c71c00118fe28957 vn="Variante von Win32/Adware.ELEX.FW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ixfbiadrjjykwyfhnyrtmcmcxvqncrnr\winsap_update\WinSAP.dll"
sh=F0F86F33DC15C741BEC2B6A99B14778D0C4AF2ED ft=1 fh=c71c0011dcdc9eb7 vn="Variante von Win32/Adware.ELEX.AD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\jpmedqfnvrixfvlrzuanytxozhhivhmw\InterHop.exe"
sh=237FA461F8BBEE562C28F6EC7075294D265AA1AB ft=1 fh=cbcaf96771769c6f vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\jrcyjzgdrnmhebpgwnyoqvhhqhvnjgyf\WinSAP.dll"
sh=DED1E1E8BB1A0C993BD0FE17869113478BDBE4D7 ft=1 fh=a88a4b45c78f2a75 vn="Variante von Win32/Adware.ELEX.FZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\kknmoddgmcoaqnqiqlywyontnvnwqtqf\Kyubey.exe"
sh=6B6AFA961297C256286320E9EED7807648EE027D ft=1 fh=55a32a3251815a28 vn="Variante von Win32/Adware.Zdengo.A.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\updengine.exe"
sh=98EB30DC8C27BDC38BAC419047BE16C8414D9A72 ft=1 fh=6886c33ba3f81d84 vn="Variante von Win32/Packed.Komodia.E verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\zdengine.dll"
sh=ABEBC3410879FC7B95260F1E40CD7C5C9CBE0810 ft=1 fh=4cb77c2bdd125eae vn="Variante von Win32/Packed.Komodia.E verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\zdengine.exe"
sh=B45F4C759DF4AFFBA7D3D1257784820F928AAF27 ft=1 fh=a755d756e8b5ef1b vn="Variante von Win64/Packed.Komodia.F verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\zdengine64.dll"
sh=A7F1B4986A2ED7839C2A667EF1D9B0AF52BBF94A ft=1 fh=afdfacbc68fa49a7 vn="Variante von Win32/Packed.Komodia.E verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\zdenginecert.dll"
sh=32840F589AA44DC45D94E39F3A081F165D4A0560 ft=1 fh=4d6a134e9f01d806 vn="Variante von Win32/RiskWare.Komodia.P Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\zdinstaller.exe"
sh=4B85671A0A372A935D4522CF9EE0E9AC2D8252DB ft=1 fh=226701b1eed5138e vn="Variante von Win32/RiskWare.Komodia.S Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\zdwfp.sys"
sh=623843773350AA5F780C19EC6022776FF20E37E0 ft=1 fh=90df97ff6331c41b vn="Variante von Win64/Riskware.Komodia.G Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\zdwfp64.sys"
sh=5CBF51545A0ED45FB7AD3ABFB100B64995417AE8 ft=1 fh=835d3e04e1218536 vn="Variante von Win32/Packed.Komodia.E verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\ziengine.exe"
sh=A6F334CCA9D8147583514673D2391DC5480102AD ft=1 fh=bb86a9964a43fdc0 vn="Variante von Win64/Packed.Komodia.D verdÃ¤chtige Datei" ac=I fn="C:\AdwCleaner\Quarantine\files\ldtykhptnnkzsomxmmlkgxagugjosaka\ziengine64.exe"
sh=DBE56AA227F1239AF59C384941CA3CF1A339413C ft=1 fh=6d02deee44379922 vn="Win32/Adware.ELEX.FZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\mavsvrfscvdlwgpspxkxpoizsivuokbh\Kyubey.exe"
sh=BBF7749C1BAD495F154DBC6F2DDD23C2719FEF86 ft=1 fh=c71c00112526d383 vn="Variante von Win32/Adware.ELEX.EI Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\mqtnwlosmqefdcupanlnjzcrkzeqmtda\Archer.dll"
sh=09F91879F8712188ABD95D1512F4EFE39084678F ft=1 fh=1ddc915efb6e1d95 vn="Win32/Adware.ELEX.ET Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\mvygawgrogoopvfcnhusfwoakmyopbpm\_@dfdg00000000.tmp.dat.exe"
sh=1A5ECF026DA09DC56AC35502EAB53AA071061500 ft=1 fh=a0300a088b7a3fa6 vn="Variante von Win32/Adware.ELEX.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\npqfmxukoqymwyrffsisdcgjcwaytebg\Update\NolarryUpdate.exe"
sh=78AA2C0995320C4364032A0CC455C91F195441EA ft=1 fh=c71c00118fe28957 vn="Variante von Win32/Adware.ELEX.FW Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\npydcqkywnborjucnvaliibhbifzcpft\WinSAP.dll"
sh=8B387657F2AE009A7DB5F4C52E61BCE86AC04883 ft=1 fh=29708c6fb58d4db9 vn="Variante von Win32/Adware.ELEX.FS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\SETUP.dll"
sh=F6FAC6B1BE6132107D8ACD0902B6E05F9A4C5C08 ft=1 fh=930492d3ea7dbbd7 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\WinSAP.dll"
sh=FF89553EB476FAA9FD47D12C969E084CDF61B559 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\winsap_update\amule.msi"
sh=0A5FCF4E91B04D63615727CE11D2D03BEDFAD599 ft=1 fh=c71c0011cdeb7a96 vn="Variante von Win32/Adware.ELEX.EI Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\winsap_update\Archer.dllEx.dll"
sh=1702D7C7786F19109DEA3B38E58B189FF3354592 ft=1 fh=c71c0011c53f3d3e vn="Variante von Win32/Adware.ELEX.EE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\winsap_update\ClearLog.dll"
sh=2B8384F562EA2CC9B8136217EB37094F0D237D88 ft=1 fh=0e7c1d87e4f80cd2 vn="Variante von Win32/Adware.ELEX.ES Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\winsap_update\GubedZL.dll"
sh=0474A0BBFC2093B9B8F0D70880F6EE50086569B5 ft=1 fh=c71c001194378cef vn="Variante von Win32/Adware.ELEX.GD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\winsap_update\Install.dll"
sh=33487ADD3C695C88E2A8F5E515C812C6E342A4EE ft=1 fh=c71c0011efc4ee67 vn="Variante von Win32/Adware.ELEX.DT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\winsap_update\Lancer.dll"
sh=F6FAC6B1BE6132107D8ACD0902B6E05F9A4C5C08 ft=1 fh=930492d3ea7dbbd7 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\nsckbcnwimgozuuanppgnpkaqoyhnlmh\winsap_update\WinSAP.dll"
sh=3EB5B908BE813B799EA69F5851098F39E3064FAB ft=1 fh=cb58c362439c1a39 vn="Variante von Win32/Adware.ELEX.FP Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\otcoykgsildmbxsrzrewkejvecbcrmwo\bin\FirefoxUpdate.exe"
sh=BF93D065630F5CA68A5B4FBC437953BCAECCAE15 ft=1 fh=c71c0011b2f568c8 vn="Variante von Win32/Adware.ELEX.CT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\peednhbynsrypffiwmzbnkgzhenztiqh\Archer.dll"
sh=237FA461F8BBEE562C28F6EC7075294D265AA1AB ft=1 fh=cbcaf96771769c6f vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\qhhvsahwvpjfgroqiswyxezdytfxokzx\WinSAP.dll"
sh=DED1E1E8BB1A0C993BD0FE17869113478BDBE4D7 ft=1 fh=a88a4b45c78f2a75 vn="Variante von Win32/Adware.ELEX.FZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\qtazecleeflohiocxeqckehmbftguxhr\Kyubey.exe"
sh=2C49EE60E7D43E5D8AB85827919C8CFC44C0F1AA ft=1 fh=9243ebf274e7bb8b vn="Win32/Adware.Neoreklami.Z Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\qvwprxtqiwchqnnqgwjivheqgahswbhb\bZ6eeXr.exe"
sh=9B0AD1E6BE4A2B0FE13CA6DF454CE4F5046350AC ft=1 fh=029c2d80eef515d4 vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\files\qvwprxtqiwchqnnqgwjivheqgahswbhb\uninstall.exe"
sh=E554D0F066550B425C871207708335144C97D906 ft=1 fh=cac359e5727e7077 vn="Variante von Win64/Adware.Neoreklami.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\qvwprxtqiwchqnnqgwjivheqgahswbhb\IEEF\joGzRk6iPU.dll"
sh=A6E5A8B91A7F9CFC963C61C009B6CCF423272C0E ft=1 fh=9be3b8e8a799268e vn="Variante von Win32/Adware.Neoreklami.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\qvwprxtqiwchqnnqgwjivheqgahswbhb\IEEF\Y3UOQnMA0Y.dll"
sh=EB1AE8D3FC8B4D4B47DD735488296EF7D94CBDFF ft=1 fh=401e982ad3d34dcb vn="Variante von Win32/Adware.Neoreklami.W Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\qvwprxtqiwchqnnqgwjivheqgahswbhb\IEEF\Y3UOQnMA0Y.exe"
sh=5E8A41964C319F045E31E7129EB89119D017AACA ft=1 fh=e64f4b733747afe2 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\rnkavljixmoptrfxkzrkwjhpxyoqoqxw\WinSAP.dll"
sh=75D75B5DD16D7B2D37A7191F7E782E4F8C9D3C0C ft=1 fh=b6db4b5860e3a929 vn="Variante von Win32/Adware.ELEX.EM Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\rrjnnxeuuoanrdrrkbbinxwhfdbjpevm\bin\FirefoxUpdate.exe"
sh=377A2D0225171568F31E7D29372EC65F341226F7 ft=1 fh=9a73ac2e96ad7287 vn="Variante von Win32/Adware.ELEX.DC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\sgwsinwkvqcixcajsaptbjcspjmxfaux\GubedZL.dll"
sh=DED1E1E8BB1A0C993BD0FE17869113478BDBE4D7 ft=1 fh=a88a4b45c78f2a75 vn="Variante von Win32/Adware.ELEX.FZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\silorkruzwkklhmggvsodfdjjwzehhjb\Kyubey.exe"
sh=4D1DCE639F8127D940B5FDCB19B510AEB3AD8ECF ft=1 fh=c71c00112874f58f vn="Variante von Win32/Adware.ELEX.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\texkfkiybvxzoctfdfigpgukoihekwtw\Archer.dll"
sh=BAE884CDBA307BC1CB91849AE954CC2F604C6A50 ft=1 fh=c71c001181a17f78 vn="Variante von Win32/Adware.ELEX.BY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\thonvgvxezfuxsxscarjpzfbmyuloeoe\UvConverter.exe"
sh=0C49743038EC8FF49464FA4BA5AA361CDA95725F ft=1 fh=6e01cf527f7331c6 vn="Variante von Win32/Adware.ELEX.FS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\tkketnwfpwjsxoyncbjxwoxgdzaeddsj\SETUP.dll"
sh=237FA461F8BBEE562C28F6EC7075294D265AA1AB ft=1 fh=cbcaf96771769c6f vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\tkketnwfpwjsxoyncbjxwoxgdzaeddsj\WinSAP.dll"
sh=F1B419A97879DF8C970037B33D8D562850ADFAF2 ft=1 fh=ba9a825417097d77 vn="Variante von Win32/Adware.ELEX.FZ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\tkketnwfpwjsxoyncbjxwoxgdzaeddsj\winsap_update\Kyubey.exe"
sh=237FA461F8BBEE562C28F6EC7075294D265AA1AB ft=1 fh=cbcaf96771769c6f vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\tkketnwfpwjsxoyncbjxwoxgdzaeddsj\winsap_update\WinSAP.dll"
sh=D827551F4860839721ED1314B3F0B7B32BC68C50 ft=1 fh=6e01cf521581ff31 vn="Variante von Win32/Adware.ELEX.FS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\txgqxsycqhhjevbhlzboocqgtwltyjim\SETUP.dll"
sh=4AE35886837E54673946BAD1B299AC426069D13D ft=1 fh=6cff4209b46f4900 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\txgqxsycqhhjevbhlzboocqgtwltyjim\WinSAP.dll"
sh=7EC2379B538BAD9562F49FCFA3290E0193DCF357 ft=1 fh=c71c001184bd6ca7 vn="Variante von Win32/Adware.ELEX.AD Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\txgqxsycqhhjevbhlzboocqgtwltyjim\winsap_update\QQBrowserFrame.dll"
sh=4AE35886837E54673946BAD1B299AC426069D13D ft=1 fh=6cff4209b46f4900 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\txgqxsycqhhjevbhlzboocqgtwltyjim\winsap_update\WinSAP.dll"
sh=3627D9B642737678916D0547AB688BE177C96D19 ft=1 fh=d417d380183ee97b vn="Variante von Win32/Adware.ELEX.DC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\umqqwyjgwfkxdnksiqjugocnqrwcwjpr\Gubed_WMI.exe"
sh=3887E695AEE5180C6EA589A8029F913EC06E1EA9 ft=1 fh=db174894c54cb25b vn="Variante von Win32/Adware.ConvertAd.AIX.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\uxmybjcbzehjljkithnzjjshnqwmiylw\Uninstall.exe"
sh=A99A9ABA0D8EECFE4656FAF10367D83E70556AD5 ft=1 fh=1844c2d038819820 vn="Variante von Win32/Adware.ConvertAd.AIX.gen Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\uxmybjcbzehjljkithnzjjshnqwmiylw\vnsmFD94.tmp"
sh=2B8384F562EA2CC9B8136217EB37094F0D237D88 ft=1 fh=0e7c1d87e4f80cd2 vn="Variante von Win32/Adware.ELEX.ES Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\vagjafyoufpukprcfbszumsqblszqfbt\GubZL.dll"
sh=F40FDCB9D1FD4C9EF72F452750062DA371F77FB3 ft=1 fh=1efd72ce304ad789 vn="Variante von Win32/Adware.ELEX.BA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\vyyluexlmwyydlkmwwahnpopcfkhlimj\chrome_elf.dll"
sh=5E8A41964C319F045E31E7129EB89119D017AACA ft=1 fh=e64f4b733747afe2 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\wrwdaaymdpczwwrfkxcyibgztqjvzapg\WinSAP.dll"
sh=A8A02D51FC887723C1ADA0E907158EE8B0411FB5 ft=1 fh=29708c6f652599bb vn="Variante von Win32/Adware.ELEX.FS Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xlmsypnsnhxgppgzjgxbkmutgdznhpim\SETUP.dll"
sh=F6FAC6B1BE6132107D8ACD0902B6E05F9A4C5C08 ft=1 fh=930492d3ea7dbbd7 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xlmsypnsnhxgppgzjgxbkmutgdznhpim\WinSAP.dll"
