Results of system analysis

Process List

File name	PID	Description	Copyright	MD5	Information
C:\Program Files (x86)\Acer\Care Center\ACCStd.exe Script: Quarantine, Delete, Delete via BC, Terminate	9532	ACCStd	(C)All rights reserved	B36FFC4A3571D97BAB46C4C79348A0DE	4535.41 kb, rsAh,created: 20.01.2016 11:50:56,modified: 20.01.2016 11:50:56 Command line:
c:\program files (x86)\easeus\todo backup\bin\agent.exe Script: Quarantine, Delete, Delete via BC, Terminate	2940	EaseUS Todo Backup Agent Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	F8F1E7CE66C872DBCC8C9B0F8E41365D	38.69 kb, rsAh,created: 16.03.2017 08:08:13,modified: 06.12.2016 02:46:06 Command line: "C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe"
c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	1980	Adobe Genuine Software Integrity Service	Copyright 2014 Adobe Systems Incorporated. All rights reserved.	A32EA26C90A47B2BC93D7B0B94994B11	2175.11 kb, rsAh,created: 20.08.2015 18:04:56,modified: 27.02.2017 10:55:02 Command line: "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe Script: Quarantine, Delete, Delete via BC, Terminate	2308	Kaspersky Anti-Virus	© 2016 AO Kaspersky Lab. All Rights Reserved.	03B45C52179E8DAE51A0F685C30D06D6	235.88 kb, rsAh,created: 28.06.2016 01:54:28,modified: 28.06.2016 01:54:28 Command line:
c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avpui.exe Script: Quarantine, Delete, Delete via BC, Terminate	7660	Kaspersky Anti-Virus	© 2016 AO Kaspersky Lab. All Rights Reserved.	E14F3C1C1833A0BB3B639D1BD5F55BF5	218.46 kb, rsAh,created: 29.03.2017 12:11:48,modified: 29.03.2017 12:11:48 Command line:
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe Script: Quarantine, Delete, Delete via BC, Terminate	1796	Realtek Bluetooth AVRCP Service	Realtek All Rights Reserved	4B2469B9858FF03AA83947A05BE60447	40.21 kb, rsAh,created: 05.10.2015 18:23:34,modified: 02.03.2015 22:26:38 Command line:
c:\users\utilis~1\appdata\local\temp\lt33ixbj.iwg\getsysteminfodllcache\avz\avz.exe Script: Quarantine, Delete, Delete via BC, Terminate	3700			FF6D0AE888488259B661DCCA3F1DBF44	5508.45 kb, rsAh,created: 22.01.2016 06:59:26,modified: 01.03.2016 04:43:13 Command line: "C:\Users\UTILIS~1\AppData\Local\Temp\lt33ixbj.iwg\GetSystemInfoDllCache\avz\avz.exe" Script="C:\Users\UTILIS~1\AppData\Local\Temp\lt33ixbj.iwg\GetSystemInfoDllCache\avz\asa.avz" HiddenMode="3" SpoolLog="C:\Users\UTILIS~1\AppData\Local\Temp\lt33ixbj.iwg\GetSystemInfo\avz.log" TempFolder="C:\Users\UTILIS~1\AppData\Local\Temp\lt33ixbj.iwg\GetSystemInfo\AvzTemp"
c:\program files (x86)\acer\aop framework\backgroundagent.exe Script: Quarantine, Delete, Delete via BC, Terminate	11120	Background Agent	Copyright (C) 2014	ED6F057311A3EBF137897DDD1F37249C	64.21 kb, rsAh,created: 17.11.2015 12:11:46,modified: 17.11.2015 12:11:46 Command line: "C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe" task
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe Script: Quarantine, Delete, Delete via BC, Terminate	2324	Realtek Bluetooth BTDevManager Service Application	Realtek All Rights Reserved	06E59719C1A85041CE668AF1F4ABE8D8	115.21 kb, rsAh,created: 05.10.2015 18:23:34,modified: 02.06.2015 13:25:48 Command line:
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe Script: Quarantine, Delete, Delete via BC, Terminate	2144	Realtek Bluetooth BTDevManager Service Application	Realtek All Rights Reserved	06E59719C1A85041CE668AF1F4ABE8D8	115.21 kb, rsAh,created: 05.10.2015 18:23:34,modified: 02.06.2015 13:25:48 Command line:
C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe Script: Quarantine, Delete, Delete via BC, Terminate	8244	Realtek Bluetooth BTServer Application	Realtek All Rights Reserved	BCD340300881BF94AB1C23C4D1D0E82C	223.71 kb, rsAh,created: 05.10.2015 18:23:34,modified: 02.06.2015 13:25:48 Command line:
C:\Program Files\CCleaner\CCleaner64.exe Script: Quarantine, Delete, Delete via BC, Terminate	7784	CCleaner	Copyright © 2005-2017 Piriform Ltd	B85C64056D37839D3E99D3F3CECA988C	9543.21 kb, rsAh,created: 05.05.2017 13:08:22,modified: 05.05.2017 13:08:22 Command line:
C:\Windows\System32\DbxSvc.exe Script: Quarantine, Delete, Delete via BC, Terminate	3004	Dropbox Service	Dropbox, Inc.	85E71BD98A72996A00C71EB7B537A631	error getting file info Command line:
c:\program files (x86)\dropbox\update\dropboxupdate.exe Script: Quarantine, Delete, Delete via BC, Terminate	6592	Dropbox Update	Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)	A1F58FFF448E4099297D6EE0641D4D0E	139.79 kb, rsAh,created: 04.01.2017 18:20:41,modified: 04.01.2017 18:20:37 Command line: "C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /c
c:\program files (x86)\faststone capture\fscapture.exe Script: Quarantine, Delete, Delete via BC, Terminate	9260			795A332E62D8113FDD7EFBC1DBF2FD48	1089.00 kb, rsAh,created: 23.02.2007 17:49:58,modified: 23.02.2007 17:49:58 Command line: "C:\Program Files (x86)\FastStone Capture\FSCapture.exe"
c:\users\utilisateur\appdata\local\temp\temp1_getsysteminfo6.1.zip\getsysteminfo6.1.exe Script: Quarantine, Delete, Delete via BC, Terminate	10440	Kaspersky Get System Info	© 2016 AO Kaspersky Lab. All Rights Reserved.	B1274ADF56907D8D1B85985D21576D2F	10753.57 kb, rsAh,created: 01.03.2016 19:16:58,modified: 19.05.2017 06:10:05 Command line: "C:\Users\Utilisateur\AppData\Local\Temp\Temp1_GetSystemInfo6.1.zip\GetSystemInfo6.1.exe"
c:\program files (x86)\google\update\1.3.33.5\googlecrashhandler.exe Script: Quarantine, Delete, Delete via BC, Terminate	3792	Google Crash Handler	Copyright 2007-2010 Google Inc.	33E6E5822E22A5E1DEA523C06155FD07	282.08 kb, rsAh,created: 15.05.2017 14:27:58,modified: 15.05.2017 14:27:31 Command line: "C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe"
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe Script: Quarantine, Delete, Delete via BC, Terminate	3536	Google Crash Handler	Copyright 2007-2010 Google Inc.	27BEAF3F308ED2276F3863C2F2597556	358.08 kb, rsAh,created: 15.05.2017 14:27:58,modified: 15.05.2017 14:27:31 Command line:
c:\users\utilisateur\appdata\local\temp\sa68\gsi.exe Script: Quarantine, Delete, Delete via BC, Terminate	9484	Kaspersky Get System Info	2016 AO Kaspersky Lab. All Rights Reserved.	A729EFCD89A0C3F802A00397163C0903	3333.58 kb, rsAh,created: 19.05.2017 06:10:10,modified: 01.03.2016 04:40:56 Command line: C:\Users\Utilisateur\AppData\Local\Temp\sa68\GSI.exe
c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe Script: Quarantine, Delete, Delete via BC, Terminate	3304	Kaspersky Secure Connection	© 2016 AO Kaspersky Lab. All Rights Reserved.	EFF5EA6088DB81C6EF6EDCDA5EE79909	235.88 kb, rsAh,created: 28.06.2016 01:54:28,modified: 28.06.2016 01:54:28 Command line: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe" -r
c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksdeui.exe Script: Quarantine, Delete, Delete via BC, Terminate	5288	Kaspersky Secure Connection	© 2016 AO Kaspersky Lab. All Rights Reserved.	BDB3D8437752EBCD11DB04082B1FE8A5	468.96 kb, rsAh,created: 29.03.2017 12:11:48,modified: 29.03.2017 12:11:48 Command line: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe" -hidden
c:\program files (x86)\pop peeper\poppeeper.exe Script: Quarantine, Delete, Delete via BC, Terminate	4388	POP Peeper Email Notifier	Copyright (C) 2001-2016 Esumsoft	710D0C12003832B3FBC16787794514A1	2625.70 kb, rsAh,created: 23.10.2016 17:05:38,modified: 23.10.2016 17:05:38 Command line: "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min
c:\program files (x86)\easeus\todo backup\bin\todobackupservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	6044			8B8767C8344C7CB86582B848978ED336	253.19 kb, rsAh,created: 16.03.2017 08:08:16,modified: 06.12.2016 02:46:30 Command line: "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe"
c:\program files (x86)\western digital\wd security\wddriveautounlock.exe Script: Quarantine, Delete, Delete via BC, Terminate	8424	WD Drive Auto Unlock	© 2015 Western Digital Technologies, Inc. All rights reserved.	DE9A76F5ECAA1EDC2D4D2836E8148475	1719.84 kb, RsAh,created: 07.12.2015 17:04:22,modified: 07.12.2015 17:04:22 Command line: "C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe"
