Re: Zwart scherm
Malwarebytes Anti-Malware
www.malwarebytes.org
Scandatum: 23-10-2016
Scantijd: 17:40
Logboekbestand: LOGvirus.txt
Beheerder: Ja
Versie: 2.2.1.1043
Malware-database: v2016.10.23.05
Rootkit-database: v2016.09.26.02
Licentie: Proef
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld
Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: C.S.Broerse
Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 330527
Verstreken tijd: 19 min, 25 sec
Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld
Processen: 0
(Geen kwaadaardige items gedetecteerd)
Modules: 0
(Geen kwaadaardige items gedetecteerd)
Registersleutels: 27
PUP.Optional.Elex.SHHKRST, HKU\S-1-5-18\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, In quarantaine, [d7ca4f4d7b1f43f3304ddaf64abaf30d],
PUP.Optional.Elex.SHHKRST, HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}, In quarantaine, [d7ca4f4d7b1f43f3304ddaf64abaf30d],
PUP.Optional.Wajam, HKLM\SOFTWARE\WNetworkEn, In quarantaine, [039edfbd089259ddecbbc928976ceb15],
PUP.Optional.CornerSunshine, HKLM\SOFTWARE\CLIENTS\Corner Sunshine, In quarantaine, [9f02217b227846f0f7a485594bb90bf5],
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0410E34F-2E6C-4BC2-8EE7-F9D0955143E1}, Verwijder-bij-herstart, [227facf0633791a56bb525a30bf926da],
PUP.Optional.WinTaske, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0FE89ED1-ABE2-4786-9577-8EE4684F607F}, Verwijder-bij-herstart, [f6ab04985a4039fdbe1b3cb418eb06fa],
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2F37C1DB-6F46-4D61-838C-5396B25B931E}, Verwijder-bij-herstart, [6c35fe9ec9d141f57fa19f29b94b1ae6],
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C20544E1-17B2-4349-BDB4-5EDEB72CC9F4}, Verwijder-bij-herstart, [4a57801cd2c842f470398241e51fea16],
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DBE5AD79-05D5-47FB-9AEF-E59A6AF7E1B9}, Verwijder-bij-herstart, [257c3b6186143006268f5c9bb35029d7],
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ChelfNotify Task, Verwijder-bij-herstart, [f9a8bae2524847efabff279cb74dbf41],
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SeablueBrowserUpdateCore, Verwijder-bij-herstart, [bee3207c2674fe380d14b711857fc040],
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SeablueBrowserUpdateUA, Verwijder-bij-herstart, [7f226438b0ea063056cba6220ef6659b],
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\SeablueCheckTask, Verwijder-bij-herstart, [f1b093099efc91a571458473b25109f7],
PUP.Optional.WinTaske, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\WinTaske, Verwijder-bij-herstart, [277a64387c1e90a6a71d02e955aea55b],
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, In quarantaine, [435e4359f2a8fc3a10db1494d52f0af6],
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\WNetworkEn, In quarantaine, [1e83d3c90991cc6ad9ce59985aa9a45c],
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\yessearchesSoftware, In quarantaine, [039ea5f79cfebd7905d635b19f648f71],
PUP.Optional.CornerSunshine, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\Corner Sunshine, In quarantaine, [49586735dfbb54e28a112db1dc28c838],
PUP.Optional.YellowSend, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\YSPackage, In quarantaine, [1091a4f81288f34342ae6657a85be11f],
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\UNINSTALL WAK, In quarantaine, [465bd9c3abef3afc605909f007fc56aa],
PUP.Optional.Interhop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}, In quarantaine, [049d3666f2a89c9a52797e96a16409f7],
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, In quarantaine, [e8b9e2ba58428ea8fcef367290741ce4],
PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GGBUGREPORT, In quarantaine, [1091d3c9f4a6c67052bde7e8a55d9868],
PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WdMan, In quarantaine, [277aa3f9415993a38b1761917d868b75],
PUP.Optional.Wajam, HKU\S-1-5-21-877917317-176977505-2041144793-1002\SOFTWARE\WajIEnhance, In quarantaine, [4958debe603aef4705ea14a66a9928d8],
PUP.Optional.YesSearches.YSSRHS1, HKU\S-1-5-21-877917317-176977505-2041144793-1002\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}, In quarantaine, [4d547824f8a2cc6a95532880a95b926e],
PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\qksee, In quarantaine, [485975278b0f75c18aee418624deb14f],
Registerwaarden: 21