sh=FF89553EB476FAA9FD47D12C969E084CDF61B559 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xlmsypnsnhxgppgzjgxbkmutgdznhpim\winsap_update\amule.msi"
sh=13482A160C96052FE5629DB093B9F96F3B71B5F0 ft=1 fh=c71c0011c0fd6942 vn="Variante von Win32/Adware.ELEX.EE Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xlmsypnsnhxgppgzjgxbkmutgdznhpim\winsap_update\ClearLog.dll"
sh=FD3C2FE05CF547C58CC5117D526F49ECCCFAC9F5 ft=1 fh=c71c0011e0b93848 vn="Variante von Win32/Adware.ELEX.DT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xlmsypnsnhxgppgzjgxbkmutgdznhpim\winsap_update\Lancer.dll"
sh=9306E355BDADDF8FF095AE9909CBA7BCBFA0FBF7 ft=1 fh=f4bd591966612e98 vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xlmsypnsnhxgppgzjgxbkmutgdznhpim\winsap_update\WinSAP.dll"
sh=237FA461F8BBEE562C28F6EC7075294D265AA1AB ft=1 fh=cbcaf96771769c6f vn="Variante von Win32/Adware.ELEX.FQ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\xuwjqhkczuqralqtcniasbuwnpjydtzv\WinSAP.dll"
sh=FC42E074E9773A6C9F276AEFD93A655919E2AEFA ft=1 fh=1ca543562b85ad53 vn="Variante von Win32/Adware.ELEX.DC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\yndstoorrhchctuxregtacilqxspofor\bilibili.dll"
sh=7B54CC947D4A2B70DAB6FE2236D59DB972FFAF0F ft=1 fh=8855ba5ad312bda1 vn="Variante von Win32/Adware.ELEX.CJ Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\yordgcrboxchqpmgwevycuvihcukmbse\_@dfdg00000000.tmp.dat.exe"
sh=3D4A93D9A292E1402C5B30BBBD72ED7870A0BE3E ft=1 fh=c71c0011517ee30e vn="Variante von Win32/Adware.ELEX.CT Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\files\zlukdyygaewddrteebnoehbjeicemlft\Archer.dll"
sh=F7D0E7364A45A00015F0B99496B60196F758602B ft=1 fh=b190e99e31d92677 vn="Variante von Win32/Adware.ELEX.FI Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\1y27en8m\{9733C470-4E85-4B59-BB56-CF10D8FD63D6}\n2mllqy6.lrw"
sh=F7D0E7364A45A00015F0B99496B60196F758602B ft=1 fh=b190e99e31d92677 vn="Variante von Win32/Adware.ELEX.FI Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\36p1ub5x\{656AFC30-43B9-49DE-8963-F95FF80717F0}\yfkvbtav.l9p"
sh=F33A6F729E68611EE19344009BCB7BD3C2FBE860 ft=1 fh=6435fe1d69259771 vn="Variante von Win32/Adware.ELEX.BP Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\5vfzp0oa\{28B6AE19-1819-4266-AF03-20939A19436B}\sfcr58v3.m9r"
sh=977190F22C9331FF16ABFCB514E1F34F791E9A8E ft=1 fh=7ec8aa703b654f7a vn="Variante von Win32/Adware.ELEX.FI Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\7270h8dx\{891999E9-2DCD-49A6-9B79-AD6EEC6B0C18}\ccrnmfre.j43"
sh=F32D8829990AE3BFB77F8B3F6E6B842F1C96B077 ft=1 fh=73ff6e9135cb4892 vn="Variante von Win32/Adware.ELEX.BP Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\7dzsnilj\{96D9E6E8-ACA9-4BD5-B5DF-DAD0C8C872EB}\tvye61ug.co6"
sh=FFE9D3A81800B63174D740E8383CF593FB1AE3DE ft=1 fh=81c023e49daf167a vn="Variante von Win32/Adware.ELEX.BP Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\9ed212pd\{DE309E37-8CC0-40A3-8584-96A302448798}\928xn53b.3js"
sh=491DBF3FBFFCFA796E5FEE2E540A1E6655ACDB4D ft=1 fh=9ac9a2711e588392 vn="Variante von Win32/Adware.ELEX.BP Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\9mivm68y\{B83A6C7A-65C7-4F1D-BA77-AAC1CDB2506D}\c7b6n4cw.of6"
sh=0AC9AD101B5B4A6F9F5949BC2AC45F0444CE8E6B ft=1 fh=e44e40c57bbfa95c vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\amulell\ed2k.exe"
sh=58901EBF05DA74CFEFBA66221CE9251573ED6B29 ft=1 fh=3ac67e4c90355409 vn="Variante von Win32/Adware.ELEX.BP Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\mup1dg4v\{3A2FDCE8-ABA2-4248-AD73-9E2D62DD577A}\r862i7ir.n7q"
sh=116A240E8B66E7601B89DEC393190828A3B26148 ft=1 fh=22d2f16229e47580 vn="Win32/Adware.ELEX.FI Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\oe387eqk\{90D98515-A0F1-4597-B6B2-734A6C12A8CE}\z97in9ua.gy6"
sh=2BD9169E4633E33E1374306442BCA0A79D1F17D2 ft=1 fh=c2d52e92415ca825 vn="Win32/Adware.ELEX.BO Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\st2qnxas\{60A3D554-4610-47BA-BB00-78DC5D68F112}\swab77ki.ro6"
sh=72923B970F5B87C2B0B4D6E323A26CF44547B80D ft=1 fh=b0441e3e62336f38 vn="Variante von Win32/Adware.ELEX.BO Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\usir3bcv\{3913D6E8-7CAF-406B-9D42-88FE4EABD3C0}\hgqk8cxr.ex6"
sh=F7D0E7364A45A00015F0B99496B60196F758602B ft=1 fh=b190e99e31d92677 vn="Variante von Win32/Adware.ELEX.FI Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\veedo5sl\{9AD9DB38-AE15-4A3F-AE6B-C1D5ED8B00E5}\rld9r5bt.7c2"
sh=C5250E21CB9815D706FB39232358750BD99FD634 ft=1 fh=0fa650b621431ea6 vn="Win32/Adware.ELEX.BO Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\x3o9achi\{DEAD45E8-1B9D-4DDC-93CA-9A802AE089EC}\m7jv0r4w.vz6"
sh=9787C2CEAA36444AFC559930EBD2BCD5BE29B924 ft=1 fh=1eed497e3efc9531 vn="Variante von Win32/Adware.ELEX.BP Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\z91a12n4\{BAFE9125-3E70-45AD-A270-647A8E775DD2}\wdzm8nrw.no4"
sh=30A176DDE7AFF87EE73C967D4F70D1B834A62DD4 ft=1 fh=6d3a791135ef90fa vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\cfibf\regkey.exe"
sh=30A176DDE7AFF87EE73C967D4F70D1B834A62DD4 ft=1 fh=6d3a791135ef90fa vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\cficf\regkey.exe"
sh=F25C8C902AC329CC8A732CCF6328BFABB13F7EF2 ft=1 fh=8d49735d6e1acf3b vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\dgadg\de_svr.exe"
sh=B4D963742A9D1FE445EA13B7796532508CDAF752 ft=1 fh=3883fbd4512da61c vn="Win32/Adware.ELEX.CR Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\dgadg\Gubed.exe"
sh=30A176DDE7AFF87EE73C967D4F70D1B834A62DD4 ft=1 fh=6d3a791135ef90fa vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\dgadg\regkey.exe"
sh=0FFAACAC674017A7CFAA68C83E185D238BEE35EF ft=1 fh=c71c00117cb30fa6 vn="Variante von Win32/ELEX.IJ eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\dgadg\yacqq.exe"
sh=F60CC2A949D4857883314B40A104EDBF35578FEE ft=1 fh=c7f5a35330593984 vn="Variante von Win32/Adware.ELEX.CJ Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\dgjcg\_@dfdg00000000.tmp.dat.exe"
sh=42FBE693CE7BA3A9F6CFA349217987C2A1AEE029 ft=1 fh=73ebd86ed3f2a647 vn="Variante von Win32/Adware.ELEX.CJ Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\ehaeh\_@dfdg00000000.tmp.dat.exe"
sh=92A52BB8C27CA17F429A1104A0909CC2A37E0A9D ft=1 fh=fbc718252ab5dcd8 vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\gjcgj\de_svr.exe"
sh=6E4935E0975903F3F8BF4A9E09DC145437221E9C ft=1 fh=1ab6dfcc315ee2e6 vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\gjcgj\regkey.exe"
sh=0945C5CA9266C208ACDF846CB21400E358802641 ft=1 fh=1364595b68df7dda vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\haeha\de_svr.exe"
sh=575D3E33148EE6513D1BCFE119FEA4D725769FEA ft=1 fh=42b317f3107eca45 vn="Variante von Win32/Adware.ELEX.CR Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\haeha\Gubed.exe"
sh=6E4935E0975903F3F8BF4A9E09DC145437221E9C ft=1 fh=1ab6dfcc315ee2e6 vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\haeha\regkey.exe"
sh=30A176DDE7AFF87EE73C967D4F70D1B834A62DD4 ft=1 fh=6d3a791135ef90fa vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\hbehb\regkey.exe"
sh=92A52BB8C27CA17F429A1104A0909CC2A37E0A9D ft=1 fh=fbc718252ab5dcd8 vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\jdgjd\de_svr.exe"
sh=6E4935E0975903F3F8BF4A9E09DC145437221E9C ft=1 fh=1ab6dfcc315ee2e6 vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\jdgjd\regkey.exe"
sh=F930F8AEEEC1ECA7B884E69030B191A091B7DE55 ft=1 fh=1364595b8f2799c5 vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Princhi\AppData\Local\1\de_svr.exe"
sh=B52E01C6E686127A5608EB44B50D83BB49CE1AD7 ft=1 fh=dae966df3c378b49 vn="Variante von Win32/Adware.ELEX.DC Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Princhi\AppData\Local\1\GubedZL.dll"
sh=E642B93055942284EF7CCD13C755E73802F85E55 ft=1 fh=3bec0b3cfa629361 vn="Variante von Win32/Obfuscated.NJZ Trojaner" ac=I fn="C:\FRST\Quarantine\C\Users\Princhi\AppData\Local\1\yacqq.exe"
sh=B05B8C97C7B41272A61E6D633FDF3386F0F9BF75 ft=1 fh=16f7b5ecd8606fca vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Princhi\Downloads\Mouse Recorder Premium - CHIP-Installer.exe.xBAD"
sh=ABA32A0BF4960B1AB88953C36CF160625C78AC9B ft=1 fh=47eacc88b34b8f30 vn="MSIL/AdvancedSystemProtector.D eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files (x86)\CPUID\PC Wizard 2015\systweakasp_c.exe"
sh=F205D620A0F2FB896C19FA0881384B29FE89D302 ft=1 fh=b75c9ff39df45dea vn="Variante von Win32/Obfuscated.NKJ Trojaner" ac=I fn="C:\Program Files (x86)\l9hfc0lu\{2BBC4EC4-7421-4652-905C-975D5C10574C}\hkat1ai8.w96"
sh=B07673340ABF8E839BBC4F290CD0DA50C84D49CF ft=1 fh=c52fb53343ded655 vn="Variante von Win32/Obfuscated.NKY Trojaner" ac=I fn="C:\ProgramData\Apple Computer\Installer Cache\setup.dll"
sh=EFDEF65ED388544B32919B1DFB5BC23A338C2498 ft=1 fh=5ee015bd0a9f5f31 vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\ProgramData\bfibe\de_svr.exe"
sh=30A176DDE7AFF87EE73C967D4F70D1B834A62DD4 ft=1 fh=6d3a791135ef90fa vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\ProgramData\bfibe\regkey.exe"
sh=7304846BE1C36AAF5AD4E7F82C552A564548D7E8 ft=1 fh=c71c0011edfc86cd vn="Variante von Win32/Obfuscated.NJZ Trojaner" ac=I fn="C:\ProgramData\bfibe\yacqq.exe"
sh=B07673340ABF8E839BBC4F290CD0DA50C84D49CF ft=1 fh=c52fb53343ded655 vn="Variante von Win32/Obfuscated.NKY Trojaner" ac=I fn="C:\Users\All Users\Apple Computer\Installer Cache\setup.dll"
sh=EFDEF65ED388544B32919B1DFB5BC23A338C2498 ft=1 fh=5ee015bd0a9f5f31 vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\Users\All Users\bfibe\de_svr.exe"
sh=30A176DDE7AFF87EE73C967D4F70D1B834A62DD4 ft=1 fh=6d3a791135ef90fa vn="Variante von Win32/ELEX.KE eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\All Users\bfibe\regkey.exe"
sh=7304846BE1C36AAF5AD4E7F82C552A564548D7E8 ft=1 fh=c71c0011edfc86cd vn="Variante von Win32/Obfuscated.NJZ Trojaner" ac=I fn="C:\Users\All Users\bfibe\yacqq.exe"
sh=02E84B3771C088C232CCC38AA81B5F04FF208699 ft=0 fh=0000000000000000 vn="Variante von Win32/ExpressDownloader.K eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Princhi\Downloads\Gsrld.dll_dynamic_library_on_l.a.noire.iso"
sh=E786F5D462B5EFF44AD2949FA4B3211F49DDB769 ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.AD Anwendung" ac=I fn="C:\Windows\Installer\1abcab0f.msi"
sh=5A5D0AFDAC771A635077B502D4A9160C7E3A7B2F ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\Windows\Installer\1e98dce8.msi"
sh=B17A98A0B426D630F4167B2FFA5CEE316F582B4D ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\Windows\Installer\1fb887ec.msi"
sh=A3F89564BFDB61127CEC697F1620943BCF11FE9A ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Installer\2911fd32.msi"
sh=62F7613013D7D1CD73F24ACB43F0D1784C97B2DD ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\Windows\Installer\54ab1d7.msi"
sh=B17A98A0B426D630F4167B2FFA5CEE316F582B4D ft=0 fh=0000000000000000 vn="Variante von Win32/Adware.ELEX.EL Anwendung" ac=I fn="C:\Windows\Installer\ab96cc6.msi"
sh=356D778E72B9454445893F7F92224CF5F90C3C68 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\Installer\ab96ccb.msi"
sh=B30899698B288B396FDFE6A085E6F8C90506D5DE ft=1 fh=27712749cd7b0c8e vn="Variante von Win32/ELEX.GY eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcp100_x86"
sh=EAD2F6D2196421BF55217A9D1DD2CA860B9D7A9F ft=1 fh=167e45cfcb549588 vn="Variante von Win32/ELEX.GY eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\1D5E3C0FEDA1E123187686FED06E995A\10.0.40219\F_CENTRAL_msvcr100_x86"