c:\program files (x86)\western digital\wd drive manager\wddriveservice.exe Script: Quarantine, Delete, Delete via BC, Terminate	2392	WD Drive Service	© 2016 Western Digital Technologies, Inc. All rights reserved.	E84CF717E854D02DF30BD1BCC612BEAC	300.87 kb, RsAh,created: 14.01.2016 11:27:44,modified: 14.01.2016 11:27:44 Command line: "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe"
c:\program files (x86)\western digital\wd utilities\wddriveutilitieshelper.exe Script: Quarantine, Delete, Delete via BC, Terminate	6872	WD Drive Utilities Helper	© 2016 Western Digital Technologies, Inc. All rights reserved.	E93FDA336764BBE2CB05C924AEF834B4	1846.35 kb, RsAh,created: 14.01.2016 11:26:20,modified: 14.01.2016 11:26:20 Command line: "C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe"
Detected:135, recognized as trusted 111

Module name	Handle	Description	Copyright	AVZ0311	Used by processes
C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll Script: Quarantine, Delete, Delete via BC	1750859776	Dropbox Shell Extension	(c) Dropbox, Inc. All rights reserved	MD5=6C35442D217BCEAF167D15C352A502F2 225.32 kb, rsAh, created: 17.05.2017 16:36:18, modified: 16.05.2017 16:50:18	9260
C:\Program Files (x86)\Dropbox\Update\1.3.59.1\goopdate.dll Script: Quarantine, Delete, Delete via BC	1885601792	Dropbox Update	Copyright: Dropbox, Inc. 2015 (Omaha Copyright Google Inc.)	MD5=815713B523B84B3BDFBEEDE424E8DAE2 1108.79 kb, rsAh, created: 04.01.2017 18:26:34, modified: 04.01.2017 18:26:33	6592
C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll Script: Quarantine, Delete, Delete via BC	1889271808			MD5=5A61F0A42BC1FD6391A62C9C47E5FA6B 26.19 kb, rsAh, created: 16.03.2017 08:08:13, modified: 06.12.2016 02:43:04	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll Script: Quarantine, Delete, Delete via BC	1914568704			MD5=C70EA1787D5A56DD98837975C63F370C 120.69 kb, rsAh, created: 16.03.2017 08:08:13, modified: 01.03.2017 17:44:32	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll Script: Quarantine, Delete, Delete via BC	1869217792			MD5=B707A0BF947E307B403CE039E364B2E7 20.19 kb, rsAh, created: 16.03.2017 08:08:13, modified: 06.12.2016 02:43:06	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll Script: Quarantine, Delete, Delete via BC	1868955648			MD5=82240A724F483E8D279790AAAD5A2F9A 21.19 kb, rsAh, created: 16.03.2017 08:08:13, modified: 06.12.2016 02:43:08	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll Script: Quarantine, Delete, Delete via BC	1897136128			MD5=17101299B8816922C44259F76E08236B 404.69 kb, rsAh, created: 16.03.2017 08:08:13, modified: 06.12.2016 02:43:08	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll Script: Quarantine, Delete, Delete via BC	1921843200			MD5=DE9E9C1C52C48F1FE997514F4C9DA720 39.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:12	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll Script: Quarantine, Delete, Delete via BC	1907294208			MD5=DD7FC791735A9F71F170B00277B36A8C 25.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:16	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll Script: Quarantine, Delete, Delete via BC	1921646592			MD5=CA8BF9CA618648AD176B0EB184B75D48 72.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:16	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll Script: Quarantine, Delete, Delete via BC	1869283328			MD5=D90E17F01A2B16AD435BC22FB06B0A09 77.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:18	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll Script: Quarantine, Delete, Delete via BC	1915617280			MD5=2B727D4DD4F2AC7A617E93361DB73384 178.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:20	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll Script: Quarantine, Delete, Delete via BC	1915420672			MD5=2CF5BBD62FBE015917A65BA11D667D37 159.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:20	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll Script: Quarantine, Delete, Delete via BC	1914699776			MD5=4B3BD1C0A80917CB2ECDAF03B6AB8ADC 17.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:20	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll Script: Quarantine, Delete, Delete via BC	1921122304			MD5=EAD66065EA1A87FE9CD52C2D63B644E9 184.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:22	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll Script: Quarantine, Delete, Delete via BC	1921777664			MD5=386E7A4513D56C3368CEDEFBC9288434 24.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:22	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmdManager.dll Script: Quarantine, Delete, Delete via BC	1927413760	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=BE661FCA55FA9231885CB79AA6287992 537.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 07.12.2016 09:02:44	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll Script: Quarantine, Delete, Delete via BC	1928265728			MD5=3470D1043F9EF41B83DCB438C808FEDC 79.04 kb, rsAh, created: 16.03.2017 08:08:14, modified: 01.03.2016 14:00:50	2940, 6044
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll Script: Quarantine, Delete, Delete via BC	1835663360			MD5=99766005A2A3A4532B833ABD21EF4F03 89.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:24	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll Script: Quarantine, Delete, Delete via BC	1926365184			MD5=BAA2535AF565085244D32880FC2CAF14 19.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:24	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\ControlPxe.dll Script: Quarantine, Delete, Delete via BC	1869414400	EaseUS Todo Backup	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=95BA82946556EF6BB75753FF66DA7FA1 21.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:26	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll Script: Quarantine, Delete, Delete via BC	1890582528			MD5=CB62A144198D0E83A1C8B9BB4AB617BE 22.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:26	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll Script: Quarantine, Delete, Delete via BC	1838809088			MD5=F6E4BC8062329C676D765A5202FC59F7 138.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:30	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll Script: Quarantine, Delete, Delete via BC	1915813888			MD5=6D6E4896E7E02BD2D38F9CD430CDA701 28.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:30	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll Script: Quarantine, Delete, Delete via BC	1839136768			MD5=1C332EC9D112B340CB42D71E7A6D65E1 359.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:32	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll Script: Quarantine, Delete, Delete via BC	1909522432			MD5=C8F17B6ED1DCEE438AEDBE3C63A68CC8 32.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:34	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll Script: Quarantine, Delete, Delete via BC	1908211712			MD5=C018781CE5752C7D317460FEB3D889FB 289.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:34	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EMail.dll Script: Quarantine, Delete, Delete via BC	1891893248	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=56B23B8FACD68825F7B14EB3188A3942 676.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:38	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll Script: Quarantine, Delete, Delete via BC	1897594880			MD5=501A6F0EE452C72A44EEBD0C046DAEDA 191.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:40	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll Script: Quarantine, Delete, Delete via BC	1869479936			MD5=17809B64C66F20DCE54C2ED7F6DD28C5 216.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:40	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll Script: Quarantine, Delete, Delete via BC	1896742912			MD5=26B5A8D1D1C6982CA8FE5E540AE2119D 158.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:42	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll Script: Quarantine, Delete, Delete via BC	1889992704			MD5=16EF42A912DE2AAE967DC14935B46EE6 33.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:44	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuPipe.dll Script: Quarantine, Delete, Delete via BC	1919614976	EaseUS Todo Backup Pipe Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=19C7E57CD5B6EB97942693BD50BBABEE 44.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:48	2940, 6044