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0410E34F-2E6C-4BC2-8EE7-F9D0955143E1}|Path, \SeablueBrowserUpdateCore, Verwijder-bij-herstart, [227facf0633791a56bb525a30bf926da]
PUP.Optional.WinTaske, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0FE89ED1-ABE2-4786-9577-8EE4684F607F}|Path, \WinTaske, Verwijder-bij-herstart, [f6ab04985a4039fdbe1b3cb418eb06fa]
PUP.Optional.Ghokswa, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2F37C1DB-6F46-4D61-838C-5396B25B931E}|Path, \SeablueBrowserUpdateUA, Verwijder-bij-herstart, [6c35fe9ec9d141f57fa19f29b94b1ae6]
PUP.Optional.Elex, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{C20544E1-17B2-4349-BDB4-5EDEB72CC9F4}|Path, \ChelfNotify Task, Verwijder-bij-herstart, [4a57801cd2c842f470398241e51fea16]
PUP.Optional.Ghokswa.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DBE5AD79-05D5-47FB-9AEF-E59A6AF7E1B9}|Path, \SeablueCheckTask, Verwijder-bij-herstart, [257c3b6186143006268f5c9bb35029d7]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp,
http://www.yessearches.com/?ts=AHEp...3872B879116A06DF40C47&ptid=wak&mode=ffsengext, In quarantaine, [435e4359f2a8fc3a10db1494d52f0af6]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab,
http://www.yessearches.com/?ts=AHEp...3872B879116A06DF40C47&ptid=wak&mode=ffsengext, In quarantaine, [b9e8a2fa89117bbb34b77d2b7a8a29d7]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=265423F2AEA3872B879116A06DF40C47&ptid=wak&q={searchTerms}&ts=AHEpBn0sA3MkB0..&v=20160301&mode=ffsengext, In quarantaine, [564bbddf4159c76f1ccfa404020257a9]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl,
http://www.yessearches.com/chrome.p...pBn0sA3MkB0..&v=20160301&mode=ffexttoolbar&q=, In quarantaine, [1d8449533d5de551e803bcec739136ca]
PUP.Optional.YesSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Uninstall wak|DisplayName, yessearches Uninstall, In quarantaine, [465bd9c3abef3afc605909f007fc56aa]
PUP.Optional.Interhop, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A0275D4F-FFAB-4A42-9874-B871B1C4CA3D}|DisplayName, InterHop, In quarantaine, [049d3666f2a89c9a52797e96a16409f7]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp,
http://www.yessearches.com/?ts=AHEp...3872B879116A06DF40C47&ptid=wak&mode=ffsengext, In quarantaine, [e8b9e2ba58428ea8fcef367290741ce4]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab,
http://www.yessearches.com/?ts=AHEp...3872B879116A06DF40C47&ptid=wak&mode=ffsengext, In quarantaine, [554c4c50405a3bfbfdee792fa06403fd]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=265423F2AEA3872B879116A06DF40C47&ptid=wak&q={searchTerms}&ts=AHEpBn0sA3MkB0..&v=20160301&mode=ffsengext, In quarantaine, [38697c20d7c3bd79f5f6288036ced42c]
PUP.Optional.YesSearches.YSSRHS1, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl,
http://www.yessearches.com/chrome.p...pBn0sA3MkB0..&v=20160301&mode=ffexttoolbar&q=, In quarantaine, [a4fd0498d1c9f3433ead15930cf88779]
PUP.Optional.YesSearches, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ggbugreport|ImagePath, "C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428}, In quarantaine, [1091d3c9f4a6c67052bde7e8a55d9868]
PUM.Optional.UserWLoad, HKU\S-1-5-21-877917317-176977505-2041144793-1002\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|Load, C:\Users\CSC014~1.BRO\LOCALS~1\Temp\msxeqckon.pif, In quarantaine, [772aefade3b7e35315d6963fcb3843bd]
PUP.Optional.YesSearches.YSSRHS1, HKU\S-1-5-21-877917317-176977505-2041144793-1002\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|hp,
http://www.yessearches.com/?ts=AHEp...3872B879116A06DF40C47&ptid=wak&mode=ffsengext, In quarantaine, [4d547824f8a2cc6a95532880a95b926e]
PUP.Optional.YesSearches.YSSRHS1, HKU\S-1-5-21-877917317-176977505-2041144793-1002\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|tab,
http://www.yessearches.com/?ts=AHEp...3872B879116A06DF40C47&ptid=wak&mode=ffsengext, In quarantaine, [5c455f3dc2d8171fc22691172fd5669a]
PUP.Optional.YesSearches.YSSRHS1, HKU\S-1-5-21-877917317-176977505-2041144793-1002\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|sp, http://www.yessearches.com/chrome.php?uid=265423F2AEA3872B879116A06DF40C47&ptid=wak&q={searchTerms}&ts=AHEpBn0sA3MkB0..&v=20160301&mode=ffsengext, In quarantaine, [653ca3f98b0ff73ffcec9e0aed17fa06]
PUP.Optional.YesSearches.YSSRHS1, HKU\S-1-5-21-877917317-176977505-2041144793-1002\SOFTWARE\MOZILLA\FIREFOX\{EB52F1AB-3C2B-424F-9794-833C687025CF}|surl,