Tepcon · 09.03.2017, 19:53

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : EPONA
   Windows . . . . . . . : 10.0.0.14393.X64/8
   User name . . . . . . : EPONA\Princhi
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-03-09 19:39:56
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 3s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 67
   Traces  . . . . . . . : 75

   Objects scanned . . . : 2.258.971
   Files scanned . . . . : 102.220
   Remnants scanned  . . : 718.695 files / 1.438.056 keys

Malware _____________________________________________________________________

   C:\AdwCleaner\Quarantine\files\bdbhdpggensejjwczvifunkrvljgzlqw\WinSAP.dll
      Size . . . . . . . : 184.832 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:16)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 4B72FCDE3E3A010573A6C147E36643B373A04F33526EE85269BF9A87D2E7FD27
      Product  . . . . . : Windows
      Publisher  . . . . : Windows
      Description  . . . : Windows
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 2052
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ELEX.ayq
      Fuzzy  . . . . . . : 102.0

   C:\AdwCleaner\Quarantine\files\fztulhszulhanxgaybuuoyaxkybxzrgd\WinSAP.dll
      Size . . . . . . . : 184.832 bytes
      Age  . . . . . . . : 2.2 days (2017-03-07 15:38:34)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : C0BE478ABDE4A102E8BD3FB4C1282106F546E95A6DA2E2572102D4CA69959D35
      Product  . . . . . : Windows
      Publisher  . . . . : Windows
      Description  . . . : Windows
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 2052
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ELEX.aym
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
          0.0s C:\AdwCleaner\Quarantine\files\fztulhszulhanxgaybuuoyaxkybxzrgd\
          0.0s C:\AdwCleaner\Quarantine\files\fztulhszulhanxgaybuuoyaxkybxzrgd\WinSAP.dll
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\amule.conf
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\clients.met
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\cryptkey.dat
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\emfriends.met
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\ipfilter.dat
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\ipfilter_static.dat
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\known.met
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\known2_64.met
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\lastversion
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\logfile
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\preferences.dat
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\server.met
          0.4s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\shareddir.dat
          0.6s C:\AdwCleaner\Quarantine\files\uupqwzgranwctpswsrrmyyrzyznrpejq\
          0.6s C:\AdwCleaner\Quarantine\files\uupqwzgranwctpswsrrmyyrzyznrpejq\WinSnare.dll
          0.8s C:\AdwCleaner\Quarantine\files\vcuahaftllyzuvxdgnphtrorxoarghhg\
          0.9s C:\AdwCleaner\Quarantine\files\mavsvrfscvdlwgpspxkxpoizsivuokbh\
          0.9s C:\AdwCleaner\Quarantine\files\mavsvrfscvdlwgpspxkxpoizsivuokbh\Kyubey.exe
          1.0s C:\AdwCleaner\Quarantine\files\hrvnzlepwwdhfrdzfbhcrbuimfynpimc\
          1.1s C:\AdwCleaner\Quarantine\files\hrvnzlepwwdhfrdzfbhcrbuimfynpimc\aMuleC.lnk

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\curlpp.dll
      Size . . . . . . . : 582.144 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:24)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 40B2BF6E50080B681BCEA957B537001BE8D988C9431A3167C9840A050E54A8A9
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : libcurl wrapper
      Version  . . . . . : 0.7.3.0
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.Win32.Elex.gen
      Fuzzy  . . . . . . : 105.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iCommon.dll
      Size . . . . . . . : 467.024 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 102687BBD9D2E706498AEE35164D3665CCF004954420582552D3EA8F60F57188
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iCommon
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iCommu.dll
      Size . . . . . . . : 67.472 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 55EF23191E3837E2B9E6CF96481205E6F4C377BC6892EDAA911CC5A9FD2DCADF
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iCommu
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iImportLib.dll
      Size . . . . . . . : 813.056 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : 9503EBCC080FA7D02EBF0A15E7F002F4070406EE1E4E8165389F0BE8CF147B05
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iImportLib
      Version  . . . . . : 6,10,495,30853
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.3813173
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafe.exe
      Size . . . . . . . : 618.304 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : A74E1A8E0562182B33496438896A357216F022921087C6FE3EB341BDC72DDC0D
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YAC
      Version  . . . . . : 6,11,127,30929
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafeadfv.dll
      Size . . . . . . . : 449.376 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : A2DC5B1BD97F2A5AA410565F8EEC45D1096C4189B7259784C139CE026AEC4CD4
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YAC
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeAdless.dll
      Size . . . . . . . : 360.504 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : BC1169D4B0ACD573FD5A4E27A279FB26800D207EF56DF1287054743BB121E78A
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeAdless
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafebase.dll
      Size . . . . . . . : 1.055.576 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 6CC5EF19ABC7A57E8CD7C8060C084A7785CC52FC64534EB6CA629FC23E2FEC38
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : isafebase
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.3867777
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafebs.dll
      Size . . . . . . . : 975.080 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 0443D855020BB9B00CEB1E46A65A558BC63A5D6F8637119DAFF274B0341F10E8
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafebs
      Version  . . . . . : 6,11,123,30892
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.4213761
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafechlp.dll
      Size . . . . . . . : 1.119.056 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 2DEAE090746D4F7253382585FD7EBF10CDFE520C080DB12F95AC048C9C2FDC55
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : isafechlp
      Version  . . . . . : 6.0.0.0
      Copyright  . . . . : Copyright (c) 2011-2014 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafeclc.dll
      Size . . . . . . . : 254.552 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 7867CD5DC617E8296EA53F25DE3C31B93BEF0219E2121FC007CE326A3CD0CCC3
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : isafeclc
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafeclcv.dll
      Size . . . . . . . : 132.432 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 5.3
      SHA-256  . . . . . : 1D1882DB1E712BB32382E1BAC94AD3C47A82E2D12AF75FAC5622AABBE86D031E
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : isafeclcv
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeDisp.dll
      Size . . . . . . . : 242.536 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 5008B016D8D5A9C962CCC702913092C591FBD8126F9D55E17D5C8E49F8BA278F
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeDisp
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeKrnl.sys
      Size . . . . . . . : 262.344 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 93F737632B51E5BA8142E7F7395BAF22866D5F6D896153DBE6B6AD7BAB7FA82D
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafe Kernel Driver
      Version  . . . . . : 6.10.449.30619
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeKrnlCall.dll
      Size . . . . . . . : 253.984 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 4F2D6B05D4050E0DE94F1E9DA8EA14C4DB68435666FA4AD7F59ED7551F33B828
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafe Kernel Driver Caller
      Version  . . . . . : 6,10,493,30849
      RSA Key Size . . . : 2048
      LanguageID . . . . : 2052
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.3867778
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 98.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeKrnlKit.sys
      Size . . . . . . . : 110.112 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 1E91C1ECF61EE9FF78FD9644E99880F4443603D764EEC6AFBA12AA7F7F029961
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafe Kernel Kit Driver
      Version  . . . . . : 6.10.449.30619
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeKrnlMonCall.dll
      Size . . . . . . . : 474.536 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 9C6FD315A7BCE2AF1D027D73BDBEBD3E3D347E8AAF4E8E2937F9BE3FD0A78DBA
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafe Kernel Monitor Driver Caller
      Version  . . . . . : 6.10.449.30619
      RSA Key Size . . . : 2048
      LanguageID . . . . : 2052
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 98.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeKrnlR3.sys
      Size . . . . . . . : 103.904 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 5826DA2F1BE5AC91219FFD550CD92B9F6124988A6E6F2C9509CF0A6E5F43FF08
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafe Kernel Ring3 Driver
      Version  . . . . . : 6.10.449.30619
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafemadwc.dll
      Size . . . . . . . : 464.912 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 36A0FC541285ACAB02F56E88FFCD92B76F614602C242FF45CDEB11981F5A7091
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : Softmanager
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafembp.dll
      Size . . . . . . . : 499.248 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : E21D6CB8CC1A8F96315D6555978EBAE23F4EE653D5110E4E251140C973122E52
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : Browser Plugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafemc.dll
      Size . . . . . . . : 43.112 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : AC8F81F0BA0EBF6C1CB188A4059DEC0F6DAF8FE2639AE812DF3226BE66C21796
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : Module Config
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.3867782
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafemclv.dll
      Size . . . . . . . : 794.320 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 95D687234D4B899257849E8E735CC3F97707E820B988C37A0E0FE6C23E5C86EF
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YAC
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafemgc.dll
      Size . . . . . . . : 551.168 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 737673593EC0ACDD53AB41D6C8914B46DD2C7D80828916D17289A61460AF8011
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : Garbage Cleaner
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeMon.dll
      Size . . . . . . . : 301.296 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 05AD8379CA688D0D771CC3AF8B17BE04503A9570D62C0421D7EE56F2142069AD
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeMon
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafemoptv.dll
      Size . . . . . . . : 525.264 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : F68D74A5237AC7AC8BA97D60C9F2CB12800AE9ED087C679BAB94C43944B5E3A3
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YAC
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafemsmv.dll
      Size . . . . . . . : 330.384 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 07894DC69FD83F7AFCF4D64D013082D67A0049662809B1E98C3731368BF65AA5
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : SoftMgr
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeNetFilter.sys
      Size . . . . . . . : 52.392 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 6597D4994D0D6262B853F64A6E828C5D411225624F137901F6DCF3D3BA81BB80
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeNetFilter SDK WFP Driver (WPP)
      Version  . . . . . : 1.4.6.1
      Copyright  . . . . : Copyright (c) 2011-2013 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:NetTool.Win64.NetFilter.qq
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafenpf.dll
      Size . . . . . . . : 223.864 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : E31FE6E63C0E9606697D30E51A94C64C0E139C252B6973EBB0C652EEC870851E
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafenpf
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafepxy.dll
      Size . . . . . . . : 130.896 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 89D5BB370C9EFB999A9885D4B74FEFAFD5A5638AD1360148A8B3F7194E2CB28E
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : isafepxy
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isaferpt.dll
      Size . . . . . . . : 129.360 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : DFE91E0C066D1ED9A11D6F5B76024AA4C6F326CEE450FB7048EF8091BBF33502
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : isaferpt
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafesmgr.dll
      Size . . . . . . . : 629.168 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 686B20EB95B0D57554EF5C89409064EF2D291FE05FDCB96A3440040099D975FE
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : Softmanager
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafesopt.dll
      Size . . . . . . . : 475.784 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : D6A58FFC5EE0CF6E8EF6EAA293EC13CD40BA28110B74F0A71F5BC22B52070661
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : System Optimization
      Version  . . . . . : 6,11,127,30929
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafesptv.dll
      Size . . . . . . . : 590.168 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 5A08ADE089F8B986E83433F7BBF743D98C4487883AED5AF9C1EBD960508E35D6
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YAC
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafesv.dll
      Size . . . . . . . : 262.864 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:25)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 22FAB420924A99C5562D71247F821FD9D30A98B041D6BC20EB3C8AC832126FFA
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YAC
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeSvc.exe
      Size . . . . . . . : 131.024 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : F9B616A66CEF8DBDE565D2B79E30C3420B40E1F696D849301C03625E6040F9D4
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeSvc
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeSvc2.exe
      Size . . . . . . . : 131.024 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 1B4E2778FEAAA0EF1D64CBC8E60C14C6BEF8F97DF8E6D5E17CD305CCD504FC07
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeSvc2
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafetbv.dll
      Size . . . . . . . : 284.728 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 57B7CDBA62402B14A630F15CC2D99F157CD62A7F6CA4B0E5660CA156D27A9316
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YAC
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeTHlp.exe
      Size . . . . . . . : 459.672 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 3482AAB9271FE4268B22BF24C8CA18F899CC307BBACDF77E8F607CD37753AC28
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeTaskHelper
      Version  . . . . . : 6,11,127,30929
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.4397405
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeTHlp64.exe
      Size . . . . . . . : 473.864 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 731EFDDA85BE9A85A9973B4A6C77F12A6F13EEA68966C9E3AF0E0C89A8F13890
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSafeTaskHelper64
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSafeTray.exe
      Size . . . . . . . : 427.000 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 82827F2440869222DFF06763075EF0B0E24C85F762952698D13321C0D4F6E21A
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTray
      Version  . . . . . : 6,10,502,30896
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.4229071
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\isafeupbiz.dll
      Size . . . . . . . : 128.848 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 80437E99758600229F7D44FE3E2A5497473565A8E687746CC4C1434A90CB7464
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : isafeupbiz
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iStart.exe
      Size . . . . . . . : 314.216 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 4.8
      SHA-256  . . . . . : B437E07CB74C0FCED30F23591DC0DAB3718379FFA1A10932790065FC6F692F56
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iStart
      Version  . . . . . : 6,11,127,30929
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.4411317
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSvc.dll
      Size . . . . . . . : 302.832 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 856B9194D60AE8DD2A26309F3B4700DC265D7EC0F67CDD544387AECD451395B4
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSvc
      Version  . . . . . : 6,10,522,30990
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iSvc2.dll
      Size . . . . . . . : 1.703.520 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 7F8882D697D521558047BE063CFD9B65ADFC09BF63737EEA30ED3CA8D0F5AD20
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : iSvc2
      Version  . . . . . : 6,10,502,30896
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iTPAutoClean.dll
      Size . . . . . . . : 122.584 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 56A6DCFA6E7D39801650EA3D7A608157A111A4DB158D0440A3EFCBFE74848268
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTrayPlugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iTPDesk.dll
      Size . . . . . . . : 244.704 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 4ABC5001CEEA06215A47BD00DDD481349A88A2A9DDEB868D817BA12AFD4D7AE2
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTrayPlugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iTPFloaty.dll
      Size . . . . . . . : 709.096 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 5EA43CC1090E806F4C60CA8E7753534B7FD47973B98E0C471417B5E7312D0368
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTrayPlugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iTPMsgCenter.dll
      Size . . . . . . . : 245.672 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 6520659EF5B82637D47B9DA7BA0373D5BB396A6CF9F7F68340FCC8AC46D84342
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTrayPlugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iTpNodisturb.dll
      Size . . . . . . . : 228.536 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 96171563377B1120C8721AF6A5FAA61F0538DAF4CDBC0336DA60C3F7D6C25453
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTrayPlugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iTPProtect.dll
      Size . . . . . . . : 420.736 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : A404077EA638912E92D20144B8F9A83AB7D4FE0477C4C7EFFCF1B89BF4ADF7A9
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTrayPlugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\iTPPush.dll
      Size . . . . . . . : 266.960 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 4C32B68A80868E3CA21B95ED3A6AA15A453DD8C7BEF6CE18756878BA7810343B
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : YACTrayPlugin
      Version  . . . . . : 6,10,493,30849
      Copyright  . . . . : Copyright (c) 2011-2016 Elex do Brasil Participações Ltda
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 96.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\libeay32.dll
      Size . . . . . . . : 1.187.000 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 97C4F25106F904E808063BB3941C46FDCAA448997832E1784D14DF0EFAA8DFCC
      Product  . . . . . : The OpenSSL Toolkit
      Publisher  . . . . : The OpenSSL Project, hxxp://www.openssl.org/
      Description  . . . : OpenSSL Shared Library
      Version  . . . . . : 1.0.1j
      Copyright  . . . . : Copyright ?1998-2005 The OpenSSL Project. Copyright ?1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 95.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\ouilibx.dll
      Size . . . . . . . : 1.926.472 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 8A96505D25F007431F2AD92ABCDA60B6B8F956DB56C0CD350379DB7929612137
      Product  . . . . . : OUI
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : ouilib
      Version  . . . . . : 1.0.248.8837
      Copyright
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ELEX.aax
    > HitmanPro  . . . . : Troj/Xadupi-A
      Fuzzy  . . . . . . : 98.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\ssleay32.dll
      Size . . . . . . . : 281.648 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 07B015A70A3371E704630A28173C8800318ACD608A2DF8B0C93247FE1E3C6A96
      Product  . . . . . : The OpenSSL Toolkit
      Publisher  . . . . : The OpenSSL Project, hxxp://www.openssl.org/
      Description  . . . : OpenSSL Shared Library
      Version  . . . . . : 1.0.1j
      Copyright  . . . . : Copyright ?1998-2005 The OpenSSL Project. Copyright ?1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 95.0