C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll Script: Quarantine, Delete, Delete via BC	1905655808	EaseUS Todo Backup ExImage Dynamic Link Library	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved	MD5=559552AB30BAB1440E5DBBC3B2D8E3DD 720.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:54	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll Script: Quarantine, Delete, Delete via BC	1835794432			MD5=30920CB77313D99B8E1CECF959EB7A05 62.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:58	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll Script: Quarantine, Delete, Delete via BC	1907687424			MD5=EFBC3AEA9D3E417A45096FC6AA58A9C4 76.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:43:58	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll Script: Quarantine, Delete, Delete via BC	1893924864			MD5=6D6A13B2D4563C5F1D7A4D029C1954BD 111.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:02	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll Script: Quarantine, Delete, Delete via BC	1835925504			MD5=3E118457A57A418A6EB58D97A8700687 51.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:02	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackup.dll Script: Quarantine, Delete, Delete via BC	1868431360	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=3FED70AE9F61F8B50BDD4B8355726025 214.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:04	6044
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlBackupSize.dll Script: Quarantine, Delete, Delete via BC	1909719040	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=5DFF62E327DDE5F72CCD963A814E78E6 100.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:04	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlImgFile.dll Script: Quarantine, Delete, Delete via BC	1893335040	EaseUS Todo Backup FLImgFile Dynamic Link Library	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=CB5E7753CF43E5FF4B39582F31407C96 547.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:04	2940, 6044
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FlSearchImg.dll Script: Quarantine, Delete, Delete via BC	1911357440	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=9A942D4CE8C72B7EA42D7DADDEA5160C 45.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:06	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Ftp.dll Script: Quarantine, Delete, Delete via BC	1890910208	EaseUS Todo Backup Application	Copyright (C) 2004-2010 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=7BFFA76A1D7490F433D6E4C5784EE6C7 157.69 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:10	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\FTPTest.dll Script: Quarantine, Delete, Delete via BC	1891106816	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=D387BED7B9AC22E6AFCB0EE070FB6C4D 19.19 kb, rsAh, created: 16.03.2017 08:08:14, modified: 06.12.2016 02:44:10	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll Script: Quarantine, Delete, Delete via BC	1893138432			MD5=3512A9711EAE4DCA677205634868DB58 26.19 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:10	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImageFileInfo.dll Script: Quarantine, Delete, Delete via BC	1894121472	EaseUS Todo Backup ImageFileInfo Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=FCD28E444B87DD0DE1654148A4DF5680 78.69 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:12	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll Script: Quarantine, Delete, Delete via BC	1908539392			MD5=9974E0AF619E0C87EC1B9B053494B52C 156.69 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:14	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFileHlp.dll Script: Quarantine, Delete, Delete via BC	1909260288	EaseUS Todo Backup ImgFileHlp Dynamic Link Library	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=EEE20D20F0890CE33AE215D468E5C677 244.69 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:16	2940, 6044
C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll Script: Quarantine, Delete, Delete via BC	1909587968			MD5=CB9C1F5ADB3C358E8294DFD5CAA1F82A 83.69 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:20	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\MatchStr.dll Script: Quarantine, Delete, Delete via BC	1911422976	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=3B7F62332512D9BB1DAA5AB7AA86FDB7 135.19 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:20	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll Script: Quarantine, Delete, Delete via BC	1908736000			MD5=B906F4012CFD2DBCBEDFD022CBAC3E39 68.69 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:22	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll Script: Quarantine, Delete, Delete via BC	1870266368			MD5=04DB9EB17AD4928CAA56235B6FDB06D0 73.19 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:24	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll Script: Quarantine, Delete, Delete via BC	1835532288			MD5=ED10C6E1E665B150CF63887696AA7DBA 57.19 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:26	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll Script: Quarantine, Delete, Delete via BC	1906966528			MD5=B33E5E37DB2CB70793A8C8BEF8E3FC03 205.19 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:28	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll Script: Quarantine, Delete, Delete via BC	1907359744			MD5=AE5B64171F8D7CC4378B9CEF983608B9 298.69 kb, rsAh, created: 16.03.2017 08:08:15, modified: 09.12.2016 09:09:26	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Options.dll Script: Quarantine, Delete, Delete via BC	1923416064	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=5C35482676512DB2F0D960F7906BDD70 28.19 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:30	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll Script: Quarantine, Delete, Delete via BC	1835991040			MD5=2E0593816E21403F4781DB68C2FF3228 145.69 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:30	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\PolicyManage.dll Script: Quarantine, Delete, Delete via BC	1889468416	PolicyManage Dynamic Link Library	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=5B0D31C5056C327664BFEFAC1E84196E 93.19 kb, rsAh, created: 16.03.2017 08:08:15, modified: 06.12.2016 02:44:34	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll Script: Quarantine, Delete, Delete via BC	1889337344			MD5=2DD409E4BF6FF6456E3DD0CB6E666ABB 64.69 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:36	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll Script: Quarantine, Delete, Delete via BC	1868693504			MD5=DE2EB056D13BFEA79BC3D06EBC9EC253 205.19 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:38	6044
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll Script: Quarantine, Delete, Delete via BC	1868365824			MD5=EEFFE91103EF9DD2B4585C01409E1F73 44.19 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:42	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll Script: Quarantine, Delete, Delete via BC	268435456			MD5=AA2BD345190CE5CB14CF27E16E27261B 88.69 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:46	2940, 6044
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll Script: Quarantine, Delete, Delete via BC	1914765312			MD5=23079016993DD6C431D8E645B0BC7B82 54.69 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:48	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll Script: Quarantine, Delete, Delete via BC	1889730560			MD5=14CA2374A5E5E1B6A62D12A34ADEA704 53.19 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:48	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Thread.dll Script: Quarantine, Delete, Delete via BC	1839005696	EaseUS Todo Backup Thread Dynamic Link Library	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=03E71479CC5BD78115ED0F8A96644F3F 121.19 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:50	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Transmit.dll Script: Quarantine, Delete, Delete via BC	1868234752	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=1E653B918BCE357FD8D3DEC5286BA4A7 110.69 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:50	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll Script: Quarantine, Delete, Delete via BC	1916403712			MD5=4320090C6600B55D3BCACEC32983BC88 138.69 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:54	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll Script: Quarantine, Delete, Delete via BC	1869021184			MD5=A834BF2A6E25911A5434D73E11927BFE 135.19 kb, rsAh, created: 16.03.2017 08:08:16, modified: 06.12.2016 02:44:54	2940
