Results of system analysis

AVZ 4.46 http://z-oleg.com/secur/avz/

Process List

File namePIDDescriptionCopyrightMD5Information
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1240HP Active HealthCopyright © HP Development Company L.P. 2013-20164FF880AFFCAC2EC8B26AE13BC1EF779D194.84 kb, rsAh,created: 13.03.2016 13:05:11,modified: 18.08.2016 13:48:56
Command line:
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1768Adobe Acrobat Update ServiceCopyright © 2013 Adobe Systems Incorporated. All rights reserved.DC00FD73505DAEDD99CAF4533B0C05BD80.20 kb, rsAh,created: 16.09.2016 20:24:06,modified: 16.09.2016 20:24:06
Command line:
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
c:\program files (x86)\avira\antivirus\avgnt.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6084Avira system tray applicationCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsE49A23D41A1F29D67EE24F1E3C29B8D0896.08 kb, rsAh,created: 05.03.2016 13:12:53,modified: 11.10.2016 11:05:38
Command line:
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe" /min
c:\program files (x86)\avira\antivirus\avguard.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1900Antivirus Host Framework ServiceCopyright © 2016 Avira Operations GmbH & Co. KG and its Licensors0511A349A99745B0811B94A008C639BE464.09 kb, rsAh,created: 05.03.2016 13:12:54,modified: 11.10.2016 11:05:38
Command line:
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
c:\program files (x86)\avira\launcher\avira.systray.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6024AviraCopyright © 2015 Avira Operations GmbH & Co. KG and its Licensors2BC195F50643A542581CE8645063922E158.24 kb, rsAh,created: 24.08.2016 16:03:26,modified: 24.08.2016 16:03:26
Command line:
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe"
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
Script: Quarantine, Delete, Delete via BC, Terminate		4440AntiVir shadow copy serviceCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsF9A6B8F2B6FBEFEFBB9A090837257D771021.33 kb, rsAh,created: 05.03.2016 13:12:55,modified: 11.10.2016 11:05:46
Command line:
c:\users\anne\appdata\local\temp\oxrumao1.yxu\getsysteminfodllcache\avz\avz.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3188  FF6D0AE888488259B661DCCA3F1DBF445508.45 kb, rsAh,created: 22.01.2016 12:59:26,modified: 01.03.2016 10:43:13
Command line:
"C:\Users\Anne\AppData\Local\Temp\oxrumao1.yxu\GetSystemInfoDllCache\avz\avz.exe" Script="C:\Users\Anne\AppData\Local\Temp\oxrumao1.yxu\GetSystemInfoDllCache\avz\asa.avz" HiddenMode="3" SpoolLog="C:\Users\Anne\AppData\Local\Temp\oxrumao1.yxu\GetSystemInfo\avz.log" TempFolder="C:\Users\Anne\AppData\Local\Temp\oxrumao1.yxu\GetSystemInfo\AvzTemp"
c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6336Google ChromeCopyright 2016 Google Inc. All rights reserved.35B3E3E8AB090DB701C1766704DD624D944.10 kb, rsAh,created: 13.04.2016 21:13:51,modified: 25.09.2016 05:47:08
Command line:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2508Google ChromeCopyright 2016 Google Inc. All rights reserved.35B3E3E8AB090DB701C1766704DD624D944.10 kb, rsAh,created: 13.04.2016 21:13:51,modified: 25.09.2016 05:47:08
Command line:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --no-rate-limit "--database=C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel=-m --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=53.0.2785.143 --handshake-handle=0x1bc
c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6004Google ChromeCopyright 2016 Google Inc. All rights reserved.35B3E3E8AB090DB701C1766704DD624D944.10 kb, rsAh,created: 13.04.2016 21:13:51,modified: 25.09.2016 05:47:08
Command line:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6336.0.1248324193\1907280195" --mojo-application-channel-token=9C53540C83B42711FCDD6DD7C2A7E64C --enable-features=AutomaticTabDiscarding		c:\program files (x86)\google\chrome\application\chrome.exe
Script: Quarantine, Delete, Delete via BC, Terminate		7024Google ChromeCopyright 2016 Google Inc. All rights reserved.35B3E3E8AB090DB701C1766704DD624D944.10 kb, rsAh,created: 13.04.2016 21:13:51,modified: 25.09.2016 05:47:08
Command line:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-unsafe-es3-apis --enable-webgl-draft-extensions --enable-features=AutomaticTabDiscarding		C:\WINDOWS\System32\DbxSvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2000Dropbox Service© Microsoft Corporation. All rights reserved.2A98519A9486CEB4D0A513A2AD09C2A0error getting file info
Command line:
c:\program files (x86)\dropbox\update\dropboxupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6156Dropbox UpdateCopyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)A1F58FFF448E4099297D6EE0641D4D0E139.79 kb, rsAh,created: 09.03.2016 21:49:21,modified: 09.03.2016 21:49:12
Command line:
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /ua /installsource scheduler
c:\program files (x86)\dropbox\update\dropboxupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5700Dropbox UpdateCopyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)A1F58FFF448E4099297D6EE0641D4D0E139.79 kb, rsAh,created: 09.03.2016 21:49:21,modified: 09.03.2016 21:49:12
Command line:
"C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /svc
C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1848Service Fusion UtilityCopyright © 2009-2010 Advanced Micro Devices, Inc. All Rights Reserved.CD705E27BE16A31E1FE97DFEC4977854336.00 kb, rsAh,created: 06.08.2015 22:38:58,modified: 06.08.2015 22:38:58
Command line:
c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5824WildTangent Games App Integration Service(c) WildTangent 2013. All rights reserved.C038F33667622C46FE589D6E98396EA2341.53 kb, rsAh,created: 14.08.2015 00:33:26,modified: 14.08.2015 00:33:26
Command line:
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
c:\users\anne\downloads\getsysteminfo6.1.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5956Kaspersky Get System Info© 2016 AO Kaspersky Lab. All Rights Reserved.B1274ADF56907D8D1B85985D21576D2F10753.57 kb, rsAh,created: 14.10.2016 11:25:23,modified: 14.10.2016 11:26:43
Command line:
"C:\Users\Anne\Downloads\GetSystemInfo6.1.exe"
c:\users\anne\appdata\local\temp\s5q4\gsi.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3664Kaspersky Get System Info2016 AO Kaspersky Lab. All Rights Reserved.A729EFCD89A0C3F802A00397163C09033333.58 kb, rsAh,created: 14.10.2016 11:26:51,modified: 01.03.2016 10:40:56
Command line:
C:\Users\Anne\AppData\Local\Temp\s5q4\GSI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5732HP Support Solutions Framework Service© Copyright 2016 HP Development Company, L.P.02F1253476B7F5F818364443DFED326429.03 kb, rsAh,created: 20.12.2015 20:05:18,modified: 15.08.2016 03:56:34
Command line:
c:\program files (x86)\avira\antivirus\sched.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1552Antivirus Host Framework ServiceCopyright © 2016 Avira Operations GmbH & Co. KG and its Licensors0511A349A99745B0811B94A008C639BE464.09 kb, rsAh,created: 05.03.2016 13:12:59,modified: 11.10.2016 11:06:07
Command line:
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
c:\program files (x86)\tweaking.com\windows repair (all in one)\wr_tray_icon.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6372Tweaking.com - Windows Repair Tray Icon 8007AF9F2434F390AA51F0A516B9756F65.25 kb, rsAh,created: 11.03.2015 04:21:17,modified: 12.03.2015 01:54:32
Command line:
"C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe"
Detected:90, recognized as trusted 71
Module nameHandleDescriptionCopyrightAVZ0311Used by processes
c:\program files (x86)\avira\antivirus\57\ProductImageRc.dll
Script: Quarantine, Delete, Delete via BC		57212928Avira Antivirus Free product image resource (English)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=FC8703A2C436651692BE4FFA75ADA871
84.34 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:05:34		6084
C:\Program Files (x86)\Avira\Antivirus\57\ProductTextRc.dll
Script: Quarantine, Delete, Delete via BC		9109504Avira Antivirus Free product text resource (Base)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=9E025FD85F956D5A6D481E993B7AE822
15.91 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:05:34		6084, 1900, 1552
C:\Program Files (x86)\Avira\Antivirus\aecore.dll
Script: Quarantine, Delete, Delete via BC		1940717568Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=798044CC8D370B19A47CAEFA3711671A
241.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 21.03.2016 14:40:26		1900
C:\Program Files (x86)\Avira\Antivirus\aecrypto.dll
Script: Quarantine, Delete, Delete via BC		1940520960Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=51A5B5DB511A40E83E53942E68F3944A
125.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 12.05.2016 12:04:33		1900
C:\Program Files (x86)\Avira\Antivirus\aedroid.dll
Script: Quarantine, Delete, Delete via BC		1937768448Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=85D26C58A8479D787CF060313D326296
2662.86 kb, rsAh, created: 05.03.2016 13:12:52, modified: 27.09.2016 12:49:10		1900
C:\Program Files (x86)\Avira\Antivirus\aeemu.dll
Script: Quarantine, Delete, Delete via BC		1937309696Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=99A10AD06433D0D9F44FEC554E59FC98
394.85 kb, rsAh, created: 05.03.2016 13:12:52, modified: 18.03.2016 13:18:04		1900
C:\Program Files (x86)\Avira\Antivirus\aeexp.dll
Script: Quarantine, Delete, Delete via BC		1936982016Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=5056E6EAB3947513F94B3702CEFCC637
301.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 04.08.2016 14:24:53		1900
C:\Program Files (x86)\Avira\Antivirus\aegen.dll
Script: Quarantine, Delete, Delete via BC		1935671296Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=1B1294DB33F8651FA39025755C580F22
581.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 04.10.2016 12:49:53		1900
C:\Program Files (x86)\Avira\Antivirus\aehelp.dll
Script: Quarantine, Delete, Delete via BC		1936654336Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=310FD1DF0FD366B9571F279BE37D88AF
277.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 18.02.2016 10:49:14		1900
C:\Program Files (x86)\Avira\Antivirus\aeheur.dll
Script: Quarantine, Delete, Delete via BC		1894645760Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=39A8FBF8A58FF2F89617A183110DF4BE
10290.86 kb, rsAh, created: 05.03.2016 13:12:52, modified: 07.10.2016 16:46:57		1900
C:\Program Files (x86)\Avira\Antivirus\aelibinf.dll
Script: Quarantine, Delete, Delete via BC		1936588800Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=2992AA1D80C5D81AD74397E036415EF7
66.86 kb, rsAh, created: 05.03.2016 13:12:52, modified: 12.05.2016 12:04:33		1900
C:\Program Files (x86)\Avira\Antivirus\aemobile.dll
Script: Quarantine, Delete, Delete via BC		1934884864Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=371E57F1074E4631C779EE55439757CF
330.86 kb, rsAh, created: 05.03.2016 13:12:52, modified: 17.08.2016 18:24:23		1900
C:\Program Files (x86)\Avira\Antivirus\aeoffice.dll
Script: Quarantine, Delete, Delete via BC		1934360576Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=AB5659BE6011E6A3D6DFB43F754650AF