   C:\AdwCleaner\Quarantine\files\gkvhnjorjvclruyxeujjzlcnezrwwser\YAC\uninstall.exe
      Size . . . . . . . : 1.081.152 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:26)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 999B00A10A190938A9F5FE0B99F3C10602762435074B232AE160863FDE7A5E82
      Product  . . . . . : YAC Security Protection
      Publisher  . . . . : Elex do Brasil Participações Ltda
      Description  . . . : uninstal
      Version  . . . . . : 6,11,130,30966
      RSA Key Size . . . : 2048
      LanguageID . . . . : 9
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.ELEX.gen
      Fuzzy  . . . . . . : 98.0

   C:\AdwCleaner\Quarantine\files\kknmoddgmcoaqnqiqlywyontnvnwqtqf\Kyubey.exe
      Size . . . . . . . : 111.104 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 16:31:17)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 834B0AF05322BE802ACECFB853B9046DA5C850F42C9608424A44B65D7C8FC481
    > Bitdefender  . . . : Adware.GenericKD.4542564
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.hrht
      Fuzzy  . . . . . . : 108.0

   C:\AdwCleaner\Quarantine\files\mavsvrfscvdlwgpspxkxpoizsivuokbh\Kyubey.exe
      Size . . . . . . . : 115.200 bytes
      Age  . . . . . . . : 2.2 days (2017-03-07 15:38:35)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 1B081FDAB67DFDE24C0CC18D5CF2A3CBCA36E1BB588EF1FAD8939D75A48CD8F6
    > Bitdefender  . . . : Trojan.GenericKD.4538419
    > Kaspersky  . . . . : Trojan-Downloader.Win32.Adload.pwpq
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -0.9s C:\AdwCleaner\Quarantine\files\fztulhszulhanxgaybuuoyaxkybxzrgd\
         -0.9s C:\AdwCleaner\Quarantine\files\fztulhszulhanxgaybuuoyaxkybxzrgd\WinSAP.dll
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\amule.conf
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\clients.met
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\cryptkey.dat
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\emfriends.met
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\ipfilter.dat
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\ipfilter_static.dat
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\known.met
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\known2_64.met
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\lastversion
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\logfile
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\preferences.dat
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\server.met
         -0.5s C:\AdwCleaner\Quarantine\files\rdjtzmywsbrqfzoarmczyxklxcdeymdo\shareddir.dat
         -0.3s C:\AdwCleaner\Quarantine\files\uupqwzgranwctpswsrrmyyrzyznrpejq\
         -0.3s C:\AdwCleaner\Quarantine\files\uupqwzgranwctpswsrrmyyrzyznrpejq\WinSnare.dll
         -0.1s C:\AdwCleaner\Quarantine\files\vcuahaftllyzuvxdgnphtrorxoarghhg\
          0.0s C:\AdwCleaner\Quarantine\files\mavsvrfscvdlwgpspxkxpoizsivuokbh\
          0.0s C:\AdwCleaner\Quarantine\files\mavsvrfscvdlwgpspxkxpoizsivuokbh\Kyubey.exe
          0.2s C:\AdwCleaner\Quarantine\files\hrvnzlepwwdhfrdzfbhcrbuimfynpimc\
          0.2s C:\AdwCleaner\Quarantine\files\hrvnzlepwwdhfrdzfbhcrbuimfynpimc\aMuleC.lnk

   C:\AdwCleaner\Quarantine\files\qtazecleeflohiocxeqckehmbftguxhr\Kyubey.exe
      Size . . . . . . . : 111.104 bytes
      Age  . . . . . . . : 1.0 days (2017-03-08 18:55:39)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 834B0AF05322BE802ACECFB853B9046DA5C850F42C9608424A44B65D7C8FC481
    > Bitdefender  . . . : Adware.GenericKD.4542564
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.hrht
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\amule.conf
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\clients.met
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\cryptkey.dat
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\emfriends.met
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\ipfilter.dat
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\ipfilter_static.dat
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\known.met
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\known2_64.met
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\lastversion
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\logfile
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\preferences.dat
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\server.met
         -0.4s C:\AdwCleaner\Quarantine\files\ovfkkiaswlcewiyblipajhordmifrnqb\shareddir.dat
          0.0s C:\AdwCleaner\Quarantine\files\qtazecleeflohiocxeqckehmbftguxhr\
          0.0s C:\AdwCleaner\Quarantine\files\qtazecleeflohiocxeqckehmbftguxhr\Kyubey.exe
          0.5s C:\AdwCleaner\Quarantine\files\nlyatcnykfiunjmmexozbmmjebsrnysv\
          0.5s C:\AdwCleaner\Quarantine\files\nlyatcnykfiunjmmexozbmmjebsrnysv\QQLive\
          0.5s C:\AdwCleaner\Quarantine\files\nlyatcnykfiunjmmexozbmmjebsrnysv\QQLive\FailRecord.dat
          0.9s C:\AdwCleaner\Quarantine\registry\reg_hicklccucqpshnwofsbnrfkeupkvfnhc.reg
          1.3s C:\AdwCleaner\Quarantine\registry\reg_rnpuqlwplhzpgvvhjhamehjwbbaasmxj.reg
          1.5s C:\AdwCleaner\Quarantine\registry\reg_hbyhsfesjczndyptzjdjvqjobghnspnx.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_hszfrqlsmtcepwqrsurccdgpvdwlkpny.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_cfqhpnixaflpffpqqmhhpqryxrvjvguy.reg
          2.1s C:\AdwCleaner\Quarantine\registry\reg_zuvtcfoiiybwnkzdgcsbfjehsxjtoltk.reg
          2.2s C:\AdwCleaner\Quarantine\registry\reg_vdkoxyoigaymapzelpscpqhxgbwgfsgc.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_wxfspqgttsqmdlbmbqrhznlclbvnwxmb.reg

   C:\AdwCleaner\Quarantine\files\rnkavljixmoptrfxkzrkwjhpxyoqoqxw\WinSAP.dll
      Size . . . . . . . : 184.832 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 17:17:59)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 4B72FCDE3E3A010573A6C147E36643B373A04F33526EE85269BF9A87D2E7FD27
      Product  . . . . . : Windows
      Publisher  . . . . : Windows
      Description  . . . : Windows
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 2052
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ELEX.ayq
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\LICENSE.txt
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\openweb.bat
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\SnareWindowsInstallSupport.dll
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\stopweb.bat
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\s_32.ico
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\WinSnare.dll
         -0.3s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\WinSnare64.dll
          0.0s C:\AdwCleaner\Quarantine\files\rnkavljixmoptrfxkzrkwjhpxyoqoqxw\
          0.0s C:\AdwCleaner\Quarantine\files\rnkavljixmoptrfxkzrkwjhpxyoqoqxw\WinSAP.dll
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\amule.conf
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\clients.met
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\cryptkey.dat
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\emfriends.met
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\ipfilter.dat
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\ipfilter_static.dat
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\known.met
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\known2_64.met
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\lastversion
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\logfile
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\preferences.dat
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\server.met
          0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\shareddir.dat
          0.4s C:\AdwCleaner\Quarantine\files\cwkyzuwfpensbluwepclbtfpcdvtzfjo\
          0.4s C:\AdwCleaner\Quarantine\files\cwkyzuwfpensbluwepclbtfpcdvtzfjo\WinSnare.dll
          0.6s C:\AdwCleaner\Quarantine\files\silorkruzwkklhmggvsodfdjjwzehhjb\
          0.6s C:\AdwCleaner\Quarantine\files\silorkruzwkklhmggvsodfdjjwzehhjb\Kyubey.exe
          0.7s C:\AdwCleaner\Quarantine\files\cuactdtcyuvibtncyrkvfnbrasbtojgx\
          0.7s C:\AdwCleaner\Quarantine\files\cuactdtcyuvibtncyrkvfnbrasbtojgx\BikaQ Rss Reader.lnk
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\app.bikaQ.config
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\BikaQ.exe
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\BikaQ.exe.config
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\bikaQ.ini
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\Icon.ico
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\Interop.Microsoft.Feeds.Interop.DLL
          0.8s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\MagicLibrary.DLL
          0.9s C:\AdwCleaner\Quarantine\files\evsfyeuzcakzhamalwvtlcvrlhqkrsay\QQLive\
          0.9s C:\AdwCleaner\Quarantine\files\evsfyeuzcakzhamalwvtlcvrlhqkrsay\QQLive\FailRecord.dat
          0.9s C:\AdwCleaner\Quarantine\files\evsfyeuzcakzhamalwvtlcvrlhqkrsay\
          1.1s C:\AdwCleaner\Quarantine\files\tabjpqbvdarqgigwqzcjlozuxajjicul\
          1.1s C:\AdwCleaner\Quarantine\files\tabjpqbvdarqgigwqzcjlozuxajjicul\MIO.exe
          1.1s C:\AdwCleaner\Quarantine\files\tabjpqbvdarqgigwqzcjlozuxajjicul\loader\
          1.2s C:\AdwCleaner\Quarantine\files\uckpwuwhbtkrbjftxjewillefbhagvjf.back
          1.2s C:\AdwCleaner\Quarantine\files\vebmgbnqanbdhhirxkdmgyqwgeqhmkji.back
          1.3s C:\AdwCleaner\Quarantine\registry\reg_ktwtahdpfsysrgtdnkwzypifckvnrufw.reg
          1.5s C:\AdwCleaner\Quarantine\registry\reg_uvlrjvppcdstzoqalfwhskwslcxbrqbo.reg
          1.5s C:\AdwCleaner\Quarantine\registry\reg_wriqlbpfcrdyokumotgswukkleyofzde.reg
          1.7s C:\AdwCleaner\Quarantine\registry\reg_ewfyqcjdnekhwbqrymtjdtafjehatuzw.reg
          1.7s C:\AdwCleaner\Quarantine\registry\reg_ognfnetlwxegdivgdtpwkvldpiofbipu.reg
          1.8s C:\AdwCleaner\Quarantine\registry\reg_wcmmnrhtaosfmqddqmefzbozbknrvzuz.reg
          1.8s C:\AdwCleaner\Quarantine\registry\reg_gwsuluqiypjuljyqazhhxnvsezfdgorn.reg
          1.9s C:\AdwCleaner\Quarantine\registry\reg_cvqtvaewyzlnlcgjidnthnhqgbdzcucg.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_skriaokttsamdvgjgqknmpfweuzkfxhs.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_zvheadhfosdkaevmcxfjmmqcdujtwmyy.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_wfcpgzmsegqgwokuqpwrvkavikexyqdw.reg
          2.1s C:\AdwCleaner\Quarantine\registry\reg_vxtxicwrqsyccjrhzlbvrnmemaoqlrjs.reg
          2.1s C:\AdwCleaner\Quarantine\registry\reg_drojglcvcjscslpkaefihbtflqzcsleu.reg
          2.3s C:\AdwCleaner\Quarantine\registry\reg_lqogebnjhgguwovrsxgwfnalzbaxpxjb.reg
          2.3s C:\AdwCleaner\Quarantine\registry\reg_rkwkzqrnlexonbgeenmlzjkuozgmvznv.reg
          2.3s C:\AdwCleaner\Quarantine\registry\reg_wghdqbrhuxfvwlyplgyselwymgmgodpo.reg
          2.3s C:\AdwCleaner\Quarantine\registry\reg_xbzfymcflhehdmporbsqpiesrmpqhbkc.reg
          2.4s C:\AdwCleaner\Quarantine\registry\reg_dofvvyywzujbulovririojfkmdybcrgq.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_renzknldrzyxzfwufvhccprihtfcwzdr.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_zssrdwcmkfemkfiudqyrejteazqigelk.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_ndbvdskcyrzydgfllwqmewyhffuxyfem.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_robdwwehheozobyvlxysuugojffdoosr.reg
          2.6s C:\AdwCleaner\Quarantine\registry\reg_jfilwlnyiwgzqcrlyqzfktnzhsmcmsra.reg
          2.6s C:\AdwCleaner\Quarantine\registry\reg_nfpsbqwuyjmyiafjyemzmuivyerbxikx.reg
          2.6s C:\AdwCleaner\Quarantine\registry\reg_vsfawbadaxdxrjsxoyduuzdpdnquhetd.reg
          2.7s C:\AdwCleaner\Quarantine\registry\reg_znehuggdbusilshmtelbgvndthvfxntm.reg
          2.7s C:\AdwCleaner\Quarantine\registry\reg_pifdbnxbitspfnxsuoqnbjlfmqpddajw.reg
          2.8s C:\AdwCleaner\Quarantine\registry\reg_fnvskenvcxourbzoplcrsprbvdudeufs.reg
          2.8s C:\AdwCleaner\Quarantine\registry\reg_yjhvtitcxvmbdvdqxqiscrxqqtszhads.reg
          2.9s C:\AdwCleaner\Quarantine\registry\reg_ssijevxesgcixvxvkwnwbhkuczacguuo.reg
          3.0s C:\AdwCleaner\Quarantine\registry\reg_rpcsormelopohizhkskrtztzbzoohvab.reg
          3.0s C:\AdwCleaner\Quarantine\registry\reg_uoeewndontihkfsotecsqadxwrfbtpxk.reg
          3.0s C:\AdwCleaner\Quarantine\registry\reg_qpaqmghjavcsjkdqkzcgbdrcynbbnhof.reg
          3.0s C:\AdwCleaner\Quarantine\registry\reg_ntuqwigzizzqzmiqugyckwyczpfnavod.reg
          3.0s C:\AdwCleaner\Quarantine\registry\reg_futrmniclsfwnerxhwgcgfeijceanipw.reg
          6.9s C:\AdwCleaner\AdwCleaner[C14].txt
          9.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
          9.8s C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf
         10.1s C:\Windows\Prefetch\NVTRAY.EXE-981FA625.pf