C:\Program Files (x86)\EaseUS\Todo Backup\bin\XmlWrapper.dll Script: Quarantine, Delete, Delete via BC	1927217152	EaseUS Todo Backup Application	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.	MD5=05FAD84FB9C735AD919BAB6A96A27E66 43.69 kb, rsAh, created: 16.03.2017 08:08:17, modified: 06.12.2016 02:44:58	2940
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ac_facade.dll Script: Quarantine, Delete, Delete via BC	1691746304	Application Control Product Facade	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=54D244F8A2EBCC8CDDA565BA99555EF8 157.95 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ac_meta.dll Script: Quarantine, Delete, Delete via BC	1898512384	Application Control Meta Information	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=BBE446BAB5CCD555A75A9D925AD7B7F8 267.95 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\acassembler.dll Script: Quarantine, Delete, Delete via BC	1867776000	Application Control Assembler	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=5A92260C913CAFD1E0F1494EC7BA8E4D 431.45 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ahids.ppl Script: Quarantine, Delete, Delete via BC	1884880896	ids task	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=752D8A748D03FC7BB4A6AE71EEC2E2A0 101.45 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\am_facade.dll Script: Quarantine, Delete, Delete via BC	1859452928		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=5303FA8BF338A30B76999F9D2E6AC4F4 382.95 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\am_patch_management.dll Script: Quarantine, Delete, Delete via BC	1788542976		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=02F57688FBDA667DF92A749A3F7FF28E 267.95 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\antispam.ppl Script: Quarantine, Delete, Delete via BC	1785659392	AntiSpam mail fiter	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=43E676EA933BD814995F1754E7463630 587.45 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\app_core_legacy.dll Script: Quarantine, Delete, Delete via BC	1899429888		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=2E0A86BA6C2FEF58A04446D0E8805F92 899.35 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\application_categorizer.dll Script: Quarantine, Delete, Delete via BC	1853947904	Application Control Application Categorizer	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=43E7F46E3CB0C5C1ABD9EB1AB7ED218C 164.52 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\application_investigator.dll Script: Quarantine, Delete, Delete via BC	1841430528	Application Control Application Investigator	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=3E545BC58B98D99625B9DA54F8287A67 555.45 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpmain.dll Script: Quarantine, Delete, Delete via BC	1924464640	Kaspersky Anti-Virus	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=20F94B39C6FDDDE805E3D42DD1F217D3 841.31 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpservice.dll Script: Quarantine, Delete, Delete via BC	1927282688	Kaspersky Anti-Virus Service library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=F0546AC68BA65F3C73F319C256CD5C72 83.36 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpuimain.dll Script: Quarantine, Delete, Delete via BC	1808465920	Kaspersky Anti-Virus	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=096856C40CB4B7A8C218DCEEA83E789B 2719.00 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avs_eka.dll Script: Quarantine, Delete, Delete via BC	1864630272		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=8726CA220E8C19C00C642E75F44C04F3 1106.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avstream_monitor.dll Script: Quarantine, Delete, Delete via BC	1850408960	Audio Video Stream Monitor	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=A7656A54FF1AF47FD1718B7372A61BAD 83.95 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\backup_facade_metainfo.dll Script: Quarantine, Delete, Delete via BC	1898381312	Backup facade metainfo	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=74FE11E3A943677DACA5D810F148D282 107.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bi_facade.dll Script: Quarantine, Delete, Delete via BC	1846214656	Browser Integration PDK facade	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=69D3BEF59176C44C43BE51405D375190 1088.13 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bi_meta.dll Script: Quarantine, Delete, Delete via BC	1891500032	Browser Integration PDK meta	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=EAC90F7F824172C26EF79A3B4C21A125 89.45 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bl.ppl Script: Quarantine, Delete, Delete via BC	1870987264	Product Business Logic	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=44F84CD974127B5CD626E59F604BFF1B 7941.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 15.05.2017 17:12:45	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\browser_integration.dll Script: Quarantine, Delete, Delete via BC	1777598464	Browser Integration	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=15D85D9C2560D7B456A9B51BA619B807 163.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cbi.dll Script: Quarantine, Delete, Delete via BC	1865809920	KAV CBI DLL	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=2771D4ABA7BCEE690EAA4BD04698E8AF 43.21 kb, rsAh, created: 29.03.2017 12:13:46, modified: 29.03.2017 12:13:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_dnt.dll Script: Quarantine, Delete, Delete via BC	1884487680	CF dnt component	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=A8538FCC9B5571475410E16EB12084D3 384.45 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_engines.dll Script: Quarantine, Delete, Delete via BC	1838284800	Content Filtering Engines	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=EF5D263145407BF2E5A148F3B048E3B4 487.35 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_engines_meta.dll Script: Quarantine, Delete, Delete via BC	1893203968	Content Filtering Engines Meta	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=8FAAB9F278F371557648866C36BE61CA 71.95 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\cf_facade.dll Script: Quarantine, Delete, Delete via BC	1843593216	Content filtering facade component	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B34502122C342CA5B79C5D31AEC743E0 2390.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ckahcomm.dll Script: Quarantine, Delete, Delete via BC	1890123776		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=5488BFB3E04C21F832A8BF5362A91286 54.52 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ckahrule.dll Script: Quarantine, Delete, Delete via BC	1890058240		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=2931917D54A35A8F7BFC6B222E7122B7 67.02 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ckahum.dll Script: Quarantine, Delete, Delete via BC	1890254848		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=49BC261B033C99386B8B75802E22A3F4 255.63 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\content_filtering_meta.dll Script: Quarantine, Delete, Delete via BC	1898840064	Kaspersky content filtering pdk meta	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=7A2D25FBC9D615898BAA56897088AE1B 418.95 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\crpthlpr.ppl Script: Quarantine, Delete, Delete via BC	1796014080	CryptoHelper	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=4CA5E2F905D30F523106394AD84C3D3D 113.