509.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 07.10.2016 16:46:58		1900
C:\Program Files (x86)\Avira\Antivirus\aepack.dll
Script: Quarantine, Delete, Delete via BC		1933508608Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=1F604CE05DF5465CAA2C4974F8E0E79D
786.86 kb, rsAh, created: 05.03.2016 13:12:52, modified: 22.08.2016 14:15:20		1900
C:\Program Files (x86)\Avira\Antivirus\aerdl.dll
Script: Quarantine, Delete, Delete via BC		1932656640Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=89DAF9294CF08A09C283653165ECA3F6
793.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 18.08.2016 18:41:54		1900
C:\Program Files (x86)\Avira\Antivirus\aesbx.dll
Script: Quarantine, Delete, Delete via BC		1916600320Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=877428B73C7E9D356D449B3D66D9A682
1594.85 kb, rsAh, created: 05.03.2016 13:12:52, modified: 26.06.2016 12:35:29		1900
C:\Program Files (x86)\Avira\Antivirus\aescn.dll
Script: Quarantine, Delete, Delete via BC		1932460032Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=060AC0E0858ECC3E0E58405A588F4243
137.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 04.05.2016 16:18:11		1900
C:\Program Files (x86)\Avira\Antivirus\aescript.dll
Script: Quarantine, Delete, Delete via BC		1915879424Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=43EBB150C50788C99278CB32311895B0
681.91 kb, rsAh, created: 05.03.2016 13:12:52, modified: 05.10.2016 16:14:48		1900
C:\Program Files (x86)\Avira\Antivirus\aevdf.dll
Script: Quarantine, Delete, Delete via BC		1932263424Avira Engine Module for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG. All rights reserved.MD5=852877D335F2EA01CCFC041791EB9539
138.85 kb, rsAh, created: 05.03.2016 13:12:52, modified: 21.03.2016 14:40:26		1900
c:\program files (x86)\avira\antivirus\avesvc.dll
Script: Quarantine, Delete, Delete via BC		1915027456Antivirus Engine Service Dynamic Link LibraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=B350E6A32BF97A46F79A0113E243D7EF
245.26 kb, rsAh, created: 05.03.2016 13:12:53, modified: 11.10.2016 11:05:37		1900
c:\program files (x86)\avira\antivirus\avesvcr.dll
Script: Quarantine, Delete, Delete via BC		81592320avesvc.dllCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=1EF357B96E9E0ED397957B39F4E9F271
17.41 kb, rsAh, created: 05.03.2016 13:12:53, modified: 11.10.2016 11:05:37		1900
C:\Program Files (x86)\Avira\Antivirus\avgio.dll
Script: Quarantine, Delete, Delete via BC		1932132352On-access scan supportCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=AB76449503C0B99CE68BF7915C322BFC
68.75 kb, rsAh, created: 05.03.2016 13:12:53, modified: 11.10.2016 11:05:37		1900
C:\Program Files (x86)\Avira\Antivirus\avipc.dll
Script: Quarantine, Delete, Delete via BC		1941372928AVIRA IPC LibraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=2049C04DF51DEF893A381A757695E9A3
86.34 kb, rsAh, created: 05.03.2016 13:12:54, modified: 11.10.2016 11:05:32		6084, 1900, 1552
c:\program files (x86)\avira\antivirus\avlode.dll
Script: Quarantine, Delete, Delete via BC		1909129216Avira Local DeciderCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=12A04ED76C00541C87F4A8D6F603ABDA
766.83 kb, rsAh, created: 05.03.2016 13:12:54, modified: 11.10.2016 11:05:39		1900
C:\Program Files (x86)\Avira\Antivirus\avpref.dll
Script: Quarantine, Delete, Delete via BC		1940979712Prefix DLLCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=EEBBAA9A85D43492C78A630DEBE3C69D
52.68 kb, rsAh, created: 05.03.2016 13:12:54, modified: 11.10.2016 11:05:42		1900
c:\program files (x86)\avira\antivirus\avreg.dll
Script: Quarantine, Delete, Delete via BC		1913126912Avira Registry LibraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=18FF8D0BE646AE753EE57763D61499E2
418.34 kb, rsAh, created: 05.03.2016 13:12:54, modified: 11.10.2016 11:05:42		1900
C:\Program Files (x86)\Avira\Antivirus\avwinll.dll
Script: Quarantine, Delete, Delete via BC		1905197056Avira Licensing System Dll for WindowsCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=EFA1D231CED36AB16612A52F40F8AC0D
28.52 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:33		1900
c:\program files (x86)\avira\antivirus\ccfwmgt.dll
Script: Quarantine, Delete, Delete via BC		1881800704Control center plugin of the managed firewallCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=24C102DE5BDCF9BD194CDB17D2C323E5
431.88 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:49		6084
c:\program files (x86)\avira\antivirus\ccfwmgtrc.dll
Script: Quarantine, Delete, Delete via BC		32768000Control Center General Plugin (Desktop)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=A488D762696E3997C94EF7D702A06FFC
17.41 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:49		6084
c:\program files (x86)\avira\antivirus\ccgen.dll
Script: Quarantine, Delete, Delete via BC		1880358912Control Center General PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=493101169B6E6C0B843C72DD12C257C1
1344.23 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:49		6084
c:\program files (x86)\avira\antivirus\ccgenrc.dll
Script: Quarantine, Delete, Delete via BC		45809664Control Center General Plugin Resources (Desktop)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=E6B16BE58327DC6D9D7E5125E4E49FA6
50.16 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:49		6084
c:\program files (x86)\avira\antivirus\ccmainrc.dll
Script: Quarantine, Delete, Delete via BC		51576832Control Center Resources (Desktop)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=8A1A046FD74C24B8CEF5B9EB1E2FA530
25.96 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:54		6084
c:\program files (x86)\avira\antivirus\ccmsg.dll
Script: Quarantine, Delete, Delete via BC		1879834624Control Center Message PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=B183514E2CD0AA8ADF2C537A51847F3C
458.02 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:54		6084
c:\program files (x86)\avira\antivirus\ccmsgrc.dll
Script: Quarantine, Delete, Delete via BC		46006272Control Center MSG Plugin Resources (Desktop)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=83972C6DC2CC91BD9411DEA923B59F5F
11.91 kb, rsAh, created: 05.03.2016 13:12:56, modified: 11.10.2016 11:05:54		6084
C:\Program Files (x86)\Avira\Antivirus\ccwkrlib.dll
Script: Quarantine, Delete, Delete via BC		1884422144Control Center Common Worker Library (Desktop)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=F269C8D337FFDA48849815C5006862B5
808.56 kb, rsAh, created: 05.03.2016 13:12:57, modified: 11.10.2016 11:05:59		6084
c:\program files (x86)\avira\antivirus\cfglib.dll
Script: Quarantine, Delete, Delete via BC		1945567232Avira Configuration LibraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=A84FA461A6D721A4A324F18349B5CE67
105.94 kb, rsAh, created: 05.03.2016 13:12:57, modified: 11.10.2016 11:05:33		6084, 1900, 1552
c:\program files (x86)\avira\antivirus\CommonImageRc.dll
Script: Quarantine, Delete, Delete via BC		41549824Avira Antivirus Pro product image resource (English)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=764517BC480F338E700861868311CE92
4003.67 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:05:34		6084
C:\Program Files (x86)\Avira\Antivirus\CommonTextRc.dll
Script: Quarantine, Delete, Delete via BC		8847360Avira Antivirus common text resource (base)Copyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=159FCD0337D357EDDBC8C7E4DF6A62AD
72.27 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:05:34		6084, 1900, 1552
C:\Program Files (x86)\Avira\Antivirus\firewall.dll
Script: Quarantine, Delete, Delete via BC		1931476992Adapter to use the Microsoft Windows FirewallCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=0FAFDF72527253FD6843CA2233F69FD1
29.06 kb, rsAh, created: 05.03.2016 13:12:57, modified: 11.10.2016 11:06:01		6084, 1900
c:\program files (x86)\avira\antivirus\gavidb.dll
Script: Quarantine, Delete, Delete via BC		1928921088Antivirus On-Access Service Gavid PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=40D490A4F0603A6BEA68EBBBF0043B60
215.62 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:01		1900
c:\program files (x86)\avira\antivirus\gpacp.dll
Script: Quarantine, Delete, Delete via BC		1929183232Avira Communication ProtocolCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=873B745A86F2C938244582F77F2A0C5D
111.48 kb, rsAh, created: 28.07.2016 12:15:55, modified: 11.10.2016 11:06:04		1900
c:\program files (x86)\avira\antivirus\gpavgio.dll
Script: Quarantine, Delete, Delete via BC		1915355136Antivirus On-Access Service AVGIO PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=08E6BEA6C27A83D65AFFD72A89395020
438.91 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:02		1900
c:\program files (x86)\avira\antivirus\gpgen.dll
Script: Quarantine, Delete, Delete via BC		1944977408Antivirus On-Access Service General PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=0C146D52E1ADE88B4E7A3328918FCF27
231.73 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:02		1900, 1552
c:\program files (x86)\avira\antivirus\gpgenrep.dll
Script: Quarantine, Delete, Delete via BC		1929773056Antivirus On-Access Service Generic Repair PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=248ABF3DCA63FE479FF24DF77F9A3E2A
62.73 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:02		1900
c:\program files (x86)\avira\antivirus\gpgrd.dll
Script: Quarantine, Delete, Delete via BC		1930166272Antivirus On-Access Service Guard PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=89538AA317CF3E0AE61224246922AED6
113.55 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:02		1900
c:\program files (x86)\avira\antivirus\gpgui.dll
Script: Quarantine, Delete, Delete via BC		1930035200Antivirus On-Access Service Gui PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=9010EA1C3FCAD458C17F62951185B7C9
82.37 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:03		1900
c:\program files (x86)\avira\antivirus\gpipc.dll
Script: Quarantine, Delete, Delete via BC		1945239552Antivirus On-Access Service Ipc PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=D329842DD4B39C80BCAF9B0A03D79F47
261.85 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:03		1900, 1552
c:\program files (x86)\avira\antivirus\gplegacy.dll
Script: Quarantine, Delete, Delete via BC		1929904128Antivirus On-Access Service Legacy PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=697CA1B45D2BA347C2BA2A4108FF15D7
42.59 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:03		1900
c:\program files (x86)\avira\antivirus\gpscan.dll
Script: Quarantine, Delete, Delete via BC		1914568704Scan plugin for scan clientsCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=054011E5C90290FB3071FB9AE78CBBE7
405.22 kb, rsAh, created: 28.07.2016 12:15:55, modified: 11.10.2016 11:06:04		1900
c:\program files (x86)\avira\antivirus\gpschd.dll
Script: Quarantine, Delete, Delete via BC		1944518656Scheduler Plug-In DllCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=DB74A7F28BCF5823E4DD6E11DF8DACAC
395.65 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:04		1552