   C:\AdwCleaner\Quarantine\files\silorkruzwkklhmggvsodfdjjwzehhjb\Kyubey.exe
      Size . . . . . . . : 111.104 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 17:18:00)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 834B0AF05322BE802ACECFB853B9046DA5C850F42C9608424A44B65D7C8FC481
    > Bitdefender  . . . : Adware.GenericKD.4542564
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.Agent.hrht
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\LICENSE.txt
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\openweb.bat
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\SnareWindowsInstallSupport.dll
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\stopweb.bat
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\s_32.ico
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\WinSnare.dll
         -0.8s C:\AdwCleaner\Quarantine\files\gppborzhkigfpkypvvzmffczgmgkwusd\WinSnare64.dll
         -0.6s C:\AdwCleaner\Quarantine\files\rnkavljixmoptrfxkzrkwjhpxyoqoqxw\
         -0.6s C:\AdwCleaner\Quarantine\files\rnkavljixmoptrfxkzrkwjhpxyoqoqxw\WinSAP.dll
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\amule.conf
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\clients.met
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\cryptkey.dat
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\emfriends.met
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\ipfilter.dat
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\ipfilter_static.dat
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\known.met
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\known2_64.met
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\lastversion
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\logfile
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\preferences.dat
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\server.met
         -0.3s C:\AdwCleaner\Quarantine\files\pjegakaiiuzgitdoldglleurljjzfnpa\shareddir.dat
         -0.1s C:\AdwCleaner\Quarantine\files\cwkyzuwfpensbluwepclbtfpcdvtzfjo\
         -0.1s C:\AdwCleaner\Quarantine\files\cwkyzuwfpensbluwepclbtfpcdvtzfjo\WinSnare.dll
          0.0s C:\AdwCleaner\Quarantine\files\silorkruzwkklhmggvsodfdjjwzehhjb\
          0.0s C:\AdwCleaner\Quarantine\files\silorkruzwkklhmggvsodfdjjwzehhjb\Kyubey.exe
          0.1s C:\AdwCleaner\Quarantine\files\cuactdtcyuvibtncyrkvfnbrasbtojgx\
          0.1s C:\AdwCleaner\Quarantine\files\cuactdtcyuvibtncyrkvfnbrasbtojgx\BikaQ Rss Reader.lnk
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\app.bikaQ.config
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\BikaQ.exe
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\BikaQ.exe.config
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\bikaQ.ini
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\Icon.ico
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\Interop.Microsoft.Feeds.Interop.DLL
          0.2s C:\AdwCleaner\Quarantine\files\ynyjnpcdtiqxhrgkiyxuyjxlrpbiryxa\MagicLibrary.DLL
          0.4s C:\AdwCleaner\Quarantine\files\evsfyeuzcakzhamalwvtlcvrlhqkrsay\QQLive\
          0.4s C:\AdwCleaner\Quarantine\files\evsfyeuzcakzhamalwvtlcvrlhqkrsay\QQLive\FailRecord.dat
          0.4s C:\AdwCleaner\Quarantine\files\evsfyeuzcakzhamalwvtlcvrlhqkrsay\
          0.5s C:\AdwCleaner\Quarantine\files\tabjpqbvdarqgigwqzcjlozuxajjicul\
          0.5s C:\AdwCleaner\Quarantine\files\tabjpqbvdarqgigwqzcjlozuxajjicul\MIO.exe
          0.5s C:\AdwCleaner\Quarantine\files\tabjpqbvdarqgigwqzcjlozuxajjicul\loader\
          0.6s C:\AdwCleaner\Quarantine\files\uckpwuwhbtkrbjftxjewillefbhagvjf.back
          0.6s C:\AdwCleaner\Quarantine\files\vebmgbnqanbdhhirxkdmgyqwgeqhmkji.back
          0.8s C:\AdwCleaner\Quarantine\registry\reg_ktwtahdpfsysrgtdnkwzypifckvnrufw.reg
          0.9s C:\AdwCleaner\Quarantine\registry\reg_uvlrjvppcdstzoqalfwhskwslcxbrqbo.reg
          0.9s C:\AdwCleaner\Quarantine\registry\reg_wriqlbpfcrdyokumotgswukkleyofzde.reg
          1.1s C:\AdwCleaner\Quarantine\registry\reg_ewfyqcjdnekhwbqrymtjdtafjehatuzw.reg
          1.2s C:\AdwCleaner\Quarantine\registry\reg_ognfnetlwxegdivgdtpwkvldpiofbipu.reg
          1.2s C:\AdwCleaner\Quarantine\registry\reg_wcmmnrhtaosfmqddqmefzbozbknrvzuz.reg
          1.3s C:\AdwCleaner\Quarantine\registry\reg_gwsuluqiypjuljyqazhhxnvsezfdgorn.reg
          1.3s C:\AdwCleaner\Quarantine\registry\reg_cvqtvaewyzlnlcgjidnthnhqgbdzcucg.reg
          1.4s C:\AdwCleaner\Quarantine\registry\reg_skriaokttsamdvgjgqknmpfweuzkfxhs.reg
          1.4s C:\AdwCleaner\Quarantine\registry\reg_zvheadhfosdkaevmcxfjmmqcdujtwmyy.reg
          1.5s C:\AdwCleaner\Quarantine\registry\reg_wfcpgzmsegqgwokuqpwrvkavikexyqdw.reg
          1.5s C:\AdwCleaner\Quarantine\registry\reg_vxtxicwrqsyccjrhzlbvrnmemaoqlrjs.reg
          1.6s C:\AdwCleaner\Quarantine\registry\reg_drojglcvcjscslpkaefihbtflqzcsleu.reg
          1.7s C:\AdwCleaner\Quarantine\registry\reg_lqogebnjhgguwovrsxgwfnalzbaxpxjb.reg
          1.7s C:\AdwCleaner\Quarantine\registry\reg_rkwkzqrnlexonbgeenmlzjkuozgmvznv.reg
          1.7s C:\AdwCleaner\Quarantine\registry\reg_wghdqbrhuxfvwlyplgyselwymgmgodpo.reg
          1.8s C:\AdwCleaner\Quarantine\registry\reg_xbzfymcflhehdmporbsqpiesrmpqhbkc.reg
          1.8s C:\AdwCleaner\Quarantine\registry\reg_dofvvyywzujbulovririojfkmdybcrgq.reg
          1.9s C:\AdwCleaner\Quarantine\registry\reg_renzknldrzyxzfwufvhccprihtfcwzdr.reg
          1.9s C:\AdwCleaner\Quarantine\registry\reg_zssrdwcmkfemkfiudqyrejteazqigelk.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_ndbvdskcyrzydgfllwqmewyhffuxyfem.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_robdwwehheozobyvlxysuugojffdoosr.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_jfilwlnyiwgzqcrlyqzfktnzhsmcmsra.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_nfpsbqwuyjmyiafjyemzmuivyerbxikx.reg
          2.1s C:\AdwCleaner\Quarantine\registry\reg_vsfawbadaxdxrjsxoyduuzdpdnquhetd.reg
          2.1s C:\AdwCleaner\Quarantine\registry\reg_znehuggdbusilshmtelbgvndthvfxntm.reg
          2.2s C:\AdwCleaner\Quarantine\registry\reg_pifdbnxbitspfnxsuoqnbjlfmqpddajw.reg
          2.2s C:\AdwCleaner\Quarantine\registry\reg_fnvskenvcxourbzoplcrsprbvdudeufs.reg
          2.3s C:\AdwCleaner\Quarantine\registry\reg_yjhvtitcxvmbdvdqxqiscrxqqtszhads.reg
          2.3s C:\AdwCleaner\Quarantine\registry\reg_ssijevxesgcixvxvkwnwbhkuczacguuo.reg
          2.4s C:\AdwCleaner\Quarantine\registry\reg_rpcsormelopohizhkskrtztzbzoohvab.reg
          2.4s C:\AdwCleaner\Quarantine\registry\reg_uoeewndontihkfsotecsqadxwrfbtpxk.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_qpaqmghjavcsjkdqkzcgbdrcynbbnhof.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_ntuqwigzizzqzmiqugyckwyczpfnavod.reg
          2.5s C:\AdwCleaner\Quarantine\registry\reg_futrmniclsfwnerxhwgcgfeijceanipw.reg
          6.3s C:\AdwCleaner\AdwCleaner[C14].txt
          8.8s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-22606B81.pf
          9.2s C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf
          9.5s C:\Windows\Prefetch\NVTRAY.EXE-981FA625.pf

   C:\AdwCleaner\Quarantine\files\wrwdaaymdpczwwrfkxcyibgztqjvzapg\WinSAP.dll
      Size . . . . . . . : 184.832 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 17:21:03)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 4B72FCDE3E3A010573A6C147E36643B373A04F33526EE85269BF9A87D2E7FD27
      Product  . . . . . : Windows
      Publisher  . . . . : Windows
      Description  . . . : Windows
      Version  . . . . . : 1.0.0.1
      LanguageID . . . . : 2052
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ELEX.ayq
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
         -6.5s C:\Windows\Logs\dosvc\dosvc.20170308_162056_747.etl
         -4.3s C:\Users\Princhi\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCache\XCISGIXW\config[2].json
         -1.5s C:\Users\Princhi\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\AC\INetCookies\KVB4XROC.cookie
         -0.0s C:\AdwCleaner\Quarantine\files\wrwdaaymdpczwwrfkxcyibgztqjvzapg\
          0.0s C:\AdwCleaner\Quarantine\files\wrwdaaymdpczwwrfkxcyibgztqjvzapg\WinSAP.dll
          0.5s C:\AdwCleaner\Quarantine\files\sbtpmmeyfhlcljmaploiikjrxasukehh\
          0.5s C:\AdwCleaner\Quarantine\files\sbtpmmeyfhlcljmaploiikjrxasukehh\WinSnare.dll
          0.6s C:\AdwCleaner\Quarantine\files\kvntknoysjwadbfvaetksftxzlfstsvf\
          0.6s C:\AdwCleaner\Quarantine\files\kvntknoysjwadbfvaetksftxzlfstsvf\BikaQ Rss Reader.lnk
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\app.bikaQ.config
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\BikaQ.exe
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\BikaQ.exe.config
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\bikaQ.ini
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\Icon.ico
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\Interop.Microsoft.Feeds.Interop.DLL
          0.8s C:\AdwCleaner\Quarantine\files\akuzirhgxdxlelxbjmqphntyfzulpmic\MagicLibrary.DLL
          0.9s C:\AdwCleaner\Quarantine\files\vtxrsqhnsuataosbmikmwsteelqzcthe\
          0.9s C:\AdwCleaner\Quarantine\files\vtxrsqhnsuataosbmikmwsteelqzcthe\MIO.exe
          0.9s C:\AdwCleaner\Quarantine\files\vtxrsqhnsuataosbmikmwsteelqzcthe\loader\
          1.1s C:\AdwCleaner\Quarantine\registry\reg_smmkwrlvvozopzvdzwxwfgdcfyuzuctz.reg
          1.2s C:\AdwCleaner\Quarantine\registry\reg_cyqrnadspdampzjxwsvpninnztlwpcnw.reg
          1.3s C:\AdwCleaner\Quarantine\registry\reg_zawauksgbmhxigsgahrmucmiggunqzjh.reg
          1.4s C:\AdwCleaner\Quarantine\registry\reg_upytrsgfbwvywfqotnrqiytfsjdfcebe.reg
          1.4s C:\AdwCleaner\Quarantine\registry\reg_xrlqxamievdazksgawvigjkzldnlejmv.reg
          1.5s C:\AdwCleaner\Quarantine\registry\reg_lqmpmwonzglkeefybkcjtoonlvpgduwj.reg
          1.6s C:\AdwCleaner\Quarantine\registry\reg_restvjviqqlslaewxugnllszfwbykjos.reg
          1.7s C:\AdwCleaner\Quarantine\registry\reg_tfkypnwxzkjdizjbbcgcjdoaxmhpdizo.reg
          1.7s C:\AdwCleaner\Quarantine\registry\reg_kvbelnrowxpjiswvrelykalubbmpznfd.reg
          1.9s C:\AdwCleaner\Quarantine\registry\reg_vhjuyqfoowswdggpdfgfitgzucjiouan.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_erjggulzgydcngpitagpmwmwtxriiiac.reg
          2.0s C:\AdwCleaner\Quarantine\registry\reg_btidwxbxcvlzqfzlnwomhhjochwafrck.reg
          2.3s C:\AdwCleaner\Quarantine\registry\reg_lwsjrtnvfcgklczkhnphylswulpdaavy.reg
          3.5s C:\Windows\Prefetch\NETSH.EXE-59756CAC.pf
          4.6s C:\AdwCleaner\AdwCleaner[C15].txt