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\crypto_provider_meta.dll Script: Quarantine, Delete, Delete via BC	1896939520	Crypto Provider Metadata	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=F7DEF5DEF30E66CF4CFF64BB4E1AEA6D 167.92 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\crypto_ssl.dll Script: Quarantine, Delete, Delete via BC	1862926336	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	MD5=CB8C2AA16B277AD0B932D65A311EFCB3 1604.98 kb, rsAh, created: 15.05.2017 17:10:53, modified: 11.05.2017 08:09:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\dblite.dll Script: Quarantine, Delete, Delete via BC	1914830848	dblite	Copyright (C) 2010	MD5=57579FB647D45F6287D2C78BF3CE7A23 544.45 kb, rsAh, created: 28.06.2016 01:50:04, modified: 28.06.2016 01:50:04	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\dmap.ppl Script: Quarantine, Delete, Delete via BC	1847328768	Direct Mapper plugin	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=D5025FFAB1F1F88836D30FCD5E9E9DEC 25.95 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\dtreg.ppl Script: Quarantine, Delete, Delete via BC	1886781440	DTREG	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=797B68FBF17FAC2EE57C157232354ACA 71.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\DumpWriter.dll Script: Quarantine, Delete, Delete via BC	1921908736	Kaspersky Dump Writer DLL	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=45A916A97A898D9BA9F5F30658CB33EF 304.95 kb, rsAh, created: 28.06.2016 01:48:02, modified: 28.06.2016 01:48:02	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ekasyswatch.dll Script: Quarantine, Delete, Delete via BC	1786314752	System Watcher EKA Task	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=D5B2B308267C645863204F286209D6EE 117.95 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FileCategorizer.dll Script: Quarantine, Delete, Delete via BC	1853620224	File Categorizer	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=824EE1361CC2D6706A23617D1A988E97 305.45 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\fsdrvplg.ppl Script: Quarantine, Delete, Delete via BC	1921384448	Plugin for FSDrv	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=CB843952E1FC6965D608CDBC06BCB142 39.95 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\fssync.dll Script: Quarantine, Delete, Delete via BC	1916207104		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=BE34149FB013FCA19318A8FEB67FF5E8 143.95 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\hashmd5.ppl Script: Quarantine, Delete, Delete via BC	1805910016	HASHMD5	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=F3A8A5B3CC9B2A6ED0B1F12A64C05398 26.95 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\hips.ppl Script: Quarantine, Delete, Delete via BC	1847394304	Application Control HIPS	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=3CC083257CCBAC3A5DA661E2DAFE020A 1093.64 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icudt40.dll Script: Quarantine, Delete, Delete via BC	256311296	ICU Data DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	MD5=B94A753E5F2ED54DD34DDC76F42EA532 2899.52 kb, rsAh, created: 28.06.2016 01:50:52, modified: 28.06.2016 01:50:52	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icuin40.dll Script: Quarantine, Delete, Delete via BC	1836187648	IBM ICU I18N DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	MD5=F2D90F823A91D4E4BC2C07A6AA6E1E77 1048.02 kb, rsAh, created: 28.06.2016 01:50:48, modified: 28.06.2016 01:50:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icuio40.dll Script: Quarantine, Delete, Delete via BC	1837301760	IBM ICU I/O DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	MD5=82B77E33D5173E97D923CDCBC439FF28 50.52 kb, rsAh, created: 28.06.2016 01:50:46, modified: 28.06.2016 01:50:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\icuuc40.dll Script: Quarantine, Delete, Delete via BC	1842610176	IBM ICU Common DLL	Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved.	MD5=88361D785CAC3BAAE192703E3754D03A 947.02 kb, rsAh, created: 28.06.2016 01:50:42, modified: 28.06.2016 01:50:42	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\installation_assistant.dll Script: Quarantine, Delete, Delete via BC	1766719488	Installation assistant	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=1505AB59EE13F539A01AFD0A5100E8BB 259.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\instrumental_meta.DLL Script: Quarantine, Delete, Delete via BC	1648427008	Instrumental Meta Library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=90084FC1F40D78F7E6CCE6FE87D1C084 105.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\instrumental_services.dll Script: Quarantine, Delete, Delete via BC	1916600320	Instrumental services	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=24337596076711FA682D9B09DB85863F 2850.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\integrity_control.dll Script: Quarantine, Delete, Delete via BC	1811873792	Application Integrity Control	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=148D6F98E9E1EAF841EDFB254F33E651 99.45 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KasperskyLab.Kis.UI.Loader.dll Script: Quarantine, Delete, Delete via BC	1780350976	Loader	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=8EFD22FBCF5EEFAE0757E8A07D0B0EF0 577.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\KasperskyLab.Platform.NativeInterop.dll Script: Quarantine, Delete, Delete via BC	1668939776	Native interop assembly	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=8D6A04C65C3D6B2C2435985A06E46549 6523.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kl_service.dll Script: Quarantine, Delete, Delete via BC	1806958592	Component service provider	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=D4FF6AE1C7FED7E6B7B14B8E309BF4F9 667.95 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	7660, 3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll Script: Quarantine, Delete, Delete via BC	1837367296			MD5=91603B1DCBFA4F442B53C87300E13AB4 844.95 kb, rsAh, created: 28.06.2016 00:19:46, modified: 28.06.2016 00:19:46	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ksn_facade.dll Script: Quarantine, Delete, Delete via BC	1855193088	Facade for KSN PDK	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=0A8A67B428B54F09FCFE2B2B57E4CA17 1347.46 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\licensing_product_facade.dll Script: Quarantine, Delete, Delete via BC	1794703360	Licensing PDK facade	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=0DA78554A450D3F26C66612C83BD7B1C 1282.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\localization_manager.dll Script: Quarantine, Delete, Delete via BC	1858863104	Localization Manager	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=503E441C06541ADEEE3F77A575EB6E72 529.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\msoe.ppl Script: Quarantine, Delete, Delete via BC	1851457536	MSOE	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B8D35127B16496A566BD033E480FFFCD 108.52 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ndetect.ppl Script: Quarantine, Delete, Delete via BC	1884094464	Nertwork Detection	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=F6F5B32D0808D7B7DC30D6CE30FBB0E2 57.46 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\netwatch.ppl Script: Quarantine, Delete, Delete via BC	1806761984	Network Watcher	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=1531CABD322FD581495998750481A396 160.95 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\nfio.ppl Script: Quarantine, Delete, Delete via BC	1921449984	NFIO	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B06F090CB632925BB2ED424C27DF1594 149.46 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\oas.ppl Script: Quarantine, Delete, Delete via BC	1850605568		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=40BF419027268A538AF7CEFF4108EFAF 346.45 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\params.ppl Script: Quarantine, Delete, Delete via BC	1904214016	Structure Serializer	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=93860B9EB93BE36D5F1931F956A40A23 1391.