C:\Program Files (x86)\Avira\Antivirus\grdcore.dll
Script: Quarantine, Delete, Delete via BC		1945894912Antivirus Host Framework Core LibraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=206B89565A7216DEA233EAC19B0EAAF2
615.41 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:05		1900, 1552
C:\Program Files (x86)\Avira\Antivirus\guardmsg.dll
Script: Quarantine, Delete, Delete via BC		81723392Antivirus On-Access Service ResourcesCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=B6D5D40894E29278D845BAD182A5C853
52.63 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:06:05		1900
C:\Program Files (x86)\Avira\Antivirus\libapr-1.dll
Script: Quarantine, Delete, Delete via BC		1907032064Apache Portable Runtime LibraryCopyright (c) 2000-2014 The Apache Software Foundation or its licensors, as applicable.MD5=5FC9113BC55F676D0D2B3A857A03C540
153.93 kb, rsAh, created: 05.03.2016 13:12:58, modified: 17.03.2016 11:26:38		1900
C:\Program Files (x86)\Avira\Antivirus\libapriconv-1.dll
Script: Quarantine, Delete, Delete via BC		1908473856Apache Portable Runtime LibraryCopyright 2000-2005 The Apache Software Foundation or its licensors, as applicable.MD5=EB207C17B82F6CA49042D563965FD54D
33.70 kb, rsAh, created: 05.03.2016 13:12:58, modified: 17.03.2016 11:26:39		1900
C:\Program Files (x86)\Avira\Antivirus\libaprutil-1.dll
Script: Quarantine, Delete, Delete via BC		1908539392Apache Portable Runtime Utility LibraryCopyright (c) 2013 The Apache Software Foundation or its licensors, as applicable.MD5=6720EC6A81F6A2B1323A890F5ADBB34F
204.69 kb, rsAh, created: 05.03.2016 13:12:58, modified: 17.03.2016 11:26:39		1900
C:\Program Files (x86)\Avira\Antivirus\libcurl.dll
Script: Quarantine, Delete, Delete via BC		1906704384libcurl Shared Library© 1996 - 2016 Daniel Stenberg, .MD5=B0B50148EB2FD4517F18E9ECD2F75F65
300.76 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:05:33		1900
C:\Program Files (x86)\Avira\Antivirus\LIBEAY32.dll
Script: Quarantine, Delete, Delete via BC		1907228672OpenSSL Shared LibraryCopyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.MD5=6F7511B8BB3E451CE25573029B7D3BA4
1192.96 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:05:33		1900
C:\Program Files (x86)\Avira\Antivirus\msgclient.dll
Script: Quarantine, Delete, Delete via BC		1912930304Client for the message communication used by slideupsCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=6AF82D943CB8F1288489909DC71156E3
135.17 kb, rsAh, created: 05.03.2016 13:12:58, modified: 11.10.2016 11:05:33		1900
c:\program files (x86)\avira\antivirus\onlcfg.dll
Script: Quarantine, Delete, Delete via BC		1929707520Antivirus On-Access Service Online configuration PluginCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=04DE813787E34997D659BCB2AB1B091B
44.11 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:06:07		1900
C:\Program Files (x86)\Avira\Antivirus\ProductUtilities.dll
Script: Quarantine, Delete, Delete via BC		1948516352product utility libraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=FBC871708DA7981C2ED25866E1602CEC
1555.45 kb, rsAh, created: 05.03.2016 13:12:55, modified: 11.10.2016 11:05:33		6084, 1900, 1552
C:\Program Files (x86)\Avira\Antivirus\Repair.dll
Script: Quarantine, Delete, Delete via BC		1913847808avira intelligent repair systemCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=A760D29E4356AA2A52D81A62674F28F0
672.29 kb, rsAh, created: 05.03.2016 13:12:55, modified: 11.10.2016 11:05:43		1900
C:\Program Files (x86)\Avira\Antivirus\sqlite3.dll
Script: Quarantine, Delete, Delete via BC		1942814720SQLite 3 Database LibraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=77131948EB67CB37933E8E231E209490
448.98 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:06:09		6084, 1900, 1552
C:\Program Files (x86)\Avira\Antivirus\SSLEAY32.dll
Script: Quarantine, Delete, Delete via BC		1906376704OpenSSL Shared LibraryCopyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.MD5=BA957F1A18AB77E02D5B72DD274F4414
276.59 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:05:34		1900
C:\Program Files (x86)\Avira\Antivirus\SystemUtilities.dll
Script: Quarantine, Delete, Delete via BC		1947664384system utility libraryCopyright © 2016 Avira Operations GmbH & Co. KG and its LicensorsMD5=FE7861B0DD4277558E03EFD2069943F2
803.04 kb, rsAh, created: 05.03.2016 13:12:55, modified: 11.10.2016 11:05:33		6084, 1900, 1552
C:\Program Files (x86)\Dropbox\Update\1.3.35.3\goopdate.dll
Script: Quarantine, Delete, Delete via BC		1644429312Dropbox UpdateCopyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)MD5=A7A707800C186918AE0FB2FC566EE346
1102.29 kb, rsAh, created: 09.03.2016 21:49:13, modified: 09.03.2016 21:49:12		6156, 5700
C:\Program Files (x86)\Dropbox\Update\1.3.35.3\psmachine.dll
Script: Quarantine, Delete, Delete via BC		1644167168Dropbox UpdateCopyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)MD5=0EDB6C81E8528770D3ECA9C91839AD1E
213.79 kb, rsAh, created: 09.03.2016 21:49:21, modified: 09.03.2016 21:49:12		6156, 5700
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\chrome.dll
Script: Quarantine, Delete, Delete via BC		1745354752Google ChromeCopyright 2016 Google Inc. All rights reserved.MD5=3DCB4679E8433975B54DC0F24E881CEE
37396.10 kb, rsAh, created: 04.10.2016 09:23:37, modified: 25.09.2016 05:47:10		6336
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\chrome_child.dll
Script: Quarantine, Delete, Delete via BC		1687027712Google ChromeCopyright 2016 Google Inc. All rights reserved.MD5=BC92A0EBFBA100D2A85A239D50587BDD
46857.10 kb, rsAh, created: 04.10.2016 09:23:38, modified: 25.09.2016 05:47:12		6004, 7024
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\chrome_elf.dll
Script: Quarantine, Delete, Delete via BC		1911422976Google ChromeCopyright 2016 Google Inc. All rights reserved.MD5=4DC38AA583967DE2B7D5CA3D5DD76D88
278.60 kb, rsAh, created: 04.10.2016 09:23:40, modified: 25.09.2016 05:47:13		6336, 2508, 6004, 7024
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libegl.dll
Script: Quarantine, Delete, Delete via BC		1663041536ANGLE libEGL Dynamic Link LibraryCopyright (C) 2015 Google Inc.MD5=66C8858DF6B1749B2CED25187E9CDD47
91.10 kb, rsAh, created: 04.10.2016 09:23:41, modified: 25.09.2016 05:47:16		6004
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\libglesv2.dll
Script: Quarantine, Delete, Delete via BC		1665073152ANGLE libGLESv2 Dynamic Link LibraryCopyright (C) 2015 Google Inc.MD5=BE0608D54991AD3FEC5D2743D1809EA7
1763.10 kb, rsAh, created: 04.10.2016 09:23:41, modified: 25.09.2016 05:47:17		6004
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\5c45a768da1f33b05ccbf6353fdaf8dd\System.ComponentModel.Composition.ni.dll
Script: Quarantine, Delete, Delete via BC		1789067264System.ComponentModel.Composition.dll© Microsoft Corporation. All rights reserved.MD5=D6E6DFB003BCB2CCA0C3B85DE2C0A98F
1052.00 kb, rsAh, created: 22.09.2016 21:25:12, modified: 22.09.2016 21:25:12		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\343f16d982bf383bfbef9ebc1a48b87b\System.Configuration.ni.dll
Script: Quarantine, Delete, Delete via BC		1816133632System.Configuration.dll© Microsoft Corporation. All rights reserved.MD5=ED22A2463C98B1D59695A684CF9D5A98
949.50 kb, rsAh, created: 22.09.2016 14:45:38, modified: 22.09.2016 14:45:38		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\dff5d8fe170c77795ef6d46ebe855d49\System.Core.ni.dll
Script: Quarantine, Delete, Delete via BC		1830092800.NET Framework© Microsoft Corporation. All rights reserved.MD5=C30DC217764AFDEC36FC861D2323DE45
7232.00 kb, rsAh, created: 22.09.2016 14:45:35, modified: 22.09.2016 14:45:35		6024, 3664
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\be7e8c711c2ca41894ead5f57a27e519\System.Data.Linq.ni.dll
Script: Quarantine, Delete, Delete via BC		1785462784System.Data.Linq.dll© Microsoft Corporation. All rights reserved.MD5=C7FAA93D98BBB8A15FACB8D455471D14
2471.50 kb, rsAh, created: 22.09.2016 21:25:38, modified: 22.09.2016 21:25:38		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\f6df277b21783daa55d0ef458982fe8b\System.Data.ni.dll
Script: Quarantine, Delete, Delete via BC		1796407296.NET Framework© Microsoft Corporation. All rights reserved.MD5=9D9F927BBA363E9FE253BC80F3068BD2
7645.50 kb, rsAh, created: 22.09.2016 21:25:34, modified: 22.09.2016 21:25:34		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\bc4fcaa67d657ac74e54c5a77d713671\System.Drawing.ni.dll
Script: Quarantine, Delete, Delete via BC		1874526208.NET Framework© Microsoft Corporation. All rights reserved.MD5=0867D864CD843AD69A494B5A211A058A
1582.50 kb, rsAh, created: 02.08.2016 18:57:25, modified: 02.08.2016 18:57:25		6024, 3664
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a9dfe23bb8c0e77cad41f8536bebc6c7\System.Runtime.Serialization.ni.dll
Script: Quarantine, Delete, Delete via BC		1790181376System.Runtime.Serialization.dll© Microsoft Corporation. All rights reserved.MD5=F58BE1D4CB6C4A2028FB7ED43F0DA56F
2708.50 kb, rsAh, created: 02.08.2016 18:57:38, modified: 02.08.2016 18:57:38		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\74442a8247a63ffe4dba43938f81662e\System.ServiceProcess.ni.dll
Script: Quarantine, Delete, Delete via BC		1910964224.NET Framework© Microsoft Corporation. All rights reserved.MD5=683FC44336D97F6C8DCF109A962AE102
211.50 kb, rsAh, created: 03.08.2016 12:54:05, modified: 03.08.2016 12:54:05		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcd0a9de03d2082d020bd0de2a2d761d\System.Transactions.ni.dll
Script: Quarantine, Delete, Delete via BC		1788346368.NET Framework© Microsoft Corporation. All rights reserved.MD5=7D4E9BF39795CA4CCC4245CE1F115D08
658.50 kb, rsAh, created: 03.08.2016 12:53:51, modified: 03.08.2016 12:53:51		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\98345f39f1a9850c28fdb8c482418856\System.Windows.Forms.ni.dll
Script: Quarantine, Delete, Delete via BC		1817116672.NET Framework© Microsoft Corporation. All rights reserved.MD5=3EF8FCF30785DEE8AAFE02467340EBDC
12631.00 kb, rsAh, created: 22.09.2016 21:25:24, modified: 22.09.2016 21:25:24		6024, 3664
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2ff599eb701079c1d41dbf7c234cd90b\System.Xml.Linq.ni.dll
Script: Quarantine, Delete, Delete via BC		1874067456.NET Framework© Microsoft Corporation. All rights reserved.MD5=A481DB043B491689E19252D9B713CC22
382.00 kb, rsAh, created: 22.09.2016 21:51:32, modified: 22.09.2016 21:51:32		6024
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a1c57b2825eee83083e57a8e2eb91b48\System.Xml.ni.dll
Script: Quarantine, Delete, Delete via BC		1808728064.NET Framework© Microsoft Corporation. All rights reserved.MD5=ABEAAB09EA688CD4818E3479352EAFAE
7205.50 kb, rsAh, created: 02.08.2016 18:56:29, modified: 02.08.2016 18:56:29		6024, 3664
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\67522f98cbf06a7151f8f7f4c3ec0385\System.ni.dll
Script: Quarantine, Delete, Delete via BC		1837563904.NET Framework© Microsoft Corporation. All rights reserved.MD5=3F17CBB6B03A1310B8ED9EB89B4CD7C0
9712.00 kb, rsAh, created: 02.08.2016 18:56:23, modified: 02.08.2016 18:56:23		6024, 3664
Modules found:285, recognized as trusted 201