   C:\AdwCleaner\Quarantine\files\yndstoorrhchctuxregtacilqxspofor\bilibili.dll
      Size . . . . . . . : 127.488 bytes
      Age  . . . . . . . : 2.2 days (2017-03-07 15:38:47)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 3D824E968D4E6321D01A9342D5FDAD7911D50FA4419DC46464101C88BF21348E
    > Bitdefender  . . . : Application.Elex.DA
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
          0.0s C:\AdwCleaner\Quarantine\files\yndstoorrhchctuxregtacilqxspofor\
          0.0s C:\AdwCleaner\Quarantine\files\yndstoorrhchctuxregtacilqxspofor\bilibili.dll
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\56.0.2924.87.manifest
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\chrome.dll
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\chrome.exe
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\chrome_100_percent.pak
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\chrome_200_percent.pak
          1.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\chrome_child.dll
          1.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\chrome_elf.dll
          1.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\chrome_watcher.dll
          1.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\d3dcompiler_47.dll
          1.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\icudtl.dat
          1.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\libegl.dll
          1.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\libglesv2.dll
          1.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\natives_blob.bin
          1.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\resources.pak
          1.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\bin\
          1.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\snapshot_blob.bin
          1.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\Dictionaries\
          1.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\
          1.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\am.pak
          1.4s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ar.pak
          1.4s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\bg.pak
          1.4s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\bn.pak
          1.5s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ca.pak
          1.5s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\cs.pak
          1.5s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\da.pak
          1.5s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\de.pak
          1.5s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\el.pak
          1.6s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\en-GB.pak
          1.6s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\en-US.pak
          1.6s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\es-419.pak
          1.6s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\es.pak
          1.6s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\et.pak
          1.6s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\fa.pak
          1.6s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\fake-bidi.pak
          1.7s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\fi.pak
          1.7s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\fil.pak
          1.7s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\fr.pak
          1.7s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\gu.pak
          1.8s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\he.pak
          1.8s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\hi.pak
          1.8s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\hr.pak
          1.8s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\hu.pak
          1.8s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\id.pak
          1.8s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\it.pak
          1.9s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ja.pak
          1.9s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\kn.pak
          1.9s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ko.pak
          1.9s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\lt.pak
          1.9s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\lv.pak
          1.9s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ml.pak
          2.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\mr.pak
          2.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ms.pak
          2.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\nb.pak
          2.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\nl.pak
          2.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\pl.pak
          2.0s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\pt-BR.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\pt-PT.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ro.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ru.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\sk.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\sl.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\sr.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\sv.pak
          2.1s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\sw.pak
          2.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\ta.pak
          2.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\te.pak
          2.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\th.pak
          2.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\tr.pak
          2.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\uk.pak
          2.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\vi.pak
          2.2s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\zh-CN.pak
          2.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\locales\zh-TW.pak
          2.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\VisualElements\
          2.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\VisualElements\logo.png
          2.3s C:\AdwCleaner\Quarantine\files\tzxbtblxjrdjgbszgypgesikywujzuno\Application\VisualElements\smalllogo.png
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\app.bikaQ.config
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\BikaQ.exe
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\BikaQ.exe.config
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\bikaQ.ini
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\Icon.ico
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\Interop.Microsoft.Feeds.Interop.DLL
          2.6s C:\AdwCleaner\Quarantine\files\lswypbpmgwsxdoiwqdpscgatuuxvkfij\MagicLibrary.DLL
          2.8s C:\AdwCleaner\Quarantine\files\xfskfehcyqrksuehxcpbkehpqrvudyza\QQLive\
          2.8s C:\AdwCleaner\Quarantine\files\xfskfehcyqrksuehxcpbkehpqrvudyza\QQLive\FailRecord.dat
          2.8s C:\AdwCleaner\Quarantine\files\xfskfehcyqrksuehxcpbkehpqrvudyza\
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\Accessible.tlb
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\AccessibleMarshal.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-console-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-datetime-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-debug-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-errorhandling-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-file-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-file-l1-2-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-file-l2-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-handle-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-heap-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-interlocked-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-libraryloader-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-localization-l1-2-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-memory-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-namedpipe-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-processenvironment-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-processthreads-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-processthreads-l1-1-1.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-profile-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-rtlsupport-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-string-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-synch-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-synch-l1-2-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-sysinfo-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-timezone-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-core-util-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-conio-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-convert-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-environment-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-filesystem-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-heap-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-locale-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-math-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-multibyte-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-private-l1-1-0.dll
          3.1s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-process-l1-1-0.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-runtime-l1-1-0.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-stdio-l1-1-0.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-string-l1-1-0.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-time-l1-1-0.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\api-ms-win-crt-utility-l1-1-0.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\application.ini
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\breakpadinjector.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\crashreporter.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\crashreporter.ini
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\d3dcompiler_47.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\dependentlibs.list
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\fbox.bin
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\Firefox.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\firefox.VisualElementsManifest.xml
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\freebl3.chk
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\freebl3.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\IA2Marshal.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\lgpllibs.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\libEGL.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\libGLESv2.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\maintenanceservice.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\maintenanceservice_installer.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\mozavcodec.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\mozavutil.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\mozglue.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\msvcp140.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\nss3.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\nssckbi.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\nssdbm3.chk
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\nssdbm3.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\omni.ja
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\platform.ini
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\plugin-container.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\plugin-hang-ui.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\precomplete
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\removed-files
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\softokn3.chk
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\softokn3.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\ucrtbase.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\update-settings.ini
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\updater.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\updater.ini
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\vcruntime140.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\wow_helper.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\xul.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\bin\
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\bin\FirefoxUpdate.exe
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\blocklist.xml
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\chrome.manifest
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\crashreporter-override.ini
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\features\
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\features\aushelper@mozilla.org.xpi
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\features\e10srollout@mozilla.org.xpi
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\features\firefox@getpocket.com.xpi
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\components\
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\components\browsercomps.dll
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\components\components.manifest
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\extensions\
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi
          3.2s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\omni.ja
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\dictionaries\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\dictionaries\en-US.aff
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\dictionaries\en-US.dic
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\gmp-clearkey\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\features\webcompat@mozilla.org.xpi
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\gmp-clearkey\0.1\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\gmp-clearkey\0.1\clearkey.dll
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\VisualElements\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\VisualElements\VisualElements_150.png
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\browser\VisualElements\VisualElements_70.png
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\defaults\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\defaults\pref\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\defaults\pref\channel-prefs.js
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\fonts\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\fonts\EmojiOneMozilla.ttf
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\gmp-clearkey\0.1\clearkey.info
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\uninstall\
          3.3s C:\AdwCleaner\Quarantine\files\jszcaitoivtgaurygoptwgcedtxdugbn\uninstall\helper.exe
          3.6s C:\AdwCleaner\Quarantine\files\nahubpcvvyunhzvzfmxwtvpwgppzfxdh\
          3.6s C:\AdwCleaner\Quarantine\files\nahubpcvvyunhzvzfmxwtvpwgppzfxdh\MIO.exe
          3.6s C:\AdwCleaner\Quarantine\files\nahubpcvvyunhzvzfmxwtvpwgppzfxdh\loader\
          3.7s C:\AdwCleaner\Quarantine\files\tdaknrqgqrahpmezbgivdrncyiumnoth\
          3.7s C:\AdwCleaner\Quarantine\files\tdaknrqgqrahpmezbgivdrncyiumnoth\02cd3cf9-5c3f-43c3-b8aa-965763845b5d.dmp
          3.7s C:\AdwCleaner\Quarantine\files\tdaknrqgqrahpmezbgivdrncyiumnoth\2c494a67-5c7d-4f2a-925f-9ad160d98630.dmp
          3.8s C:\AdwCleaner\Quarantine\files\tdaknrqgqrahpmezbgivdrncyiumnoth\82955d19-484e-4e13-8464-a7a496738cb9.dmp
          3.8s C:\AdwCleaner\Quarantine\files\tdaknrqgqrahpmezbgivdrncyiumnoth\d6e97161-cdae-4025-b8c9-c4458dd85575.dmp
          3.8s C:\AdwCleaner\Quarantine\files\tdaknrqgqrahpmezbgivdrncyiumnoth\d9aec98a-f3b3-411d-9cb0-3f79a9036978.dmp
          3.8s C:\AdwCleaner\Quarantine\files\tdaknrqgqrahpmezbgivdrncyiumnoth\e3aa4d95-d343-4ffb-943c-60f5f7fb2898.dmp
          4.1s C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\
          4.1s C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\dmr_72.exe
          4.1s C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\Downloads\
          4.1s C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\yshaazdgpgiwmfnu.dat
          4.1s C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\Downloads\152e221a8bef8d2d13c58f995563a1a1\46bd7ff30e89de35f5e2857fdb1690df\
          4.1s C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\Downloads\152e221a8bef8d2d13c58f995563a1a1\46bd7ff30e89de35f5e2857fdb1690df\MouseRecorderSetup-1.0.51.exe
          4.1s C:\AdwCleaner\Quarantine\files\cqhtidxzllzhzglnsmbhytdwfszjprwo\Downloads\152e221a8bef8d2d13c58f995563a1a1\
          5.0s C:\AdwCleaner\Quarantine\files\bqtkcoqjmmyoveeazexqcpixbsxncdep.back
          5.0s C:\AdwCleaner\Quarantine\files\kfoqpzrqppjnjswpxlwldkbpuhqgltlx.back
          5.1s C:\AdwCleaner\Quarantine\files\jzpvhfoftmvoxokhwnomaqxputvbtbkj.back
          5.1s C:\AdwCleaner\Quarantine\files\goidlqcvcplemngijzjttmsqwwbomfqi.back
          5.1s C:\AdwCleaner\Quarantine\files\cdusxwyrqhrqkeibpscrigqemefmsvve.back
          5.2s C:\AdwCleaner\Quarantine\files\vqlfkyfafcswsudvbsghitwrgmtofuzv.back
          5.2s C:\AdwCleaner\Quarantine\files\nupvhvykdtwskqcspqvbuexpzcpwpsoi.back
          5.7s C:\AdwCleaner\Quarantine\registry\reg_ubffxbbsyllmmjxdsqhczffagorydftr.reg
          5.9s C:\AdwCleaner\Quarantine\registry\reg_mzqrolgepzsigiwfrqvtqwlbpsydcomn.reg
          6.0s C:\AdwCleaner\Quarantine\registry\reg_ythltcjcavsrrrpvzcvslfalrpcztmtu.reg
          6.1s C:\AdwCleaner\Quarantine\registry\reg_ckxdvbtnkcnyoptgrjzhaayrjiibpcnw.reg
          6.4s C:\AdwCleaner\Quarantine\registry\reg_voanubvtarivcifrewiyxzvalgvlqskx.reg
          6.5s C:\AdwCleaner\Quarantine\registry\reg_jswyvwvsaauzrtdjthmalnfpjovhyuhg.reg
          6.6s C:\AdwCleaner\Quarantine\registry\reg_vtoflvprzbvpfqytsgxcmjkreubgpeft.reg
          6.7s C:\AdwCleaner\Quarantine\registry\reg_wfclgwtbttktcezcgmyuoofpzvbdscfm.reg
          7.0s C:\AdwCleaner\Quarantine\registry\reg_ikmhacfulopmqcqqtbdzwwbymezuybgz.reg
          7.1s C:\AdwCleaner\Quarantine\registry\reg_alrecaglepdawrmrtipucrbyemuaolne.reg
          7.4s C:\AdwCleaner\Quarantine\registry\reg_xqguqzyxanybsuvatuhkfjbvazwcuyzz.reg
          7.5s C:\AdwCleaner\Quarantine\registry\reg_zppktzhudqgtzkdgremwgosltiwcnteh.reg
          7.7s C:\AdwCleaner\Quarantine\registry\reg_yetnslvkwivnpteopbyepzlkuxnfvrsv.reg
          7.8s C:\AdwCleaner\Quarantine\registry\reg_mmmdbilpabnzkhpytxfopjrcvsucseee.reg
          7.8s C:\AdwCleaner\Quarantine\registry\reg_brkkxgugjcekhozyhdtijdttmslabcze.reg
          7.8s C:\AdwCleaner\Quarantine\registry\reg_rmdwamkotbhzikfawjyfyosfcazzbumx.reg
          8.0s C:\AdwCleaner\Quarantine\registry\reg_qjizhysipxdrbntxfibthqibamrpeauh.reg
          8.0s C:\AdwCleaner\Quarantine\registry\reg_yksyuaanorsfynzgtkmqzhsqrurqcsfa.reg
          8.0s C:\AdwCleaner\Quarantine\registry\reg_aioholtlmudhxpcvhemzrgpojnfsgpba.reg
          8.1s C:\AdwCleaner\Quarantine\registry\reg_hghlefktkkszguoknumljdbrmqplcaqa.reg
          8.4s C:\AdwCleaner\Quarantine\registry\reg_tezzufvzmkldhrkwabwztsaqgslcbnyy.reg
          8.5s C:\AdwCleaner\Quarantine\registry\reg_pqwxjaejtxttsagxwojrdzwlispfrjsy.reg
          8.5s C:\AdwCleaner\Quarantine\registry\reg_gecgspeiltsuryvisqxjrxpxkosmsmrz.reg
          8.6s C:\AdwCleaner\Quarantine\registry\reg_vppwmtanybecllmqdyskzabwzyoiweaa.reg
          8.6s C:\AdwCleaner\Quarantine\registry\reg_cnnanzilvckgvinejultajyexhwrmzaw.reg
          8.6s C:\AdwCleaner\Quarantine\registry\reg_ikhoubhqhlvblliiojthocomncdxqmxm.reg
          8.6s C:\AdwCleaner\Quarantine\registry\reg_rdrqsgfooomxghksosehepoinarrqazu.reg
          8.7s C:\AdwCleaner\Quarantine\registry\reg_gawywypzzjwjhckrdayrhrnlhzheqjpv.reg
          8.8s C:\AdwCleaner\Quarantine\registry\reg_epliqhyfghjzlozcqhjzflbwctfbhxtx.reg
          8.8s C:\AdwCleaner\Quarantine\registry\reg_fvtvtqwzttnbgwchfnbisrpjwwpadoqk.reg
          8.8s C:\AdwCleaner\Quarantine\registry\reg_xqmhigbdzecocijstplywsubbkanqvut.reg
          8.9s C:\AdwCleaner\Quarantine\registry\reg_uuwbyrqdnozqawylwojhamhsraysmssi.reg
          8.9s C:\AdwCleaner\Quarantine\registry\reg_kfkbzacbqxtndjqwxvpwofzzmuyclltq.reg
          9.1s C:\AdwCleaner\Quarantine\registry\reg_pbtjnsmezaqefphqybaqpjwhtcaotpxb.reg
          9.1s C:\AdwCleaner\Quarantine\registry\reg_wgifjkkvqfxmxyporqfrtutssnxasaez.reg
          9.1s C:\AdwCleaner\Quarantine\registry\reg_zykvojxtbwwczctmirpydmaopgjdnhad.reg

   C:\ProgramData\Apple Computer\Installer Cache\setup.dll
      Size . . . . . . . : 384.000 bytes
      Age  . . . . . . . : 23.2 days (2017-02-14 14:06:29)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : BD6E5908E8BB639D05C4CC0C40AE118195BFA47C695BB4C0B16C7A92D13B24F3
    > Bitdefender  . . . : Gen:Variant.Adware.Zusy.219711
    > HitmanPro  . . . . : App/Generic-LA
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
          0.0s C:\ProgramData\Apple Computer\Installer Cache\setup.dll
          0.1s C:\ProgramData\Apple Computer\
          0.1s C:\ProgramData\Apple Computer\Installer Cache\

   C:\ProgramData\bfibe\regkey.exe
      Size . . . . . . . : 102.912 bytes
      Age  . . . . . . . : 98.2 days (2016-12-01 14:32:30)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : FFF2818CAA9040486A634896F329B8AEBAEC9121BDF9982841F0646763A1686B
    > Bitdefender  . . . : Gen:Variant.Mikey.57768
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ELEX.and
    > HitmanPro  . . . . : App/Generic-DA
      Fuzzy  . . . . . . : 98.0

   C:\ProgramData\bfibe\yacqq.exe
      Size . . . . . . . : 262.144 bytes
      Age  . . . . . . . : 98.2 days (2016-12-01 14:32:30)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 98AA2A5E01E594F5D71A564EFDAB45967E3A68E313B8E4768EBE344C3EA4F7AF
    > Bitdefender  . . . : Adware.GenericKD.3799140
    > Kaspersky  . . . . : not-a-virus:Downloader.Win32.AdLoad.xtzr
      Fuzzy  . . . . . . : 98.0


Suspicious files ____________________________________________________________

   C:\Users\Princhi\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.423.808 bytes
      Age  . . . . . . . : 1.1 days (2017-03-08 17:24:45)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : D3F6B73F9517C1058A870B3411AF3A7DDA50A94B76ED0A29D0EF7E55601BCA04
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Princhi\Desktop\FRST64.exe
      Size . . . . . . . : 2.423.808 bytes
      Age  . . . . . . . : 0.9 days (2017-03-08 21:30:32)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 0C11A0E7E1D7950EAAB54F640609BD62DC8E7F6CCBDD4520ACD6E0A67C252262
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.5s C:\Users\Princhi\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
         -0.5s C:\Users\Princhi\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_556BB0FF4D382D90E7703209690E089E
          0.0s C:\Users\Princhi\Desktop\FRST64.exe

   C:\WINDOWS\SysWoW64\GameMon.des
      Size . . . . . . . : 3.519.984 bytes
      Age  . . . . . . . : 368.2 days (2016-03-06 14:46:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 7155805F2DE29FBD04950FB08AA75A5C49AAEC3C6AEF645837823D292B8C338D
      Product  . . . . . : nProtect Game Monitor
      Publisher  . . . . : INCA Internet Co., Ltd.
      Description  . . . : nProtect Game Monitor Rev 2376
      Version  . . . . . : 2016.1.25.1
      RSA Key Size . . . : 2048
      Service  . . . . . : npggsvc
      LanguageID . . . . : 1042
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}\ (YoutubeAdBlock)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKU\S-1-5-21-88799701-2343346839-193955109-1001\SOFTWARE\IM\ (Sweetpacks)