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660, 3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\plugins_facade.dll Script: Quarantine, Delete, Delete via BC	1849491456	Kaspersky Anti-Virus Plugins PDK facade	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=EA6FA3FEE0753E5578DA45BD1DBE3B31 876.95 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\plugins_meta.dll Script: Quarantine, Delete, Delete via BC	1891631104	Kaspersky plugins pdk meta	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=D78F94AC95BB8C877452C670E7134A6B 216.45 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prcore.dll Script: Quarantine, Delete, Delete via BC	1907818496	Prague Core	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=245FEF3E4016EF7E18F82CF0329DC540 329.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660, 3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\processmonitor.dll Script: Quarantine, Delete, Delete via BC	1854144512	Process Monitor	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=C411DE999F0B1BFC549E31B57558197E 617.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_info.dll Script: Quarantine, Delete, Delete via BC	1928003584	Kaspersky Product Info library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=41EF67375937A8FD7793C0314E320A9D 202.62 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660, 3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\product_metainfo.dll Script: Quarantine, Delete, Delete via BC	1894252544	Product Metainformation	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=6541324477510AED23EC2B7E8FB03D77 2368.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660, 3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\propmap.ppl Script: Quarantine, Delete, Delete via BC	1889599488	PROPMAP	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=D37DDC1C27C0EEC0E9E500D7008E02D9 86.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\prremote.DLL Script: Quarantine, Delete, Delete via BC	1908867072	PR_REMOTE	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=8AEC2240F4FAA92CA12F2DCC8ABCD8B2 348.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660, 3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\pxstub.ppl Script: Quarantine, Delete, Delete via BC	1919549440	Proxy Stubs	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=EC17C566F088A9C44C4AA9051C482004 42.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660, 3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\qb.ppl Script: Quarantine, Delete, Delete via BC	1858797568		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=9744253F3D1544B76A83AB0442CA46F0 64.45 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\regmap.ppl Script: Quarantine, Delete, Delete via BC	1870725120	REGISTRY_MAPPER	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=56A379C81E560A3936B3DCAF7252B339 28.02 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\remote_eka_prague_loader.dll Script: Quarantine, Delete, Delete via BC	1936785408	Helper Library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=78999CBA9AB96123EF27D16F70056794 199.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\report.ppl Script: Quarantine, Delete, Delete via BC	1854799872	Report System	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=51C89FD297C916CF684741A9747D1954 38.02 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\reportdb.ppl Script: Quarantine, Delete, Delete via BC	1854996480	Report DB System	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=7C51463A22BB94C5DBFF7E88C538044C 163.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\safe_banking.dll Script: Quarantine, Delete, Delete via BC	1796276224	Safe Banking	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=DC36B937A621DB86954C64167C126362 1548.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\sax_xml_parser.dll Script: Quarantine, Delete, Delete via BC	1853423616	SAX XML Parser	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=C5BA024BB9F4E372C15ECB5BA62F025D 160.95 kb, rsAh, created: 28.06.2016 00:19:38, modified: 28.06.2016 00:19:38	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\schedule.ppl Script: Quarantine, Delete, Delete via BC	1854930944	Scheduler	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B8C44E0E00D241A8AD6B08C01099626D 51.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\storage.dll Script: Quarantine, Delete, Delete via BC	1870397440	Storage library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=233DFE39942E7E68EE80E4FC9484AEED 279.45 kb, rsAh, created: 28.06.2016 00:19:44, modified: 28.06.2016 00:19:44	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\sw_meta.dll Script: Quarantine, Delete, Delete via BC	1892614144	System Watcher Meta Information	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=7C516156D1E95B53692B2453ABBE1125 142.45 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\swpragueplugin.dll Script: Quarantine, Delete, Delete via BC	1777926144	System Watcher PRAGUE proxy	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=5074A8DEEA39FB50DD34F2F726A1468A 86.95 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\system_interceptors.dll Script: Quarantine, Delete, Delete via BC	1865940992		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=368AA6C24DDE39BFFDB780A56472B7F1 1732.13 kb, rsAh, created: 29.03.2017 12:11:48, modified: 15.05.2017 17:12:44	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\system_interceptors_meta.dll Script: Quarantine, Delete, Delete via BC	1891368960		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=2C3EB829545FE1874D7D14111EA9DFD6 97.63 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\thpimpl.ppl Script: Quarantine, Delete, Delete via BC	1889796096	Thread Pool	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=CA5717481BAB3AA498601C9F661E6A8A 46.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\threats_disinfection.dll Script: Quarantine, Delete, Delete via BC	1859846144		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B11021EE599AC089125044E56BDCBF03 505.95 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\timer.ppl Script: Quarantine, Delete, Delete via BC	1854865408	Timer	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=A97242D28AE6A1E58BE47790A397DC92 28.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\tm.ppl Script: Quarantine, Delete, Delete via BC	1888944128		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=0F23E15632C06AA7381226B79C30B43E 292.91 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\traffic_processing.dll Script: Quarantine, Delete, Delete via BC	1856634880	Traffic Processing PDK	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=0091DBAA7A65E43EECC9B3729C021879 2079.13 kb, rsAh, created: 29.03.2017 12:11:48, modified: 15.05.2017 17:12:45	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\traffic_processing_external.dll Script: Quarantine, Delete, Delete via BC	1839529984	Traffic Processing External Protocollers DLL	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=9E5D2569250BC5BC12BDAF42E758CC4E 521.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ucp_agent.dll Script: Quarantine, Delete, Delete via BC	1790181376	UCP agent service	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=28F64DA5C012D0A537A2D231F20E1C32 1635.35 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\uninstallation_assistant.dll Script: Quarantine, Delete, Delete via BC	1786445824	Uninstallation assistant	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=87108BAD1371E114DF46193D403E09E1 697.45 kb, rsAh, created: 28.06.2016 01:51:58, modified: 28.06.2016 01:51:58	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\updater_facade.dll Script: Quarantine, Delete, Delete via BC	1791885312	Updater library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=ED30055B216B7A2857A091A6FF41AB94 1808.95 kb, rsAh, created: 28.06.2016 00:19:44, modified: 28.06.2016 00:19:44	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\ushata.dll Script: Quarantine, Delete, Delete via BC	1928790016	Ushata module	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=348BBEA1D2BEC8545EA94D4843B21987 168.