Kernel Space Modules Viewer

ModuleBase addressSize in memoryDescriptionManufacturer
C:\WINDOWS\System32\Drivers\dump_diskdump.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		9A9A000000F000 (61440)
C:\WINDOWS\System32\Drivers\dump_dumpfve.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		99B1000001A000 (106496)
C:\WINDOWS\System32\Drivers\dump_storahci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		99AC0000025000 (151552)
C:\WINDOWS\system32\DRIVERS\usbfilter.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		9979000000D000 (53248)AMD USB Filter DriverCopyright © 2009 AMD, Inc.
Modules found - 169, recognized as trusted - 165

Services

ServiceDescriptionStatusFileGroupDependencies
AdobeARMservice
Service: Stop, Delete, Disable, Delete via BC		Adobe Acrobat Update ServiceRunningC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
80.20 kb, rsAh, created: 16.09.2016 20:24:06, modified: 16.09.2016 20:24:06
Script: Quarantine, Delete, Delete via BC		  
AMD FUEL Service
Service: Stop, Delete, Disable, Delete via BC		AMD FUEL ServiceRunningC:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
336.00 kb, rsAh, created: 06.08.2015 22:38:58, modified: 06.08.2015 22:38:58
Script: Quarantine, Delete, Delete via BC		 RpcSs
AntiVirSchedulerService
Service: Stop, Delete, Disable, Delete via BC		Avira PlanificateurRunningC:\Program Files (x86)\Avira\Antivirus\sched.exe
464.09 kb, rsAh, created: 05.03.2016 13:12:59, modified: 11.10.2016 11:06:07
Script: Quarantine, Delete, Delete via BC		NetworkProvider 
AntiVirService
Service: Stop, Delete, Disable, Delete via BC		Avira Protection temps réelRunningC:\Program Files (x86)\Avira\Antivirus\avguard.exe
464.09 kb, rsAh, created: 05.03.2016 13:12:54, modified: 11.10.2016 11:05:38
Script: Quarantine, Delete, Delete via BC		  
DbxSvc
Service: Stop, Delete, Disable, Delete via BC		DbxSvcRunningC:\WINDOWS\system32\DbxSvc.exe
41.79 kb, rsAh, created: 06.10.2016 23:06:30, modified: 06.10.2016 23:06:30
Script: Quarantine, Delete, Delete via BC		  
GamesAppIntegrationService
Service: Stop, Delete, Disable, Delete via BC		GamesAppIntegrationServiceRunningC:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
341.53 kb, rsAh, created: 14.08.2015 00:33:26, modified: 14.08.2015 00:33:26
Script: Quarantine, Delete, Delete via BC		 RPCSS
HPSupportSolutionsFrameworkService
Service: Stop, Delete, Disable, Delete via BC		HP Support Solutions Framework ServiceRunningC:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
29.03 kb, rsAh, created: 20.12.2015 20:05:18, modified: 15.08.2016 03:56:34
Script: Quarantine, Delete, Delete via BC		  
AdobeFlashPlayerUpdateSvc
Service: Stop, Delete, Disable, Delete via BC		Adobe Flash Player Update ServiceNot startedC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
263.69 kb, rsAh, created: 22.02.2014 22:10:55, modified: 11.10.2016 09:48:56
Script: Quarantine, Delete, Delete via BC		  
AntiVirMailService
Service: Stop, Delete, Disable, Delete via BC		Avira Protection e-mailNot startedC:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
1060.59 kb, rsAh, created: 05.03.2016 13:12:54, modified: 11.10.2016 11:05:40
Script: Quarantine, Delete, Delete via BC		 AntiVirService
AntiVirWebService
Service: Stop, Delete, Disable, Delete via BC		Avira Protection WebNot startedC:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
1454.34 kb, rsAh, created: 05.03.2016 13:12:55, modified: 11.10.2016 11:05:47
Script: Quarantine, Delete, Delete via BC		 AntiVirService
Avira.ServiceHost
Service: Stop, Delete, Disable, Delete via BC		Avira Service HostNot startedC:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
338.80 kb, rsAh, created: 24.08.2016 16:03:06, modified: 24.08.2016 16:03:06
Script: Quarantine, Delete, Delete via BC		 Winmgmt
GamesAppService
Service: Stop, Delete, Disable, Delete via BC		GamesAppServiceNot startedC:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
205.03 kb, rsAh, created: 14.08.2015 00:33:30, modified: 14.08.2015 00:33:30
Script: Quarantine, Delete, Delete via BC		 RPCSS
gupdate
Service: Stop, Delete, Disable, Delete via BC		Service Google Update (gupdate)Not startedC:\Program Files (x86)\Google\Update\GoogleUpdate.exe
150.82 kb, rsAh, created: 02.04.2016 15:56:09, modified: 02.04.2016 15:56:03
Script: Quarantine, Delete, Delete via BC		 RPCSS
gupdatem
Service: Stop, Delete, Disable, Delete via BC		Service Google Update (gupdatem)Not startedC:\Program Files (x86)\Google\Update\GoogleUpdate.exe
150.82 kb, rsAh, created: 02.04.2016 15:56:09, modified: 02.04.2016 15:56:03
Script: Quarantine, Delete, Delete via BC		 RPCSS
LBTServ
Service: Stop, Delete, Disable, Delete via BC		Logitech Bluetooth ServiceNot startedC:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
348.45 kb, rsAh, created: 02.07.2015 22:21:26, modified: 02.07.2015 22:21:26
Script: Quarantine, Delete, Delete via BC		PlugPlayPlugPlay
MozillaMaintenance
Service: Stop, Delete, Disable, Delete via BC		Mozilla Maintenance ServiceNot startedC:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
168.45 kb, rsAh, created: 02.04.2016 15:47:23, modified: 24.09.2016 07:21:53
Script: Quarantine, Delete, Delete via BC		  
Detected - 240, recognized as trusted - 224

Drivers

ServiceDescriptionStatusFileGroupDependencies
usbfilter
Driver: Unload, Delete, Disable, Delete via BC		AMD USB Filter DriverRunningC:\WINDOWS\system32\DRIVERS\usbfilter.sys
35.55 kb, rsAh, created: 22.02.2014 14:55:22, modified: 09.03.2009 07:49:08
Script: Quarantine, Delete, Delete via BC		PNP Filter 
catchme
Driver: Unload, Delete, Disable, Delete via BC		catchmeNot startedC:\Users\Anne\AppData\Local\Temp\catchmesmca.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		Base 
dbx
Driver: Unload, Delete, Disable, Delete via BC		dbxNot startedC:\WINDOWS\system32\DRIVERS\dbx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		FSFilter HSMFltMgr
fssfltr
Driver: Unload, Delete, Disable, Delete via BC		fssfltrNot startedC:\WINDOWS\system32\DRIVERS\fssfltr.sys
56.69 kb, rsAh, created: 23.02.2014 20:48:59, modified: 10.01.2014 13:56:32
Script: Quarantine, Delete, Delete via BC		NDIStcpip
wfpcapture
Driver: Unload, Delete, Disable, Delete via BC		Microsoft WFP Message CaptureNot startedC:\WINDOWS\System32\drivers\wfpcapture.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		NDIS 
Detected - 321, recognized as trusted - 316