Tepcon · 09.03.2017, 19:58

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2017
durchgeführt von Princhi (Administrator) auf EPONA (09-03-2017 19:54:43)
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5450\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Blackcomb] => C:\Program Files (x86)\Samsung Connection Manager\ModemPnPService.exe [131072 2011-02-11] (Samsung Electronics.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1206784 2016-08-12] (Cisco Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2017-02-21] (Electronic Arts)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [Spotify Web Helper] => C:\Users\Princhi\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [ISUSPM] => C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [572416 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-05-05] (Dropbox, Inc.)
Startup: C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{11c06b9c-c7a3-42f0-b493-0dcb6de1d03f}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{1920ae60-1c7d-4c3e-8d02-ba2d7909bffb}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aa061a8-dd76-4dde-ab8c-36f40625fc51}: [DhcpNameServer] 139.7.30.126 0.0.0.0

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-08] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-08] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-88799701-2343346839-193955109-1001 -> hxxp://www.google.com

FireFox:
========
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @gametree.co.kr/GTL -> C:\ProgramData\Gametree\GTL\npGTL.dll [2013-06-13] (NtreevSoft)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-08] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-22] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [Keine Datei]
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Präsentationen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-09]
CHR Extension: (Google Docs) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-09]
CHR Extension: (Google Drive) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-09]
CHR Extension: (YouTube) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-09]
CHR Extension: (Google Tabellen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Google Mail) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-09]
CHR Extension: (pumpkin) - C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkigkiflejlmpibnlecfdgkhjijgkoao [2016-10-19]
CHR Profile: C:\Users\Princhi\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-08]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 HmaOpenVpnService; D:\Programme\HMA! Pro VPN\bin\openvpnserv.exe [46688 2016-09-23] (The OpenVPN Project)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3519984 2016-01-27] (INCA Internet Co., Ltd.)
S2 Ntp2NetSvc; C:\Program Files (x86)\notepad2\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 Ntp2UpSvc; C:\Program Files (x86)\Common Files\ntp2UpSvc\notepad2.exe [2340864 2017-02-16] (Don HO don.h@free.fr) [Datei ist nicht signiert]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2124296 2017-02-21] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2185232 2017-02-21] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 C2XXCOM; C:\WINDOWS\system32\DRIVERS\C2XXCOM76.sys [49920 2010-08-09] (Samsung Electronics)
S3 C2xxUSB; C:\WINDOWS\system32\DRIVERS\C2xxUSB76.sys [46080 2010-11-04] (Samsung Electronics)
S3 C2xxUsbStorage; C:\WINDOWS\system32\DRIVERS\C2xSTR76.sys [9216 2010-06-10] (Samsung Electronics)
S3 cpuz137; C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [26856 2014-02-17] (CPUID)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2014-11-19] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [27136 2016-09-23] (The OpenVPN Project)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-09] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-09] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-09] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-09] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 Secdrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [20128 2017-02-28] () [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36808 2016-08-15] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-09 19:39 - 2017-03-09 19:52 - 00000000 ____D C:\ProgramData\HitmanPro
2017-03-09 17:31 - 2017-03-09 17:31 - 00002332 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-09 17:31 - 2017-03-09 17:31 - 00002320 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-09 17:26 - 2017-03-09 17:26 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Desktop\ChromeSetup.exe
2017-03-09 17:10 - 2017-03-09 17:11 - 11581544 _____ (SurfRight B.V.) C:\Users\Princhi\Desktop\HitmanPro_x64.exe
2017-03-09 17:06 - 2017-03-09 17:06 - 02870984 _____ (ESET) C:\Users\Princhi\Desktop\esetsmartinstaller_deu.exe
2017-03-08 22:33 - 2017-03-08 22:33 - 00048843 _____ C:\Users\Princhi\Desktop\SystemLook.zip
2017-03-08 21:42 - 2017-03-08 22:07 - 00671952 _____ C:\Users\Princhi\Desktop\SystemLook.txt
2017-03-08 21:39 - 2017-03-08 21:40 - 00165376 _____ C:\Users\Princhi\Desktop\SystemLook_x64.exe
2017-03-08 21:31 - 2017-03-09 16:08 - 00016719 _____ C:\Users\Princhi\Desktop\Fixlog.txt
2017-03-08 21:30 - 2017-03-08 21:30 - 00000000 ____D C:\Users\Princhi\Desktop\FRST-OlderVersion
2017-03-08 20:30 - 2017-03-08 20:30 - 00037601 _____ C:\Users\Princhi\Downloads\mbam.zip
2017-03-08 20:30 - 2017-03-08 20:30 - 00037601 _____ C:\Users\Princhi\Desktop\mbam.zip
2017-03-08 19:37 - 2017-03-09 16:33 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-08 19:04 - 2017-03-09 16:43 - 00045668 _____ C:\Users\Princhi\Desktop\Addition.txt
2017-03-08 19:03 - 2017-03-09 19:54 - 00020472 _____ C:\Users\Princhi\Desktop\FRST.txt
2017-03-08 19:01 - 2017-03-08 19:12 - 00000548 _____ C:\Users\Princhi\Desktop\JRT.txt
2017-03-08 18:59 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Desktop\JRT.exe
2017-03-08 18:58 - 2017-03-08 18:59 - 01663736 _____ (Malwarebytes) C:\Users\Princhi\Downloads\JRT.exe
2017-03-08 18:51 - 2017-03-08 18:51 - 00819352 _____ C:\Users\Princhi\Desktop\mbam.txt
2017-03-08 18:21 - 2017-03-09 16:33 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-08 18:20 - 2017-03-09 17:34 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-08 18:20 - 2017-03-09 16:33 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-08 18:20 - 2017-03-09 16:33 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-08 18:20 - 2017-03-08 18:20 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-08 18:20 - 2017-03-08 18:20 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-08 18:20 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-08 18:19 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Desktop\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 18:15 - 2017-03-08 18:19 - 57131432 _____ (Malwarebytes ) C:\Users\Princhi\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-08 17:41 - 2017-03-08 18:08 - 00080986 _____ C:\TDSSKiller.3.1.0.12_08.03.2017_17.41.13_log.txt
2017-03-08 17:39 - 2017-03-08 17:39 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Princhi\Downloads\tdsskiller.exe
2017-03-08 17:32 - 2017-03-08 17:33 - 00065691 _____ C:\Users\Princhi\Downloads\Addition.txt
2017-03-08 17:31 - 2017-03-09 19:54 - 00000000 ____D C:\FRST
2017-03-08 17:31 - 2017-03-08 17:33 - 00042386 _____ C:\Users\Princhi\Downloads\FRST.txt
2017-03-08 17:24 - 2017-03-08 21:30 - 02423808 _____ (Farbar) C:\Users\Princhi\Desktop\FRST64.exe
2017-03-08 16:39 - 2017-03-08 16:40 - 02870984 _____ (ESET) C:\Users\Princhi\Downloads\esetsmartinstaller_deu.exe
2017-03-07 17:37 - 2017-03-07 17:38 - 00124970 _____ C:\Users\Princhi\Downloads\IMG_20170307_0001.pdf
2017-03-07 15:41 - 2017-03-07 15:41 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup (1).exe
2017-03-02 15:14 - 2017-03-02 15:14 - 04031440 _____ C:\Users\Princhi\Desktop\adwcleaner_6.044.exe
2017-03-01 17:31 - 2017-03-01 17:32 - 09036000 _____ (GOG.com ) C:\Users\Princhi\Downloads\setup_settlers3_2.0.0.17.exe
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\AppData\Local\TeamSpeak 3
2017-03-01 15:31 - 2017-03-01 15:31 - 00000000 ____D C:\Users\Princhi\.TeamSpeak 3
2017-03-01 14:19 - 2017-03-02 15:15 - 00001180 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-02-28 22:11 - 2017-02-28 22:11 - 00004096 _____ C:\WINDOWS\d3dx.dat
2017-02-28 21:45 - 2017-02-28 23:30 - 00020128 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2017-02-28 21:44 - 2017-02-28 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
2017-02-22 14:34 - 2017-02-22 14:34 - 04015056 _____ C:\Users\Princhi\Downloads\Nicht bestätigt 889461.crdownload
2017-02-16 15:21 - 2017-02-16 15:21 - 00000000 ____D C:\Program Files (x86)\notepad2
2017-02-14 21:54 - 2017-02-14 21:54 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (5).pdf
2017-02-14 14:06 - 2017-02-14 14:06 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-13 17:39 - 2017-02-13 17:39 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (4).pdf
2017-02-13 13:30 - 2017-02-13 13:30 - 01366581 _____ C:\Users\Princhi\Downloads\1.07 Grundlagen des Rechts - Methodenlehre (2).pdf
2017-02-13 13:29 - 2017-02-13 13:29 - 00460744 _____ C:\Users\Princhi\Downloads\1.04 Grundlagen des Rechts - Methodenlehre (1).pdf
2017-02-13 13:23 - 2017-02-13 13:23 - 00099088 _____ C:\Users\Princhi\Downloads\WS2016-17_Hausarbeit_Sachverhalt und Hinweise (3).pdf
2017-02-12 19:35 - 2017-02-12 19:35 - 00019905 _____ C:\Users\Princhi\Downloads\Hausarbeit_Vorlage_Iurratio_de (1).odt
2017-02-10 13:43 - 2017-02-10 13:43 - 01129376 _____ (Google Inc.) C:\Users\Princhi\Downloads\ChromeSetup.exe
2017-02-10 13:33 - 2017-02-10 13:33 - 04015056 _____ C:\Users\Princhi\Downloads\adwcleaner_6.043.exe
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-08 16:57 - 2017-02-08 16:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-08 16:57 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-08 16:57 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-08 16:57 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-08 16:57 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-08 16:56 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-08 16:56 - 2016-12-29 14:06 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-07 19:53 - 2017-02-07 19:53 - 00015226 _____ C:\Users\Princhi\Downloads\Hausarbeit.odt

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-03-09 19:54 - 2015-01-25 19:13 - 00000000 ____D C:\Users\Princhi\AppData\Local\Battle.net
2017-03-09 19:50 - 2014-11-07 17:25 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\TS3Client
2017-03-09 19:00 - 2014-11-01 23:48 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Spotify
2017-03-09 18:15 - 2016-09-05 16:41 - 00000000 ____D C:\Users\Princhi
2017-03-09 18:04 - 2015-01-25 19:13 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-03-09 18:02 - 2016-09-05 16:34 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-09 16:38 - 2016-07-16 23:51 - 01124082 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-09 16:38 - 2016-07-16 23:51 - 00269244 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-09 16:38 - 2015-08-04 22:14 - 02636028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-09 16:32 - 2016-09-05 16:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-09 16:32 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-09 16:32 - 2016-07-16 07:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-09 15:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-09 13:24 - 2015-05-23 11:51 - 00000000 ____D C:\Users\Princhi\Documents\The Witcher 3
2017-03-09 11:32 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-09 11:31 - 2015-02-08 19:49 - 00000000 ____D C:\AdwCleaner
2017-03-09 11:27 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-09 00:13 - 2014-11-02 13:20 - 00000000 ____D C:\Users\Princhi\AppData\Local\Spotify
2017-03-08 22:45 - 2016-04-23 01:04 - 00000000 ____D C:\Users\Princhi\AppData\Local\CrashDumps
2017-03-08 21:33 - 2014-11-01 14:28 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-03-08 21:31 - 2015-11-10 21:03 - 00000000 ____D C:\Users\Princhi\AppData\LocalLow\Temp
2017-03-08 18:46 - 2016-03-29 20:28 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-03-08 18:20 - 2014-12-17 15:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-08 18:13 - 2016-08-08 20:40 - 00000000 ____D C:\Users\Princhi\Desktop\Programme
2017-03-08 16:27 - 2014-12-26 16:00 - 00000000 ____D C:\ProgramData\Apple
2017-03-08 16:27 - 2014-11-02 14:54 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Origin
2017-03-08 16:24 - 2017-01-18 17:56 - 00001793 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-03-08 14:32 - 2014-11-02 14:45 - 00000000 ____D C:\ProgramData\Origin
2017-03-07 15:38 - 2016-10-26 18:28 - 00000000 ____D C:\WINDOWS\system32\log
2017-03-07 13:40 - 2014-11-24 12:36 - 00000000 ____D C:\Program Files (x86)\Origin
2017-03-07 01:47 - 2016-08-08 19:33 - 00000000 ____D C:\Users\Princhi\Desktop\Games
2017-03-07 01:46 - 2016-08-08 20:42 - 00000000 ____D C:\Users\Princhi\Desktop\Daten
2017-03-03 18:32 - 2016-08-01 19:35 - 00000000 ____D C:\Users\Princhi\AppData\Local\BewerbungsMaster
2017-03-02 15:15 - 2016-06-18 17:14 - 00001042 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-03-01 15:30 - 2014-11-07 17:25 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2017-03-01 02:10 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-28 21:44 - 2015-01-25 20:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-28 00:24 - 2016-12-13 16:57 - 00003274 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-28 00:24 - 2015-08-04 22:26 - 00002420 _____ C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-28 00:24 - 2015-08-04 22:26 - 00000000 ___RD C:\Users\Princhi\OneDrive
2017-02-24 00:34 - 2014-10-31 14:43 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-22 15:41 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 13:55 - 2014-10-31 13:26 - 00000000 ____D C:\Users\Princhi\AppData\Local\Packages
2017-02-16 14:18 - 2017-01-19 19:06 - 00001415 _____ C:\Users\Public\Desktop\Die Sims 4.lnk
2017-02-16 13:59 - 2014-10-31 16:58 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-12 19:26 - 2016-04-14 12:50 - 00000000 ____D C:\Users\Princhi\AppData\Local\BlackDesertOnline
2017-02-08 16:57 - 2016-09-05 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-08 16:57 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-08 16:56 - 2016-09-05 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-07 22:11 - 2016-12-14 21:29 - 00000000 ____D C:\Users\Princhi\Desktop\UNI
2017-02-07 16:55 - 2016-08-24 10:17 - 00000000 ____D C:\Users\Princhi\AppData\Roaming\Skype

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-10-31 14:52 - 2014-11-22 00:55 - 0000153 _____ () C:\Users\Princhi\AppData\Roaming\WB.CFG
2014-11-02 03:52 - 2014-11-22 00:55 - 0000001 _____ () C:\Users\Princhi\AppData\Local\DSI.DAT
2016-09-05 16:36 - 2016-09-05 16:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-03-07 17:06

==================== Ende von FRST.txt ============================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Princhi (09-03-2017 19:55:23)
Gestartet von C:\Users\Princhi\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-05 15:59:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-88799701-2343346839-193955109-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-88799701-2343346839-193955109-503 - Limited - Disabled)
Gast (S-1-5-21-88799701-2343346839-193955109-501 - Limited - Disabled)
Princhi (S-1-5-21-88799701-2343346839-193955109-1001 - Administrator - Enabled) => C:\Users\Princhi