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\vkbd.dll Script: Quarantine, Delete, Delete via BC	1563885568	Virtual Keyboard	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=AC6A5C25CDE65CDF226B0067F32F6869 267.95 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\volenum.ppl Script: Quarantine, Delete, Delete via BC	1850540032	Volume enumeration	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=39B23843FDA32B66F4F65E223A3C163F 34.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\wdiskio.ppl Script: Quarantine, Delete, Delete via BC	1813053440	WDiskIO	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=A041F36A6D4F24D3E1DAA1C20C26ECDF 48.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\winevent_interceptor_controller.dll Script: Quarantine, Delete, Delete via BC	1796145152	WinEvent Interceptor Controller	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=C5C8CEB789FA5D81F149B69A158BA287 79.45 kb, rsAh, created: 28.06.2016 00:19:40, modified: 28.06.2016 00:19:40	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\winreg.ppl Script: Quarantine, Delete, Delete via BC	1921318912	WINREG	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=CD51FE428282DB6D916AAC46EF3A40CE 44.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	2308, 7660
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\wmihlpr.ppl Script: Quarantine, Delete, Delete via BC	1870790656	wmi helper	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=58419702924C68EE2D11C2C0C5E2187D 144.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	2308
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\app_core_legacy.dll Script: Quarantine, Delete, Delete via BC	1651703808		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=2E0A86BA6C2FEF58A04446D0E8805F92 899.35 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpmain.dll Script: Quarantine, Delete, Delete via BC	1658978304	Kaspersky Anti-Virus	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=20F94B39C6FDDDE805E3D42DD1F217D3 841.31 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\avpservice.dll Script: Quarantine, Delete, Delete via BC	1899298816	Kaspersky Anti-Virus Service library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=F0546AC68BA65F3C73F319C256CD5C72 83.36 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\bl_ksde.ppl Script: Quarantine, Delete, Delete via BC	1646002176	KL Product Business Logic	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=339447769F57C7042337652251B5EA91 2177.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 15.05.2017 17:33:38	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\cbi.dll Script: Quarantine, Delete, Delete via BC	1645543424	KAV CBI DLL	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=32DD6FFE22DA6FAE8C3D52C56FF27FE2 43.21 kb, rsAh, created: 29.03.2017 12:13:46, modified: 29.03.2017 12:13:46	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\crypto_ssl.dll Script: Quarantine, Delete, Delete via BC	1641807872	OpenSSL Shared Library	Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.	MD5=CB8C2AA16B277AD0B932D65A311EFCB3 1604.98 kb, rsAh, created: 15.05.2017 17:11:25, modified: 15.05.2017 17:33:38	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\dblite.dll Script: Quarantine, Delete, Delete via BC	1655111680	dblite	Copyright (C) 2010	MD5=57579FB647D45F6287D2C78BF3CE7A23 544.45 kb, rsAh, created: 28.06.2016 01:50:04, modified: 28.06.2016 01:50:04	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\dtreg.ppl Script: Quarantine, Delete, Delete via BC	1648295936	DTREG	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=797B68FBF17FAC2EE57C157232354ACA 71.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\DumpWriter.dll Script: Quarantine, Delete, Delete via BC	1658650624	Kaspersky Dump Writer DLL	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=45A916A97A898D9BA9F5F30658CB33EF 304.95 kb, rsAh, created: 28.06.2016 01:48:02, modified: 28.06.2016 01:48:02	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\instrumental_services.dll Script: Quarantine, Delete, Delete via BC	1655701504	Instrumental services	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=24337596076711FA682D9B09DB85863F 2850.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.NativeInterop.dll Script: Quarantine, Delete, Delete via BC	1758461952			MD5=47673771F6F3D52D13321193F0A7D1AA 1327.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\KasperskyLab.Ksde.UI.Loader.dll Script: Quarantine, Delete, Delete via BC	1850998784	Loader	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=052A1D0D82B1BC749D4D6D2E565B397A 132.52 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\kl_service.DLL Script: Quarantine, Delete, Delete via BC	1634533376	Component service provider	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=D4FF6AE1C7FED7E6B7B14B8E309BF4F9 667.95 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeuimain.dll Script: Quarantine, Delete, Delete via BC	1635254272	Kaspersky Secure Connection	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=E0BA64172DBCC6F3B35D0CBEF9E7F2C0 1177.68 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksn_facade.dll Script: Quarantine, Delete, Delete via BC	1640300544	Facade for KSN PDK	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=0A8A67B428B54F09FCFE2B2B57E4CA17 1347.46 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ndetect.ppl Script: Quarantine, Delete, Delete via BC	1641742336	Nertwork Detection	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=F6F5B32D0808D7B7DC30D6CE30FBB0E2 57.46 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\nfio.ppl Script: Quarantine, Delete, Delete via BC	1654128640	NFIO	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B06F090CB632925BB2ED424C27DF1594 149.46 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\params.ppl Script: Quarantine, Delete, Delete via BC	1652621312	Structure Serializer	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=93860B9EB93BE36D5F1931F956A40A23 1391.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\prcore.dll Script: Quarantine, Delete, Delete via BC	1654325248	Prague Core	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=245FEF3E4016EF7E18F82CF0329DC540 329.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_info.dll Script: Quarantine, Delete, Delete via BC	1661075456	Kaspersky Product Info library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B3E72EE73BA5438CB2C72F1BE34EC561 224.91 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\product_metainfo.dll Script: Quarantine, Delete, Delete via BC	1649082368	Product Metainformation	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=6541324477510AED23EC2B7E8FB03D77 2368.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\propmap.ppl Script: Quarantine, Delete, Delete via BC	1648885760	PROPMAP	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=D37DDC1C27C0EEC0E9E500D7008E02D9 86.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\prremote.DLL Script: Quarantine, Delete, Delete via BC	1654718464	PR_REMOTE	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=8AEC2240F4FAA92CA12F2DCC8ABCD8B2 348.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\pxstub.ppl Script: Quarantine, Delete, Delete via BC	1654063104	Proxy Stubs	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=EC17C566F088A9C44C4AA9051C482004 42.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\regmap.ppl Script: Quarantine, Delete, Delete via BC	1645936640	REGISTRY_MAPPER	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=56A379C81E560A3936B3DCAF7252B339 28.02 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\reportdb.ppl Script: Quarantine, Delete, Delete via BC	1645346816	Report DB System	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=7C51463A22BB94C5DBFF7E88C538044C 163.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\schedule.ppl Script: Quarantine, Delete, Delete via BC	1645281280	Scheduler	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=B8C44E0E00D241A8AD6B08C01099626D 51.