Autoruns

File nameStatusStartup methodDescription
C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe
749.20 kb, rsAh, created: 06.08.2015 23:10:08, modified: 06.08.2015 23:10:08
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, StartCCC
Delete
C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe
58.73 kb, rsAh, created: 24.08.2016 16:01:06, modified: 24.08.2016 16:01:06
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Avira SystrayStartTrigger
Delete
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
896.08 kb, rsAh, created: 05.03.2016 13:12:53, modified: 11.10.2016 11:05:38
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, avgnt
Delete
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
24651.41 kb, rsAh, created: 07.10.2016 12:03:31, modified: 06.10.2016 23:06:04
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Dropbox
Delete
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
584.52 kb, rsAh, created: 22.06.2016 02:33:14, modified: 22.06.2016 02:33:14
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateSched
Delete
C:\Program Files\CCleaner\CCleaner64.exe
8703.21 kb, rsAh, created: 26.08.2016 21:23:10, modified: 26.08.2016 21:23:10
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, CCleaner Monitoring
Delete
C:\WINDOWS\System32\win32k.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Kmode
C:\WINDOWS\system32\psxss.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
C:\WINDOWS\System32\AJRouter.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AJRouter\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\appidsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\appinfo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\AppReadiness.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppReadiness\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\appxdeploymentserver.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppXSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\AudioEndpointBuilder.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\Audiosrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\AxInstSV.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\bdesvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\bfe.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\qmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\bisrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\browser.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\BthHFSrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BthHFSrv\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\bthserv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\CDPSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CDPSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\certprop.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ClipSVC.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ClipSVC\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\cryptsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\rpcss.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\dcpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcpSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\defragsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\das.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceAssociationService\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\umpnpmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceInstall\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\DevQueryBroker.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DevQueryBroker\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\diagtrack.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\dmwappushsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dmwappushservice\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\dnsrslvr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\dot3svc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\dps.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\DeviceSetupManager.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsmSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\DsSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\eapsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eaphost\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\efssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EFS\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\embeddedmodesvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\embeddedmode\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EntAppSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\fdPHost.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\fdrespub.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\fhsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fhsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\FntCache.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\gpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\ListSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\tetheringservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\icssvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ikeext.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\iphlpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\msdtckrm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\srvsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wkssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\LicenseManagerSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LicenseManager\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\lltdsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\lmhsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\lsm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LSM\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\moshost.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MapsBroker\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\mpssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\iscsiexe.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ncasvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcaSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ncbservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcbService\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\NcdAutoSetup.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcdAutoSetup\Parameters, ServiceDll
Delete
C:\Windows\system32\HPZinw12.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Net Driver HPZ12\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\netman.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\netprofmsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\netprofm\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\NetSetupSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NetSetupSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\NgcCtnrSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\ngcsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\nlasvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\nsisvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\APHostService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\OneSyncSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\pnrpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\p2psvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\pcasvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\PimIndexMaintenance.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\umpnpmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll
Delete
C:\Windows\system32\HPZipm12.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\pnrpauto.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\pnrpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ipsecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\umpo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\profsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\rasauto.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\rasmans.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\regsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\RDXService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RetailDemo\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\RpcEpMap.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\rpcss.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\SCardSvr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ScDeviceEnum.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ScDeviceEnum\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\schedsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\certprop.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\SDRSVC.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\seclogon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\sens.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SENS\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\SensorService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensorService\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\sensrsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ipnathlp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\SmsRouterSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SmsRouter\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ssdpsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\sstpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wiaservc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\storsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\StorSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\svsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\svsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\swprv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\sysmain.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\SystemEventsBrokerServer.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SystemEventsBroker\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\TabSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\termsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\themeservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\tileobjserver.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\tiledatamodelsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\TimeBrokerServer.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TimeBroker\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\trkwks.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\umrdp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UmRdpService\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\userdataservice.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserDataSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\usermgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserManager\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\usocore.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UsoSvc\Parameters, ServiceDll
Delete
C:\Windows\System32\vaultsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\VaultSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicguestinterface\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicheartbeat\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmickvpexchange\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicrdv\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicshutdown\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmictimesync\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvmsession\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\ICSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvss\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\WalletService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WalletService\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wbiosrvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wcmsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wcmsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wcncsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wcncsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\wephostsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wercplsupport.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\WerSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wiarpc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WiaRpc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\wbem\WMIsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wlansvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\wlidsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wlidsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\workfolderssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\workfolderssvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\wpdbusenum.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\WpnService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WpnService\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wscsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\WSService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WSService\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\wuaueng.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\WUDFSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\wwansvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\XblAuthManager.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblAuthManager\Parameters, ServiceDll
Delete
C:\WINDOWS\System32\XblGameSave.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblGameSave\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\XboxNetApiSvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\Parameters, ServiceDll
Delete
C:\WINDOWS\system32\sysmain.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library
Delete
C:\WINDOWS\System32\wersvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\WINDOWS\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile
C:\Program Files (x86)\Avira\Antivirus\avevtrc.dll
20.44 kb, rsAh, created: 05.03.2016 13:12:53, modified: 11.10.2016 11:05:37
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avira Antivirus, EventMessageFile
C:\Windows\System32\icardres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 3.0.0.0, EventMessageFile
C:\Windows\System32\icardres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\WINDOWS\system32\DbxSvc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\DbxSvc, EventMessageFile
C:\WINDOWS\system32\dwm.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\Program Files (x86)\DVD
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
Maker\DVDMaker.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dvd Maker, EventMessageFile
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\WINDOWS\System32\UI0Detect.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\WINDOWS\System32\LocationNotifications.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LocationNotifications, EventMessageFile
C:\Windows\System32\fxsevent.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-Runtime, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-State, EventMessageFile
C:\WINDOWS\System32\AxInstSv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\WINDOWS\system32\BlbEvents.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\WINDOWS\system32\defragsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
C:\WINDOWS\system32\eapsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\WINDOWS\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies, EventMessageFile
C:\WINDOWS\System32\MsSpellCheckingHost.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spellchecking-Host, EventMessageFile
C:\WINDOWS\system32\SrEvents.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-System-Restore, EventMessageFile
C:\WINDOWS\System32\profsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User-Loader, EventMessageFile
C:\WINDOWS\system32\WINSAT.EXE
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\WINDOWS\system32\winsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\WINDOWS\system32\wbem\WinMgmtR.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WMI, EventMessageFile
C:\WINDOWS\System32\profsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\WINDOWS\System32\wscsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\WINDOWS\system32\sppsvc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\WINDOWS\system32\srcore.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
C:\WINDOWS\System32\VSSVC.EXE
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
C:\WINDOWS\System32\wersvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
C:\WINDOWS\system32\Wat\WatUX.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Activation Technologies, EventMessageFile
C:\WINDOWS\system32\sdengin2.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile
C:\WINDOWS\system32\wsepno.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
C:\WINDOWS\System32\wininit.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit, EventMessageFile
C:\WINDOWS\System32\winlogon.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\WINDOWS\System32\winlogon.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\WINDOWS\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\WINDOWS\system32\sppsvc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service, DisplayNameFile
C:\WINDOWS\system32\sppsvc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\WINDOWS\ehome\ehepgres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehExtHost, EventMessageFile
C:\WINDOWS\ehome\ehRecvr.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehRecvr, EventMessageFile
C:\WINDOWS\ehome\ehSched.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehSched, EventMessageFile
C:\WINDOWS\ehome\ehepgres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\ehshell, EventMessageFile
C:\WINDOWS\ehome\ehepgres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\mcstore, EventMessageFile
C:\WINDOWS\ehome\ehepgres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\MCUpdate, EventMessageFile
C:\WINDOWS\ehome\ehepgres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Media Center\Recording, EventMessageFile
C:\WINDOWS\System32\wevtsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\WINDOWS\System32\VSSVC.EXE
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\WINDOWS\System32\Drivers\acpi.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\WINDOWS\System32\drivers\a38usb.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACSSCR, EventMessageFile
C:\WINDOWS\System32\aelupsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AeLookupSvc, EventMessageFile
C:\WINDOWS\System32\drivers\agp440.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\agp440, EventMessageFile
C:\WINDOWS\System32\drivers\amdk8.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\WINDOWS\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile
C:\WINDOWS\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap, EventMessageFile
C:\WINDOWS\System32\drivers\amdppm.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\WINDOWS\system32\winsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup, EventMessageFile
C:\WINDOWS\system32\AppReadiness.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AppReadiness, EventMessageFile
C:\WINDOWS\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\atikmdag, EventMessageFile
C:\WINDOWS\System32\drivers\avgntflt.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\avgntflt, EventMessageFile
C:\WINDOWS\System32\drivers\avipbb.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\avipbb, EventMessageFile
C:\WINDOWS\System32\drivers\avkmgr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\avkmgr, EventMessageFile
C:\WINDOWS\System32\drivers\bxvbda.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\WINDOWS\System32\drivers\b57nd60a.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b57nd60a, EventMessageFile
C:\WINDOWS\System32\Drivers\Bthport.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT, EventMessageFile
C:\WINDOWS\System32\Drivers\Bthport.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\WINDOWS\System32\Drivers\BthUsb.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\WINDOWS\System32\dhcpqec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Dhcp_QEC, EventMessageFile
C:\WINDOWS\System32\dxgwdi.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\WINDOWS\System32\drivers\evbda.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\WINDOWS\System32\drivers\fltmgr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\WINDOWS\System32\drivers\gagp30kx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\gagp30kx, EventMessageFile
C:\WINDOWS\System32\Drivers\hidbth.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\WINDOWS\System32\Drivers\hidi2c.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\hidi2c, EventMessageFile
C:\WINDOWS\System32\drivers\i8042prt.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\WINDOWS\System32\drivers\iaStorAV.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorAV, EventMessageFile
C:\WINDOWS\System32\drivers\iaStorV.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\WINDOWS\System32\drivers\ibbus.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ibbus, EventMessageFile
C:\WINDOWS\system32\drivers\iaLPSSi_GPIO.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-GPIO, EventMessageFile
C:\WINDOWS\system32\drivers\iaLPSSi_I2C.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-I2C, EventMessageFile
C:\WINDOWS\System32\drivers\intelppm.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\WINDOWS\System32\drivers\ipmidrv.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\WINDOWS\System32\drivers\isapnp.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\WINDOWS\System32\iscsilog.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\WINDOWS\System32\drivers\kbdclass.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\WINDOWS\System32\drivers\kbdhid.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\WINDOWS\System32\lsasrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\WINDOWS\system32\lsm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
C:\WINDOWS\system32\fveapi.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\WINDOWS\system32\drivers\fvevol.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\WINDOWS\system32\qmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\WINDOWS\system32\cofiredm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\WINDOWS\system32\cofiredm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\WINDOWS\system32\dhcpqec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Dhcp-Nap-Enforcement-Client, EventMessageFile
C:\WINDOWS\System32\samsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\WINDOWS\system32\dfdts.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\WINDOWS\system32\WUDFPlatform.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\WINDOWS\System32\Drivers\EhStorTcgDrv.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv, EventMessageFile
C:\WINDOWS\system32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\WINDOWS\System32\wevtsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\WINDOWS\system32\drivers\exfat.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-exFAT-SQM, EventMessageFile
C:\WINDOWS\system32\drivers\fastfat.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fat-SQM, EventMessageFile
C:\WINDOWS\system32\fthsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap, EventMessageFile
C:\WINDOWS\system32\drivers\fltmgr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\WINDOWS\system32\mpssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\WINDOWS\system32\fdphost.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\WINDOWS\system32\drivers\msgpioclx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GPIO-ClassExtension, EventMessageFile
C:\WINDOWS\system32\gpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-hal-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\WINDOWS\system32\drivers\HTTP.SYS
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\WINDOWS\system32\oobe\InstallEventRes.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-InstallUX, EventMessageFile
C:\WINDOWS\system32\ipbusenum.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IPBusEnum, EventMessageFile
C:\WINDOWS\system32\iphlpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\WINDOWS\system32\iumbase.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IsolatedUserMode, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Interrupt-Steering, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-pnp-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-power-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\System32\Drivers\VerifierExt.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-XDV, EventMessageFile
C:\WINDOWS\system32\lpksetup.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\WINDOWS\system32\MemoryDiagnostic.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Memory-Diagnostic-Task-Handler, EventMessageFile
C:\WINDOWS\System32\relpost.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\WINDOWS\System32\mdsched.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\WINDOWS\system32\drivers\mountmgr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MountMgr, EventMessageFile
C:\WINDOWS\system32\drivers\ndis.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NDIS, EventMessageFile
C:\WINDOWS\system32\drivers\NdisImPlatform.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NdisImPlatformSysEvtProvider, EventMessageFile
C:\WINDOWS\system32\drivers\bridge.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NetworkBridge, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-SQM, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-UBPM, EventMessageFile
C:\WINDOWS\system32\drivers\wof.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OverlayFilter, EventMessageFile
C:\WINDOWS\System32\sstpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-RasSstp, EventMessageFile
C:\WINDOWS\system32\recovery.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Recovery, EventMessageFile
C:\WINDOWS\system32\drivers\refsv1.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ReFS-v1, EventMessageFile
C:\WINDOWS\system32\reseteng.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResetEng, EventMessageFile
C:\WINDOWS\system32\fdrespub.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\WINDOWS\system32\certprop.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx2.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension-V2, EventMessageFile
C:\WINDOWS\system32\EventProviders\spcmsg.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Service Pack Installer, EventMessageFile
C:\WINDOWS\system32\oobe\winsetup.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\WINDOWS\system32\setupetw.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SetupPlatform, EventMessageFile
C:\WINDOWS\system32\drivers\SpbCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-ClassExtension, EventMessageFile
C:\WINDOWS\system32\drivers\hidi2c.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-HIDI2C, EventMessageFile
C:\WINDOWS\system32\csrsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\WINDOWS\system32\schedsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\WINDOWS\system32\tbssvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TBS, EventMessageFile
C:\WINDOWS\system32\lsm.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\WINDOWS\system32\termsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\WINDOWS\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\WINDOWS\system32\drivers\usbxhci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-USBXHCI, EventMessageFile
C:\WINDOWS\system32\umpo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserModePowerService, EventMessageFile
C:\WINDOWS\system32\umpnpmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\WINDOWS\system32\whealogr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WHEA-Logger, EventMessageFile
C:\WINDOWS\System32\pwlauncher.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsToGo-StartupOptions, EventMessageFile
C:\WINDOWS\system32\wuaueng.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\WINDOWS\system32\wininit.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit, EventMessageFile
C:\WINDOWS\system32\winlogon.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\WINDOWS\system32\wlansvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\WINDOWS\System32\drivers\mlx4_bus.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mlx4_bus, EventMessageFile
C:\WINDOWS\System32\drivers\mouclass.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\WINDOWS\System32\drivers\mouhid.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\WINDOWS\System32\drivers\mpio.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mpio, EventMessageFile
C:\WINDOWS\System32\Drivers\umdf\HidBthLE.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mshidumdf, EventMessageFile
C:\WINDOWS\System32\iscsiexe.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\WINDOWS\System32\drivers\MTConfig.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\WINDOWS\System32\Drivers\netw5v64.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\netw5v64, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\WINDOWS\System32\drivers\nvstor.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\WINDOWS\System32\drivers\nv_agp.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nv_agp, EventMessageFile
C:\WINDOWS\System32\drivers\parport.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\WINDOWS\System32\Drivers\Pcmcia.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\WINDOWS\System32\umpnpmgr.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\PlugPlayManager, EventMessageFile
C:\WINDOWS\System32\umpo.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\WINDOWS\System32\drivers\processr.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\WINDOWS\system32\sstpsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
C:\WINDOWS\system32\RDXService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RetailDemo, EventMessageFile
C:\WINDOWS\System32\drivers\rt640x64.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\rt640x64, EventMessageFile
C:\WINDOWS\System32\samsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\WINDOWS\System32\drivers\sbp2port.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\WINDOWS\System32\lsasrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx2.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx2, EventMessageFile
C:\WINDOWS\System32\drivers\serial.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\WINDOWS\System32\drivers\sermouse.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\WINDOWS\system32\services.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\WINDOWS\System32\snmptrap.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\WINDOWS\system32\drivers\SpbCx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\spbcx, EventMessageFile
C:\WINDOWS\System32\wiaservc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\WINDOWS\System32\drivers\SynTP.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SynTP, EventMessageFile
C:\WINDOWS\System32\tcpmon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\WINDOWS\system32\termsrv.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
C:\WINDOWS\System32\drivers\tpm.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TPM, EventMessageFile
C:\WINDOWS\System32\drivers\tsusbflt.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TsUsbFlt, EventMessageFile
C:\WINDOWS\System32\drivers\uagp35.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\uagp35, EventMessageFile
C:\WINDOWS\System32\Drivers\uefi.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UEFI, EventMessageFile
C:\WINDOWS\System32\drivers\uliagpkx.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\uliagpkx, EventMessageFile
C:\WINDOWS\System32\umrdp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService, EventMessageFile
C:\WINDOWS\System32\Drivers\usbehci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbehci, EventMessageFile
C:\WINDOWS\System32\Drivers\usbser.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbser, EventMessageFile
C:\WINDOWS\System32\vdsbas.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider, EventMessageFile
C:\WINDOWS\System32\vdsdyn.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider, EventMessageFile
C:\WINDOWS\System32\vdsvd.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Virtual Disk Provider, EventMessageFile
C:\WINDOWS\System32\drivers\vgapnp.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vga, EventMessageFile
C:\WINDOWS\System32\vds.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
C:\WINDOWS\system32\drivers\volsnap.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\WINDOWS\System32\drivers\vpci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vpci, EventMessageFile
C:\WINDOWS\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\WINDOWS\System32\drivers\wacompen.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\WINDOWS\system32\WalletService.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WalletService, EventMessageFile
C:\WINDOWS\System32\drivers\wd.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Wd, EventMessageFile
C:\Windows\System32\drivers\Wdf01000.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\WINDOWS\System32\wecsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
C:\WINDOWS\System32\win32k.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Win32k, EventMessageFile
C:\Program Files (x86)\Windows Defender\MpEvMsg.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\WINDOWS\System32\DFDTS.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\WINDOWS\System32\wpcsvc.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WPC, EventMessageFile
C:\WINDOWS\System32\Drivers\yk62x64.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\yukonw7, EventMessageFile
C:\Program Files (x86)\TuneUp
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\TuneUp\TuneUp.UtilitiesSvc, EventMessageFile
2014\TuneUpUtilitiesService64.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\TuneUp\TuneUp.UtilitiesSvc, EventMessageFile
C:\WINDOWS\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName
Delete
C:\WINDOWS\system32\w32time.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName
Delete
C:\WINDOWS\System32\vmictimeprovider.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider, DllName
Delete
x264vfw64.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Drivers32, VIDC.X264
Delete
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1129.71 kb, rsAh, created: 16.09.2016 20:24:06, modified: 16.09.2016 20:24:06
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM, command
Delete
C:\Program Files\CCleaner\CCleaner64.exe
8703.21 kb, rsAh, created: 26.08.2016 21:23:10, modified: 26.08.2016 21:23:10
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring, command
Delete
C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dropbox Update, command
Delete
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
457.29 kb, rsAh, created: 22.02.2014 15:22:12, modified: 23.06.2009 23:34:22
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QPService, command
Delete
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
584.52 kb, rsAh, created: 22.06.2016 02:33:14, modified: 22.06.2016 02:33:14
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched, command
Delete
C:\Users\Anne\AppData\Local\Viber\Viber.exe
70885.58 kb, rsAh, created: 11.09.2016 13:02:26, modified: 10.08.2016 16:56:04
Script: Quarantine, Delete, Delete via BC		--Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Viber, command
Delete
auditcse.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{16be69fa-4209-4250-88cb-716cf41954e0}, DLLName
Delete
C:\WINDOWS\System32\TsUsbRedirectionGroupPolicyExtension.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName
Delete
WorkFoldersGPExt.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4d968b55-cac2-4ff5-983f-0a54603781a3}, DLLName
Delete
C:\WINDOWS\System32\RdpGroupPolicyExtension.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{6cfb9c5c-138e-4bb3-8a3d-d5383e910e57}, DLLName
Delete
pwlauncher.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}, DLLName
Delete
pwlauncher.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C34B2751-1CF4-44F5-9262-C3FC39666591}, DLLName
Delete
auditcse.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName
Delete
C:\Windows\System32\WUDFHost.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		ActiveRegistry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath
Delete
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
944.10 kb, rsAh, created: 13.04.2016 21:13:51, modified: 25.09.2016 05:47:08
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Users\Anne\AppData\Local\Viber\Viber.exe
70885.58 kb, rsAh, created: 11.09.2016 13:02:26, modified: 10.08.2016 16:56:04
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Viber.lnk,
C:\Users\Anne\AppData\Roaming\uTorrent\uTorrent.exe
2089.69 kb, rsAh, created: 25.02.2014 14:13:33, modified: 10.09.2016 15:45:22
Script: Quarantine, Delete, Delete via BC		ActiveShortcut in Startup folderC:\Users\Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Anne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk,
Autoruns items found - 923, recognized as trusted - 521