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
AdVenture Capitalist (HKLM\...\Steam App 346900) (Version:  - Hyper Hippo Games)
American Truck Simulator MULTi23 - ElAmigos Version 1.3.1.1 (HKLM-x32\...\{1E1A283E-DA44-4DCB-BC57-295E54DF18CA}_is1) (Version: 1.3.1.1 - SCS Software)
Ansel (Version: 372.70 - NVIDIA Corporation) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BEWERBUNGSMASTER (HKLM-x32\...\ST6UNST #1) (Version:  - )
Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon MG6600 series Benutzerregistrierung (HKLM-x32\...\Canon MG6600 series Benutzerregistrierung) (Version:  - *Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)
CASIO FA-124 (HKLM-x32\...\{FB47E710-6249-4EFA-BE36-E922B0612AF4}) (Version: 2.04.0000 - CASIO COMPUTER CO., LTD.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
CodeBlocks (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\CodeBlocks) (Version: 16.01 - The Code::Blocks Team)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.27.80.1020 - Electronic Arts Inc.)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Dropbox (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Duke Nukem Forever (HKLM\...\Steam App 57900) (Version:  - Gearbox Software)
Dying Light Ultimate Edition MULTi2 1.0 (HKLM-x32\...\Dying Light Ultimate Edition MULTi2 1.0) (Version:  - )
Euro Truck Simulator 2 Demo (HKLM\...\Steam App 231120) (Version:  - SCS Software)
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Fable Anniversary (HKLM-x32\...\Steam App 288470) (Version:  - Lionhead Studios)
Fallout 4 MULTi2 1.1.30 (HKLM-x32\...\Fallout 4 MULTi2 1.1.30) (Version:  - )
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version:  - SQUARE ENIX)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
fx-Manager PLUS (90-Day Trial) (HKLM-x32\...\{80447814-A99C-415D-B019-7A825CEE064B}) (Version: 02.04.4100.0291 - CASIO COMPUTER CO., LTD.)
GameMaker: Player (HKLM-x32\...\GameMakerPlayer) (Version: 1.4.1242.41000 - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
Gametree Launcher (HKLM-x32\...\GTL) (Version: 3.0.26.0 - NtreevSoft)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GRID (HKLM\...\Steam App 12750) (Version:  - Codemasters Studios)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HMA! Pro VPN 3.2.13.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.2.13.0 - Privax Ltd)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manga Studio (HKLM-x32\...\{CFA66508-B19D-4032-AB0A-EBBA2BDF1368}) (Version: 5.0.2 - Smith Micro)
Microsoft OneDrive (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MouseRecorder v1.0.51 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.51 - Bartels Media GmbH)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.52.3 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA Miracast Virtueller Ton 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.5.25153 - Electronic Arts, Inc.)
osu! (HKLM-x32\...\{180b9d5a-5197-4326-bcb0-fe448086015b}) (Version: latest - ppy Pty Ltd)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PC Wizard 2015.2.14 (HKLM-x32\...\PC Wizard 2015_is1) (Version:  - CPUID)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Risen 3 Titan Lords Enhanced Edition MULTI2 1.0 (HKLM-x32\...\Risen 3 Titan Lords Enhanced Edition MULTI2 1.0) (Version:  - )
RPG MAKER VX Ace (HKLM-x32\...\RPG MAKER VX Ace_is1) (Version: 1.01a - )
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
SABnzbd 0.7.19 (HKLM-x32\...\SABnzbd) (Version: 0.7.19 - The SABnzbd Team)
Samsung Connection Manager (HKLM-x32\...\{F3F95061-0427-4386-AB03-1556CBE52927}) (Version: 112.6 - Samsung Electronics)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Spotify) (Version: 1.0.50.41368.gbd68dbef - Spotify AB)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{6C8C4577-8E15-4C63-96ED-D40F2072FF74}) (Version: 6.0.19.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{9C926493-16C0-438E-8E51-BC3638E29ABB}) (Version: 6.1.4.0 - Husdawg, LLC)
Tales of Symphonia Version 1.0 u3 (HKLM-x32\...\{1E213234-7E5C-42A5-8FA1-766E7728015D}_is1) (Version: 1.0 u3 - Bandai Namco Entertainment)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Sims 3 Ultimate Collection Version 1.67.2 (HKLM-x32\...\The Sims 3 Ultimate Collection_is1) (Version: 1.67.2 - EA Games)
The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition Incl. Blood and Wine DLC and Update 14 MULTi2 1.22) (Version:  - )
The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02 (HKLM-x32\...\The Witcher 3 Wild Hunt Collectors Edition MULTi2 1.02) (Version:  - )
Trillian (HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\Trillian) (Version:  - Cerulean Studios, LLC)
Undertale version 1.0 u09.03.2016 (HKLM-x32\...\{800C5999-FCC6-4C6D-95B6-5E8574896874}_is1) (Version: 1.0 u09.03.2016 - tobyfox)
Vegas Pro 13.0 (64-bit) (HKLM\...\{386F5740-091D-11E4-B13E-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vodafone Mobile Connect Lite (HKLM-x32\...\{B5761811-28F3-4257-B537-815C5EEF472C}) (Version: 3.1.2.104 - Vodafone)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-88799701-2343346839-193955109-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Princhi\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0E524B03-1D26-41B6-ABD2-F29FB4F8B41D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-02-24] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe 
Task: {36FA50E1-D56E-483F-AEE3-3F296E349404} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {4B9C0926-CF32-484A-A741-A6E2C89BC329} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {59D17917-85E1-4E2E-959F-2F02B05AA878} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Princhi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {B5BB4BD1-F18C-40B3-8925-0E98012E2F12} - System32\Tasks\{BAAF7A63-576A-4E4E-96F8-72A8EBB68660} => pcalua.exe -a "D:\Games\The Witcher 3 Wild Hunt\Uninstall.exe"
Task: {CCE2E5E1-F1F1-4AF8-A21C-2B15C00FCB0D} - System32\Tasks\{D07A19C7-CDC4-4BD3-B00B-C2829140E6CD} => pcalua.exe -a "C:\Users\Princhi\Downloads\skse_1_07_01_installer (1).exe" -d C:\Users\Princhi\Downloads
Task: {D533BD21-EC84-4A14-AEE8-FB6F0D3FAD3B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe 
Task: {DDE677D5-0F3E-48FB-B0D1-BC1F907283F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-05 16:36 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2017-03-08 18:20 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-08 18:20 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 11:03 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2015-01-18 19:06 - 2015-08-21 19:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-12-14 19:40 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-06-07 17:29 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-09-13 19:42 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 21:54 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-04-01 22:05 - 2013-10-29 13:49 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2015-04-01 22:05 - 2013-06-26 16:01 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-01-11 21:54 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 21:54 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 21:54 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-03-01 21:00 - 2017-03-01 21:10 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-03-01 21:00 - 2017-03-01 21:10 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-03-01 21:00 - 2017-03-01 21:09 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-05 17:25 - 2016-06-05 17:29 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-03-01 21:00 - 2017-03-01 21:10 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-03-01 21:00 - 2017-03-01 21:11 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-03-04 14:27 - 2016-03-04 14:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-02-24 01:09 - 2017-02-24 01:09 - 01457128 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\Battle.net Helper.exe
2014-02-28 10:14 - 2017-03-01 15:30 - 00176408 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-08-04 14:43 - 2017-03-01 15:30 - 00107288 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-08-04 14:43 - 2017-03-01 15:30 - 00121624 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-08-04 14:46 - 2017-03-01 15:30 - 00319768 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2017-03-01 15:31 - 2017-03-01 15:31 - 00134144 _____ () C:\Users\Princhi\AppData\Roaming\TS3Client\plugins\gamepad_joystick_win64.dll
2014-08-04 14:46 - 2017-03-01 15:30 - 00488216 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2016-08-12 13:20 - 2016-08-12 13:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-09-15 12:55 - 2017-02-14 01:06 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2015-04-14 16:46 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-04-01 22:05 - 2013-01-15 16:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2015-04-01 22:05 - 2013-06-26 16:01 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2017-02-24 01:10 - 2017-02-24 01:12 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libcef.dll
2017-02-24 01:12 - 2017-02-24 01:12 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ortp.dll
2017-02-24 01:12 - 2017-02-24 01:12 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libEGL.dll
2017-02-24 01:12 - 2017-02-24 01:12 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libGLESv2.dll
2017-02-24 01:12 - 2017-02-24 01:12 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libglesv2.dll
2017-02-24 01:12 - 2017-02-24 01:12 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\libegl.dll
2017-02-24 01:09 - 2017-02-24 01:09 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8423\ffmpegsumo.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\123simsen.com -> www.123simsen.com

Da befinden sich 7866 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2013-08-22 14:25 - 2015-07-26 00:22 - 00450771 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com

Da befinden sich 15463 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-88799701-2343346839-193955109-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Princhi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\StartupFolder: => "EvernoteClipper.lnk"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-88799701-2343346839-193955109-1001\...\StartupApproved\Run: => "FlashUpdate"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [TCP Query User{649C4E67-76FA-41B2-AC20-CB9A7DCE0AC1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{9D6995F4-621F-468C-9927-30F9F39A47E4}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{AC17E31E-0877-4B73-BF4F-CE51AE51DB23}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C56E2EF1-A1A8-44ED-87DD-E3972842FDB1}C:\users\princhi\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\princhi\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8F92BC02-8D67-40A2-9B5C-49289B97BEAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{38D3C58F-FC97-420A-B80D-163954C02E84}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [UDP Query User{126E0033-5345-4CC7-8F9B-601FC30449C0}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{9AEC5745-EDC4-49E6-A150-76E6C87FB2B9}D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2E63817F-11F7-40DA-96AC-2523CB6D1588}D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) D:\games\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

22-02-2017 15:40:58 Windows Update
01-03-2017 18:18:03 Geplanter Prüfpunkt
08-03-2017 19:00:32 JRT Pre-Junkware Removal
08-03-2017 19:11:46 JRT Pre-Junkware Removal

==================== Fehlerhafte Geräte im Gerätemanager =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (03/09/2017 07:34:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 07:34:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 07:33:35 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 05:26:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Princhi\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 05:10:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Princhi\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 05:08:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 05:08:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 05:07:11 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Princhi\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 05:07:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Princhi\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (03/09/2017 05:07:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Princhi\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.


Systemfehler:
=============
Error: (03/09/2017 05:42:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/09/2017 05:42:58 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Princhi\AppData\Local\Temp\ehdrv.sys

Error: (03/09/2017 05:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/09/2017 05:42:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Princhi\AppData\Local\Temp\ehdrv.sys

Error: (03/09/2017 05:42:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/09/2017 05:42:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Princhi\AppData\Local\Temp\ehdrv.sys

Error: (03/09/2017 05:35:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/09/2017 05:35:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Princhi\AppData\Local\Temp\ehdrv.sys

Error: (03/09/2017 05:35:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (03/09/2017 05:35:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Princhi\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-03-07 15:34:35.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-03-07 15:08:10.789
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-03 17:00:27.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-03 16:56:56.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-21 01:08:28.137
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-21 00:12:20.064
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 23:15:15.099
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 22:03:49.090
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 21:52:52.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

  Date: 2017-01-20 21:12:20.027
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 8093.39 MB
Verfügbarer physikalischer RAM: 5396.66 MB
Summe virtueller Speicher: 9373.39 MB
Verfügbarer virtueller Speicher: 5901.27 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:390.16 GB) (Free:141.39 GB) NTFS
Drive d: (Volume) (Fixed) (Total:540.4 GB) (Free:152.63 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Google Chrome sieht sauber aus, habe es neu installiert und die Einstellungen zurückgesetzt bevor ich die Scans gemacht habe.

M-K-D-B · 09.03.2017, 20:44

Servus,

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
C:\ProgramData\Apple Computer\Installer Cache\setup.dll
C:\ProgramData\bfibe
C:\Program Files (x86)\l9hfc0lu
C:\Windows\Installer\1abcab0f.msi
C:\Windows\Installer\1e98dce8.msi
C:\Windows\Installer\1fb887ec.msi
C:\Windows\Installer\2911fd32.msi
C:\Windows\Installer\54ab1d7.msi
C:\Windows\Installer\ab96cc6.msi
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}
DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DeleteKey: HKU\S-1-5-21-88799701-2343346839-193955109-1001\SOFTWARE\IM
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird!

Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Cleanup:
Alle Logs gepostet? Dann lade Dir bitte

DelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.

Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

	Emsisoft	Microsoft Security Essentials	ESET

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.

Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.

Optional:

Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.

NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie

.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...

und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Tepcon · 09.03.2017, 21:59

Code:

ATTFilter

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 08-03-2017
durchgeführt von Princhi (09-03-2017 21:41:34) Run:3
Gestartet von C:\Users\Princhi\Desktop
Geladene Profile: Princhi (Verfügbare Profile: Princhi)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
start
CloseProcesses:
C:\ProgramData\Apple Computer\Installer Cache\setup.dll
C:\ProgramData\bfibe
C:\Program Files (x86)\l9hfc0lu
C:\Windows\Installer\1abcab0f.msi
C:\Windows\Installer\1e98dce8.msi
C:\Windows\Installer\1fb887ec.msi
C:\Windows\Installer\2911fd32.msi
C:\Windows\Installer\54ab1d7.msi
C:\Windows\Installer\ab96cc6.msi
DeleteKey: HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986}
DeleteKey: HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
DeleteKey: HKU\S-1-5-21-88799701-2343346839-193955109-1001\SOFTWARE\IM
EmptyTemp:
end
*****************

Prozesse erfolgreich geschlossen.
C:\ProgramData\Apple Computer\Installer Cache\setup.dll => erfolgreich verschoben
C:\ProgramData\bfibe => erfolgreich verschoben
C:\Program Files (x86)\l9hfc0lu => erfolgreich verschoben
C:\Windows\Installer\1abcab0f.msi => erfolgreich verschoben
C:\Windows\Installer\1e98dce8.msi => erfolgreich verschoben
C:\Windows\Installer\1fb887ec.msi => erfolgreich verschoben
C:\Windows\Installer\2911fd32.msi => erfolgreich verschoben
C:\Windows\Installer\54ab1d7.msi => erfolgreich verschoben
C:\Windows\Installer\ab96cc6.msi => erfolgreich verschoben
HKLM\SOFTWARE\Classes\Interface\{D8CB24E3-DDA3-4B7F-8BA3-871DB7D3D986} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-88799701-2343346839-193955109-1001\SOFTWARE\IM => Schlüssel erfolgreich entfernt

=========== EmptyTemp: ==========

BITS transfer queue => 5266128 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8603944 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 41 B
Edge => 43684339 B
Chrome => 44641411 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
Princhi => 153842525 B

RecycleBin => 125240 B
EmptyTemp: => 244.3 MB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 21:41:40 ====

Alles erledigt, vielen Dank

M-K-D-B · 10.03.2017, 13:58

Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Adware Adw Cleaner hilft nicht Google Chrome infiziert

Log-Analyse und Auswertung: Adware Adw Cleaner hilft nicht Google Chrome infiziert