http://www.yessearches.com/chrome.p...pBn0sA3MkB0..&v=20160301&mode=ffexttoolbar&q=, In quarantaine, [b2ef3a62356569cdd216792fcf35f30d]
Registerdata: 0
(Geen kwaadaardige items gedetecteerd)
--- Update ---
Daarna is het teveel om te kopieren dus heb alleen dit nog:
Mappen: 2279
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetworkEn, In quarantaine, [218064389dfd999d4298724817ecff01],
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetworkEn\Explore Social Search, In quarantaine, [218064389dfd999d4298724817ecff01],
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetworkEn\Explore Social Shopping, In quarantaine, [218064389dfd999d4298724817ecff01],
PUP.Optional.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WNetworkEn\Uninstall Wajam, In quarantaine, [218064389dfd999d4298724817ecff01],
PUP.Optional.Elex, C:\Program Files (x86)\SFK, In quarantaine, [bee3a0fcabefc76f730c11b3bc470bf5],
PUP.Optional.YellowSend, C:\Users\C.S.Broerse\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YSPackage, In quarantaine, [4a574557ff9be74fc89514adc43e44bc],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\1ff122, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\42ac3f0, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\92eec4, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\dmp, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\dmp\bugreport.exe, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\dmp\ccuter.exe, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\dmp\shortboost.exe, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\dmp\Winsere.exe, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YesSearches, C:\Program Files (x86)\SearchesToYesbnd\dmp\WinTaske.exe, In quarantaine, [b4ed148863379b9bfa2560669c667d83],
PUP.Optional.YellowSend, C:\Users\C.S.Broerse\AppData\Roaming\YSPackage, In quarantaine, [b6eb39634e4c4beb453025a122e0bc44],
PUP.Optional.Wajam, C:\Program Files\WNetworkEn, In quarantaine, [e7ba7d1f78224de93d6a81458181f30d],
PUP.Optional.Wajam, C:\Program Files\WNetworkEn\d729d2fd721bd35222aa7d29bca77f9d, In quarantaine, [e7ba7d1f78224de93d6a81458181f30d],
PUP.Optional.Winsere, C:\Program Files (x86)\Winsere, In quarantaine, [3a6715870c8e73c3a3075a6cc33f8878],
PUP.Optional.Winsere, C:\Program Files (x86)\Winsere\Winsere, In quarantaine, [3a6715870c8e73c3a3075a6cc33f8878],
PUP.Optional.Elex, C:\Users\C.S.Broerse\AppData\Roaming\qksee, In quarantaine, [a8f98418efab24121b5ca5223cc6966a],
PUP.Optional.Elex, C:\Users\C.S.Broerse\AppData\Roaming\qksee\log, In quarantaine, [a8f98418efab24121b5ca5223cc6966a],
PUP.Optional.Elex, C:\Program Files (x86)\qksee, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\itools, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\lang, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\log, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oiview, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oiview\image, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oiview\image\default, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oiview\image\default\product, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oiview\layout, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oiview\layout\default, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oiview\style, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oi_uninstall, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oi_uninstall\image, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oi_uninstall\image\default, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oi_uninstall\image\default\product, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oi_uninstall\layout, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oi_uninstall\layout\default, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\Program Files (x86)\qksee\skin\oi_uninstall\style, In quarantaine, [485975278b0f75c18aee418624deb14f],
PUP.Optional.Elex, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee, In quarantaine, [425f8c10d5c59c9a1465fdca06fc15eb],
PUP.Optional.RafoServer.ShrtCln, C:\ProgramData\eAHPeNhIUJ, In quarantaine, [c5dc35679208a393c9b26067d62c35cb],
PUP.Optional.RafoServer.ShrtCln, C:\ProgramData\eAHPeNhIUJ\protect, In quarantaine, [c5dc35679208a393c9b26067d62c35cb],