Internet Explorer extension modules (BHOs, Toolbars ...)

File nameTypeDescriptionManufacturerCLSID
C:\Program Files (x86)\Ipswitch\iMacros\iMacrosBHO.dll
80.33 kb, rsAh, created: 18.01.2015 18:38:33, modified: 12.01.2015 15:28:54
Script: Quarantine, Delete, Delete via BC		BHO{34D5A80A-992D-4F07-9509-66E9E133BAAF}
Delete

error getting file info		Extension module{2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
Items found - 8, recognized as trusted - 6

Windows Explorer extension modules

File nameDestinationDescriptionManufacturerCLSID

error getting file info		Contacts folder{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete

error getting file info		WebCheck{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete

error getting file info		WLMD Message Handler{0563DB41-F538-4B37-A92D-4659049B7766}
Delete

error getting file info		Catalyst Context Menu extension{5E2121EE-0300-11D4-8D3B-444553540000}
Delete
Items found - 40, recognized as trusted - 36

Printing system extensions (print monitors, providers)

File nameTypeNameDescriptionManufacturer
hpf3l101.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		Monitorhpf3l101.dll
localspl.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorLocal Port
FXSMON.DLL
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorMicrosoft Shared Fax Monitor
pdfcmon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		Monitorpdfcmon
tcpmon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorStandard TCP/IP Port
usbmon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorUSB Monitor
WSDMon.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		MonitorWSD Port
inetpp.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ProviderHTTP Print Services
win32spl.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		ProviderLanMan Print Services
Items found - 9, recognized as trusted - 0

Task Scheduler jobs

File nameJob nameJob stateDescriptionManufacturerPathCommand lineType
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
1196.19 kb, rsAh, created: 18.09.2016 06:47:09, modified: 18.09.2016 06:47:09
Script: Quarantine, Delete, Delete via BC		Adobe Flash Player PPAPI Notifier.job
Script: Delete		The task is ready to run at its next scheduled time.Adobe® Flash® Player Installer/Uninstaller 23.0 r0Copyright © 1996-2016 Adobe Systems IncorporatedC:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe -check pepperplugin32
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
263.69 kb, rsAh, created: 22.02.2014 22:10:55, modified: 11.10.2016 09:48:56
Script: Quarantine, Delete, Delete via BC		Adobe Flash Player Updater.job
Script: Delete		The task will not run at the scheduled times because it has been disabled.Adobe® Flash® Player Update Service 23.0 r0Copyright © 1996-2016 Adobe Systems IncorporatedC:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 32
C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		DropboxUpdateTaskUserS-1-5-21-3840235023-680507932-2542287754-1001Core.job
Script: Delete		The task will not run at the scheduled times because it has been disabled.C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c32
C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		DropboxUpdateTaskUserS-1-5-21-3840235023-680507932-2542287754-1001UA.job
Script: Delete		The task will not run at the scheduled times because it has been disabled.C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler32
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
150.82 kb, rsAh, created: 02.04.2016 15:56:09, modified: 02.04.2016 15:56:03
Script: Quarantine, Delete, Delete via BC		GoogleUpdateTaskMachineCore.job
Script: Delete		The task is ready to run at its next scheduled time.Programme d'installation de GoogleCopyright Google Inc. 2007-2010C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c32
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
150.82 kb, rsAh, created: 02.04.2016 15:56:09, modified: 02.04.2016 15:56:03
Script: Quarantine, Delete, Delete via BC		GoogleUpdateTaskMachineUA.job
Script: Delete		The task is ready to run at its next scheduled time.Programme d'installation de GoogleCopyright Google Inc. 2007-2010C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler32
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1129.71 kb, rsAh, created: 16.09.2016 20:24:06, modified: 16.09.2016 20:24:06
Script: Quarantine, Delete, Delete via BC		Adobe Acrobat Update Task
Script: Delete		The task is ready to run at its next scheduled time.Adobe Reader and Acrobat ManagerC:\WINDOWS\system32\Tasks\ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 64
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
1196.19 kb, rsAh, created: 18.09.2016 06:47:09, modified: 18.09.2016 06:47:09
Script: Quarantine, Delete, Delete via BC		Adobe Flash Player PPAPI Notifier
Script: Delete		The task is ready to run at its next scheduled time.Adobe® Flash® Player Installer/Uninstaller 23.0 r0Copyright © 1996-2016 Adobe Systems IncorporatedC:\WINDOWS\system32\Tasks\ C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe -check pepperplugin64
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
263.69 kb, rsAh, created: 22.02.2014 22:10:55, modified: 11.10.2016 09:48:56
Script: Quarantine, Delete, Delete via BC		Adobe Flash Player Updater
Script: Delete		The task is ready to run at its next scheduled time.Adobe® Flash® Player Update Service 23.0 r0Copyright © 1996-2016 Adobe Systems IncorporatedC:\WINDOWS\system32\Tasks\ C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 64
C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe
10141.88 kb, rsAh, created: 18.07.2016 18:19:56, modified: 18.07.2016 18:19:56
Script: Quarantine, Delete, Delete via BC		AMD Updater
Script: Delete		The task is ready to run at its next scheduled time.AMD Install ManagerCopyright (c) 2007, Advanced Micro Devices, Inc.C:\WINDOWS\system32\Tasks\ "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe" /AUTOUPDATEIN64
C:\Program Files\CCleaner\CCleaner.exe
6707.71 kb, rsAh, created: 26.08.2016 21:23:10, modified: 26.08.2016 21:23:10
Script: Quarantine, Delete, Delete via BC		CCleanerSkipUAC
Script: Delete		The task is ready to run at its next scheduled time.CCleanerCopyright © 2005-2016 Piriform LtdC:\WINDOWS\system32\Tasks\ "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)64
C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		DropboxUpdateTaskUserS-1-5-21-3840235023-680507932-2542287754-1001Core
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c64
C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		DropboxUpdateTaskUserS-1-5-21-3840235023-680507932-2542287754-1001UA
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Users\Anne\AppData\Local\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler64
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
150.82 kb, rsAh, created: 02.04.2016 15:56:09, modified: 02.04.2016 15:56:03
Script: Quarantine, Delete, Delete via BC		GoogleUpdateTaskMachineCore
Script: Delete		The task is ready to run at its next scheduled time.Programme d'installation de GoogleCopyright Google Inc. 2007-2010C:\WINDOWS\system32\Tasks\ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c64
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
150.82 kb, rsAh, created: 02.04.2016 15:56:09, modified: 02.04.2016 15:56:03
Script: Quarantine, Delete, Delete via BC		GoogleUpdateTaskMachineUA
Script: Delete		The task is ready to run at its next scheduled time.Programme d'installation de GoogleCopyright Google Inc. 2007-2010C:\WINDOWS\system32\Tasks\ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler64
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
194.84 kb, rsAh, created: 13.03.2016 13:05:11, modified: 18.08.2016 13:48:56
Script: Quarantine, Delete, Delete via BC		HP Active Health Scan (HPSA)
Script: Delete		The task is ready to run at its next scheduled time.HP Active HealthCopyright © HP Development Company L.P. 2013-2016C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Active Health\ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe -task -source HPSA64
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
1124.53 kb, rsAh, created: 28.09.2015 10:34:04, modified: 23.08.2016 08:26:50
Script: Quarantine, Delete, Delete via BC		PC Health Analysis
Script: Delete		The task is ready to run at its next scheduled time.HP Support Assistant© Copyright 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis64
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
1124.53 kb, rsAh, created: 28.09.2015 10:34:04, modified: 23.08.2016 08:26:50
Script: Quarantine, Delete, Delete via BC		PC Tuneup
Script: Delete		The task is ready to run at its next scheduled time.HP Support Assistant© Copyright 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L TuneupTimer64
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
1124.53 kb, rsAh, created: 28.09.2015 10:34:04, modified: 23.08.2016 08:26:50
Script: Quarantine, Delete, Delete via BC		HP Support Assistant Quick Start
Script: Delete		The task is ready to run at its next scheduled time.HP Support Assistant© Copyright 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Support Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /taskrestart64
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
104.56 kb, rsAh, created: 20.12.2015 20:04:04, modified: 09.05.2016 07:45:24
Script: Quarantine, Delete, Delete via BC		HP Support Solutions Framework Report
Script: Delete		The task is ready to run at its next scheduled time.HPSFReport© Copyright 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Support Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send64
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
608.88 kb, rsAh, created: 15.05.2016 11:25:29, modified: 03.08.2016 01:16:20
Script: Quarantine, Delete, Delete via BC		HP Support Solutions Framework Updater
Script: Delete		The task is ready to run at its next scheduled time.HPSSFUpdater© Copyright 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Support Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /u64
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
608.88 kb, rsAh, created: 15.05.2016 11:25:29, modified: 03.08.2016 01:16:20
Script: Quarantine, Delete, Delete via BC		HP Support Solutions Framework Updater - Resources
Script: Delete		The task is ready to run at its next scheduled time.HPSSFUpdater© Copyright 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Support Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /r /m64
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
1124.53 kb, rsAh, created: 28.09.2015 10:34:04, modified: 23.08.2016 08:26:50
Script: Quarantine, Delete, Delete via BC		PC Health Analysis
Script: Delete		The task is ready to run at its next scheduled time.HP Support Assistant© Copyright 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Support Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis64
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
1046.35 kb, rsAh, created: 13.03.2016 13:03:20, modified: 05.09.2016 03:43:08
Script: Quarantine, Delete, Delete via BC		WarrantyChecker
Script: Delete		The task is ready to run at its next scheduled time.HPWarrantyCheckerCopyright © 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Support Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe 64
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
1046.35 kb, rsAh, created: 13.03.2016 13:03:20, modified: 05.09.2016 03:43:08
Script: Quarantine, Delete, Delete via BC		WarrantyChecker_DeviceScan
Script: Delete		The task is ready to run at its next scheduled time.HPWarrantyCheckerCopyright © 2016 HP Development Company, L.P.C:\WINDOWS\system32\Tasks\Hewlett-Packard\HP Support Assistant\ C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR664
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		ActivateWindowsSearch
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		ConfigureInternetTimeService
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		DispatchRecoveryTasks
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		ehDRMInit
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /DRMInit64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		InstallPlayReady
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)64
C:\WINDOWS\ehome\mcupdate
error getting file info
Script: Quarantine, Delete, Delete via BC		mcupdate
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate $(Arg0)64
C:\WINDOWS\ehome\mcupdate
error getting file info
Script: Quarantine, Delete, Delete via BC		mcupdate_scheduled
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate -crl -hms -pscn 1564
C:\WINDOWS\ehome\mcupdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		MediaCenterRecoveryTask
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask64
C:\WINDOWS\ehome\mcupdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		ObjectStoreRecoveryTask
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		OCURActivate
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		OCURDiscovery
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		PBDADiscovery
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		PBDADiscoveryW1
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		PBDADiscoveryW2
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery64
C:\WINDOWS\ehome\MCUpdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		PeriodicScanRetry
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %windir%\ehome\MCUpdate.exe -pscn 064
C:\WINDOWS\ehome\mcupdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		PvrRecoveryTask
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask64
C:\WINDOWS\ehome\mcupdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		PvrScheduleTask
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate.exe -PvrSchedule64
C:\WINDOWS\ehome\ehrec
error getting file info
Script: Quarantine, Delete, Delete via BC		RecordingRestart
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehrec /RestartRecording64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		RegisterSearch
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		ReindexSearchRoot
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot64
C:\WINDOWS\ehome\mcupdate.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		SqlLiteRecoveryTask
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask64
C:\WINDOWS\ehome\ehPrivJob.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		UpdateRecordPath
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\Microsoft\Windows\Media Center\ %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)64
C:\WINDOWS\system32\MRT.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		MRT_HB
Script: Delete		The task is ready to run at its next scheduled time.Outil de suppression de logiciels malveillants Microsoft Windows© Microsoft Corporation. Tous droits réservés.C:\WINDOWS\system32\Tasks\Microsoft\Windows\RemovalTools\ C:\WINDOWS\system32\MRT.exe /EHB /Q64
C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe
24.00 kb, rsAh, created: 12.09.2016 09:58:58, modified: 12.09.2016 09:58:58
Script: Quarantine, Delete, Delete via BC		UpdateAssistant
Script: Delete		The task is ready to run at its next scheduled time.UpdateAssistant© Microsoft Corporation. All rights reserved.C:\WINDOWS\system32\Tasks\Microsoft\Windows\UpdateOrchestrator\ %windir%\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:Hadron4:{}64
C:\Program Files (x86)\Opera\launcher.exe
875.27 kb, rsAh, created: 13.04.2016 21:16:51, modified: 03.10.2016 11:53:58
Script: Quarantine, Delete, Delete via BC		Opera scheduled Autoupdate 1393093682
Script: Delete		The task is ready to run at its next scheduled time.Opera Internet BrowserCopyright Opera Software 2016C:\WINDOWS\system32\Tasks\ C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)64
C:\Program Files (x86)\Opera\launcher.exe
875.27 kb, rsAh, created: 13.04.2016 21:16:51, modified: 03.10.2016 11:53:58
Script: Quarantine, Delete, Delete via BC		Opera scheduled Autoupdate 1460574992
Script: Delete		The task is ready to run at its next scheduled time.Opera Internet BrowserCopyright Opera Software 2016C:\WINDOWS\system32\Tasks\ C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate $(Arg0)64
C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
65.25 kb, rsAh, created: 11.03.2015 04:21:17, modified: 12.03.2015 01:54:32
Script: Quarantine, Delete, Delete via BC		Tweaking.com - Windows Repair Tray Icon
Script: Delete		The task is ready to run at its next scheduled time.Tweaking.com - Windows Repair Tray IconC:\WINDOWS\system32\Tasks\ C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe 64
C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		{2CEC3A6D-C17B-44D2-A96E-786BFB9F600D}
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"64
C:\Program Files (x86)\ZHPDiag
error getting file info
Script: Quarantine, Delete, Delete via BC		{2CEC3A6D-C17B-44D2-A96E-786BFB9F600D}
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag"64
C:\Users\Anne\Downloads\ZHPDiag2.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		{418D1141-1F94-433F-B499-B45B6EDEEE18}
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Windows\system32\pcalua.exe -a C:\Users\Anne\Downloads\ZHPDiag2.exe -d C:\Users\Anne\Downloads64
C:\Users\Anne\Downloads\ZHPDiag.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		{49976294-3637-4587-AE78-0B53B44C9889}
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Windows\system32\pcalua.exe -a C:\Users\Anne\Downloads\ZHPDiag.exe -d C:\Users\Anne\Downloads64
C:\Users\Anne\Downloads\ZHPDiag2 (1).exe
error getting file info
Script: Quarantine, Delete, Delete via BC		{D4CF3ECB-06D5-442E-A552-75102C64B693}
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Windows\system32\pcalua.exe -a "C:\Users\Anne\Downloads\ZHPDiag2 (1).exe" -d C:\Users\Anne\Downloads64
C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		{D7347F9B-6156-4CAB-8EAE-964ADE7E3E6C}
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"64
C:\Program Files (x86)\ZHPDiag\ZHPFix
error getting file info
Script: Quarantine, Delete, Delete via BC		{D7347F9B-6156-4CAB-8EAE-964ADE7E3E6C}
Script: Delete		The task is ready to run at its next scheduled time.C:\WINDOWS\system32\Tasks\ C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe" -d "C:\Program Files (x86)\ZHPDiag\ZHPFix"64
Items found - 143, recognized as trusted - 84

SPI/LSP settings

Namespace providers (NSP)
ManufacturerStatusEXE fileDescriptionGUID
Detected - 7, recognized as trusted - 7
Transport protocol providers (TSP, LSP)
ManufacturerEXE fileDescription
Detected - 11, recognized as trusted - 11
Results of automatic SPI settings check 
LSP NameSpace error: Number of namespaces 6 doesn't correspond to real 7
Attention ! LSP errors detected. Number of errors - 1
Problems with Internet connection are possible

TCP/UDP ports

PortStatusRemote HostRemote PortApplicationNotes
TCP ports
80LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
139LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
445LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
1801LISTENING0.0.0.00mqsvc.exe [2268]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
2103LISTENING0.0.0.00mqsvc.exe [2268]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
2105LISTENING0.0.0.00mqsvc.exe [2268]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
2107LISTENING0.0.0.00mqsvc.exe [2268]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
2869LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
5354ESTABLISHED127.0.0.149413mDNSResponder.exe [2208]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
5354ESTABLISHED127.0.0.149415mDNSResponder.exe [2208]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
5354LISTENING0.0.0.00mDNSResponder.exe [2208]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
5357LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
8092LISTENING0.0.0.00System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
27015LISTENING0.0.0.00AppleMobileDeviceService.exe [2148]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49408LISTENING0.0.0.00wininit.exe [512]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49411LISTENING0.0.0.00spoolsv.exe [1380]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49412LISTENING0.0.0.00lsass.exe [596]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49413ESTABLISHED127.0.0.15354AppleMobileDeviceService.exe [2148]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49414LISTENING0.0.0.00mqsvc.exe [2268]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49415ESTABLISHED127.0.0.15354AppleMobileDeviceService.exe [2148]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49467LISTENING0.0.0.00services.exe [588]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
59243LISTENING0.0.0.00SetPoint.exe [5792]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
60313TIME_WAIT54.230.129.214443  [0]
error getting file info		 
60616ESTABLISHED172.217.17.46443c:\program files (x86)\google\chrome\application\chrome.exe [6336]
944.10 kb, rsAh, created: 13.04.2016 21:13:51, modified: 25.09.2016 05:47:08
Script: Quarantine, Delete, Delete via BC, Terminate		 
60617ESTABLISHED172.217.17.110443c:\program files (x86)\google\chrome\application\chrome.exe [6336]
944.10 kb, rsAh, created: 13.04.2016 21:13:51, modified: 25.09.2016 05:47:08
Script: Quarantine, Delete, Delete via BC, Terminate		 
65530LISTENING0.0.0.00c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe [5824]
341.53 kb, rsAh, created: 14.08.2015 00:33:26, modified: 14.08.2015 00:33:26
Script: Quarantine, Delete, Delete via BC, Terminate		 
UDP ports
137LISTENING----System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
138LISTENING----System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
3702LISTENING----dasHost.exe [2160]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
3702LISTENING----dasHost.exe [2160]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
5353LISTENING----c:\program files (x86)\google\chrome\application\chrome.exe [6336]
944.10 kb, rsAh, created: 13.04.2016 21:13:51, modified: 25.09.2016 05:47:08
Script: Quarantine, Delete, Delete via BC, Terminate		 
5353LISTENING----c:\program files (x86)\google\chrome\application\chrome.exe [6336]
944.10 kb, rsAh, created: 13.04.2016 21:13:51, modified: 25.09.2016 05:47:08
Script: Quarantine, Delete, Delete via BC, Terminate		 
5353LISTENING----c:\program files (x86)\google\chrome\application\chrome.exe [6336]
944.10 kb, rsAh, created: 13.04.2016 21:13:51, modified: 25.09.2016 05:47:08
Script: Quarantine, Delete, Delete via BC, Terminate		 
5353LISTENING----mDNSResponder.exe [2208]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
49408LISTENING----mDNSResponder.exe [2208]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
51938LISTENING----AppleMobileDeviceService.exe [2148]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
51939LISTENING----AppleMobileDeviceService.exe [2148]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 
54528LISTENING----c:\program files (x86)\avira\launcher\avira.systray.exe [6024]
158.24 kb, rsAh, created: 24.08.2016 16:03:26, modified: 24.08.2016 16:03:26
Script: Quarantine, Delete, Delete via BC, Terminate		 
54529LISTENING----c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe [5824]
341.53 kb, rsAh, created: 14.08.2015 00:33:26, modified: 14.08.2015 00:33:26
Script: Quarantine, Delete, Delete via BC, Terminate		 
54530LISTENING----c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe [5824]
341.53 kb, rsAh, created: 14.08.2015 00:33:26, modified: 14.08.2015 00:33:26
Script: Quarantine, Delete, Delete via BC, Terminate		 
61214LISTENING----dasHost.exe [2160]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		 

Downloaded Program Files (DPF)

File nameDescriptionManufacturerCLSIDSource URL
Items found - 1, recognized as trusted - 1

Control Panel Applets (CPL)

File nameDescriptionManufacturer
Items found - 17, recognized as trusted - 17

Active Setup

File nameDescriptionManufacturerCLSID
C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.143\Installer\chrmstp.exe
1237.10 kb, rsAh, created: 04.10.2016 09:23:43, modified: 04.10.2016 09:22:01
Script: Quarantine, Delete, Delete via BC		Google Chrome InstallerCopyright 2016 Google Inc. All rights reserved.{8A69D345-D564-463c-AFF1-A69D9E530F96}
Delete
Items found - 5, recognized as trusted - 4

HOSTS file

Hosts file record 
127.0.0.1       localhost
Clear Hosts file

Protocols and handlers

File nameTypeDescriptionManufacturerCLSID
Items found - 20, recognized as trusted - 20

Shared resources

Network namePathNotes
ADMIN$C:\WINDOWSAdministration à distance
C$C:\Partage par défaut
D$D:\Partage par défaut
IPC$IPC distant
print$C:\Windows\system32\spool\driversPilotes d’imprimantes
UsersC:\Users

Suspicious objects

FileDescriptionType 

Attention !!! Database was last updated 29/02/2016 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.46 private build
Scanning started at 14.10.2016 11:43:24
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 29.02.2016 04:00
Heuristic microprograms loaded: 408
PVS microprograms loaded: 9
Digital signatures of system files loaded: 789285
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.10240,  "Windows 10 Home", install date 01.08.2015 14:58:37 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
Function kernel32.dll:ReadConsoleInputExA (1103) intercepted, method - ProcAddressHijack.GetProcAddress ->7581A126->752A23C0
Function kernel32.dll:ReadConsoleInputExW (1104) intercepted, method - ProcAddressHijack.GetProcAddress ->7581A159->752A23F0
 Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:NtCreateFile (272) intercepted, method - ProcAddressHijack.GetProcAddress ->77699050->71F634E0
Function ntdll.dll:NtSetInformationFile (558) intercepted, method - ProcAddressHijack.GetProcAddress ->77698D70->71F633D0
Function ntdll.dll:NtSetValueKey (590) intercepted, method - ProcAddressHijack.GetProcAddress ->77699100->71F971D0
Function ntdll.dll:ZwCreateFile (1686) intercepted, method - ProcAddressHijack.GetProcAddress ->77699050->71F634E0
Function ntdll.dll:ZwSetInformationFile (1970) intercepted, method - ProcAddressHijack.GetProcAddress ->77698D70->71F633D0
Function ntdll.dll:ZwSetValueKey (2002) intercepted, method - ProcAddressHijack.GetProcAddress ->77699100->71F971D0
 Analysis: user32.dll, export table found in section .text
Function user32.dll:CallNextHookEx (1531) intercepted, method - ProcAddressHijack.GetProcAddress ->74E31600->71F62370
Function user32.dll:SetWindowsHookExW (2339) intercepted, method - ProcAddressHijack.GetProcAddress ->74E3D910->71F97250
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:NetFreeAadJoinInformation (139) intercepted, method - ProcAddressHijack.GetProcAddress ->735EC13E->62148C40
Function netapi32.dll:NetGetAadJoinInformation (140) intercepted, method - ProcAddressHijack.GetProcAddress ->735EC16D->62148D40
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 18
Extended process analysis: 1552 C:\Program Files (x86)\Avira\Antivirus\sched.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 1768 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[ES]:Application has no visible windows
Extended process analysis: 1900 C:\Program Files (x86)\Avira\Antivirus\avguard.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 6024 C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 6084 C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 5824 C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
Extended process analysis: 6372 C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
[ES]:EXE runtime packer ?
Extended process analysis: 6336 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Registered for automatic startup !!
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 2508 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 6004 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
Extended process analysis: 7024 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Registered for automatic startup !!
 Number of modules loaded: 281
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
LSP NameSpace error: Number of namespaces 6 doesn't correspond to real 7
 Attention ! SPI/LSP errors detected. Number of errors - 1
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Services Bureau ? distance)
>> Services: potentially dangerous service allowed: SSDPSRV (D?couverte SSDP)
>> Services: potentially dangerous service allowed: Schedule (Planificateur de t?ches)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 300, extracted from archives: 0, malicious software found 0, suspicions - 0
Scanning finished at 14.10.2016 11:55:41
Time of scanning: 00:12:19
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="5.255.255.80,5.255.255.70,77.88.55.66,77.88.55.70", Ping=OK (0,62,5.255.255.80)
  Host="google.ru", IP="172.217.17.35", Ping=OK (0,29,172.217.17.35)
  Host="google.com", IP="172.217.17.46", Ping=OK (0,29,172.217.17.46)
  Host="www.kaspersky.com", IP="77.74.178.16", Ping=OK (0,76,77.74.178.16)
  Host="www.kaspersky.ru", IP="77.74.178.20", Ping=OK (0,77,77.74.178.20)
  Host="dnl-03.geo.kaspersky.com", IP="94.75.236.122", Ping=OK (0,27,94.75.236.122)
  Host="dnl-11.geo.kaspersky.com", IP="195.122.169.15", Ping=OK (0,34,195.122.169.15)
  Host="activation-v2.kaspersky.com", IP="195.27.252.50", Ping=Error (11010,0,0.0.0.0)
  Host="odnoklassniki.ru", IP="217.20.155.58,5.61.23.5,217.20.156.159", Ping=OK (0,74,217.20.155.58)
  Host="vk.com", IP="87.240.165.84,87.240.165.85,87.240.165.83", Ping=OK (0,70,87.240.165.84)
  Host="vkontakte.ru", IP="95.213.4.229,95.213.4.228", Ping=OK (0,68,95.213.4.229)
  Host="twitter.com", IP="199.16.156.70,199.16.156.102,199.16.156.230,199.16.156.198", Ping=OK (0,118,199.16.156.70)
  Host="facebook.com", IP="179.60.195.36", Ping=OK (0,25,179.60.195.36)
  Host="ru-ru.facebook.com", IP="179.60.195.7", Ping=OK (0,27,179.60.195.7)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands
 

Add commands to script:
Additional operations:

File list