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\storage.dll Script: Quarantine, Delete, Delete via BC	1645608960	Storage library	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=233DFE39942E7E68EE80E4FC9484AEED 279.45 kb, rsAh, created: 28.06.2016 00:19:44, modified: 28.06.2016 00:19:44	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\thpimpl.ppl Script: Quarantine, Delete, Delete via BC	1649016832	Thread Pool	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=CA5717481BAB3AA498601C9F661E6A8A 46.96 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\timer.ppl Script: Quarantine, Delete, Delete via BC	1645215744	Timer	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=A97242D28AE6A1E58BE47790A397DC92 28.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\tm.ppl Script: Quarantine, Delete, Delete via BC	1648558080		© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=0F23E15632C06AA7381226B79C30B43E 292.91 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ucp_agent.dll Script: Quarantine, Delete, Delete via BC	1643511808	UCP agent service	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=28F64DA5C012D0A537A2D231F20E1C32 1635.35 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ushata.dll Script: Quarantine, Delete, Delete via BC	1936326656	Ushata module	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=348BBEA1D2BEC8545EA94D4843B21987 168.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48	3304, 5288
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\winreg.ppl Script: Quarantine, Delete, Delete via BC	1756823552	WINREG	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=CD51FE428282DB6D916AAC46EF3A40CE 44.45 kb, rsAh, created: 28.06.2016 00:19:56, modified: 28.06.2016 00:19:56	3304, 5288
C:\Program Files (x86)\POP Peeper\Imap.dll Script: Quarantine, Delete, Delete via BC	268435456	POP Peeper IMAP Plugin	Copyright (C) 2006-2016 Esumsoft	MD5=2BEB3A0ACB7562842BE0386C69F62EAE 241.70 kb, rsAh, created: 23.10.2016 17:05:14, modified: 23.10.2016 17:05:14	4388
C:\Program Files (x86)\POP Peeper\Plugins\ProfilePicture.dll Script: Quarantine, Delete, Delete via BC	1554710528	POP Peeper Profile Picture Plugin	Copyright (C) 2015-2016 Esumsoft	MD5=6D86AE76D9E921F998FA23DECEB9F4BC 487.20 kb, rsAh, created: 23.10.2016 17:04:42, modified: 23.10.2016 17:04:42	4388
C:\Program Files (x86)\POP Peeper\SendMail.dll Script: Quarantine, Delete, Delete via BC	28180480	POP Peeper SendMail Plugin	Copyright (C) 2006-2016 Esumsoft	MD5=9400C3F95C88FA613B8F855BDA53860E 891.70 kb, rsAh, created: 23.10.2016 17:05:08, modified: 23.10.2016 17:05:08	4388
C:\Program Files (x86)\POP Peeper\sqlite3.dll Script: Quarantine, Delete, Delete via BC	1554317312			MD5=FBBC9F0803C3E477D816133608248408 346.58 kb, rsAh, created: 06.07.2014 22:19:36, modified: 06.07.2014 22:19:36	4388
C:\Program Files (x86)\POP Peeper\zip.dll Script: Quarantine, Delete, Delete via BC	1555234816			MD5=5278CD0CDB512CCCFA076226CEA345E0 139.08 kb, rsAh, created: 28.08.2014 16:23:58, modified: 28.08.2014 16:23:58	4388
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\Cache\apuhttps.dll.ee3a2911a89cfca2b0ed923d16905d83 Script: Quarantine, Delete, Delete via BC	1754595328	Content Filtering Suspicious Domain Analyzer Engine	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=EE3A2911A89CFCA2B0ED923D16905D83 547.91 kb, rsAh, created: 15.05.2017 17:12:44, modified: 15.05.2017 17:12:44	2308
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\Cache\avengine.dll.8c5674dfc3aeb36eca46c32ef3dabf3f Script: Quarantine, Delete, Delete via BC	1852506112	AV engine component	© 2017 AO Kaspersky Lab. All Rights Reserved.	MD5=8C5674DFC3AEB36ECA46C32EF3DABF3F 857.09 kb, rsAh, created: 15.05.2017 17:11:50, modified: 15.05.2017 17:11:50	2308
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\Cache\kavbase.kdl.ce087e839e26d441438632fe25f4dbb4 Script: Quarantine, Delete, Delete via BC	1848508416	AV engine	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=CE087E839E26D441438632FE25F4DBB4 700.82 kb, rsAh, created: 15.05.2017 17:11:50, modified: 15.05.2017 17:11:50	2308
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\Cache\uds.dll.000000000006d768-01d2cdbfbb75c587-01d2ca4f381fc900 Script: Quarantine, Delete, Delete via BC	1842151424	Urgent Detection System	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=AF02D2AB29AD41FEF8ECB1B9B214A4EB 437.85 kb, rsAh, created: 15.05.2017 17:11:49, modified: 15.05.2017 17:11:50	2308
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\Cache\vlns.kdl.db182bcb4448fbc74e68b313838a64b4 Script: Quarantine, Delete, Delete via BC	1779236864	Vulnerability scanner	© 2016 AO Kaspersky Lab. All Rights Reserved.	MD5=DB182BCB4448FBC74E68B313838A64B4 191.82 kb, rsAh, created: 15.05.2017 17:12:43, modified: 15.05.2017 17:12:43	2308
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\Cache\wlengine.dll.000000000006e880-01d2cdbfbb9e415c-01d2ca4f381fc900 Script: Quarantine, Delete, Delete via BC	1840054272	White list engine	© 2017 AO Kaspersky Lab. All Rights Reserved.	MD5=C4332772988B3F86524A925790738B64 442.13 kb, rsAh, created: 15.05.2017 17:12:36, modified: 15.05.2017 17:12:36	2308
C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncShell.dll Script: Quarantine, Delete, Delete via BC	1748762624	Microsoft OneDrive Shell Extension	© Microsoft Corporation. All rights reserved.	MD5=22B2E9F4137FE00B618B9D57136D1ED3 2044.63 kb, rsAh, created: 11.04.2017 09:24:35, modified: 11.04.2017 09:24:35	9260
C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\LoggingPlatform.DLL Script: Quarantine, Delete, Delete via BC	1756692480	Logging Platform	© Microsoft Corporation. All rights reserved.	MD5=68E44D5FE87F61FA6D2A0A85385EC29A 96.12 kb, rsAh, created: 11.04.2017 09:24:37, modified: 11.04.2017 09:24:37	9260
C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\MSVCP120.dll Script: Quarantine, Delete, Delete via BC	1748238336	Microsoft® C Runtime Library	© Microsoft Corporation. All rights reserved.	MD5=B6C1C378A78262A78D72F2F5B156E73E 444.13 kb, rsAh, created: 11.04.2017 09:24:37, modified: 11.04.2017 09:24:37	9260
C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\MSVCR120.dll Script: Quarantine, Delete, Delete via BC	1747255296	Microsoft® C Runtime Library	© Microsoft Corporation. All rights reserved.	MD5=ADAC6DB8C3EB1F8A60039B596497974F 947.62 kb, rsAh, created: 11.04.2017 09:24:37, modified: 11.04.2017 09:24:37	9260
C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\Telemetry.dll Script: Quarantine, Delete, Delete via BC	1746927616	Telemetry Library	© Microsoft Corporation. All rights reserved.	MD5=76896B8275D164E428ADB4CE1B09088B 310.63 kb, rsAh, created: 11.04.2017 09:24:56, modified: 11.04.2017 09:25:00	9260
C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll Script: Quarantine, Delete, Delete via BC	33292288	MyService	Copyright © 2014	MD5=0FA8501FD25DD598F9F47E8674CB2C09 14.71 kb, rsAh, created: 11.04.2017 08:52:14, modified: 11.04.2017 08:52:14	11120
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e4dd7588a2ee2a2525fd997ab32777d3\mscorlib.ni.dll Script: Quarantine, Delete, Delete via BC	1616379904	Microsoft Common Language Runtime Class Library	© Microsoft Corporation. All rights reserved.	MD5=D9459CA88A8803B6F800356A93A3F113 11231.00 kb, rsAh, created: 11.04.2017 09:43:24, modified: 11.04.2017 09:43:24	11120
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\4d801f572be8725e20b3adaf8ddfc496\System.Drawing.ni.dll Script: Quarantine, Delete, Delete via BC	1600913408	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=7DD833048E1DA9BC30DFA3A0A3BD340F 1556.00 kb, rsAh, created: 11.04.2017 09:44:02, modified: 11.04.2017 09:44:02	11120
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\221c33a7843111817f4301d0b0a065c1\System.Windows.Forms.ni.dll Script: Quarantine, Delete, Delete via BC	1588461568	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=7289482464C117A1186E5D65F261F9C4 12147.00 kb, rsAh, created: 11.04.2017 09:44:08, modified: 11.04.2017 09:44:08	11120
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\8c98687edea39fdc935a23fd501920f5\System.ni.dll Script: Quarantine, Delete, Delete via BC	1602551808	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=5D83EA93C966D0BA1E66BBCF98E82F9A 7814.50 kb, rsAh, created: 11.04.2017 09:43:28, modified: 11.04.2017 09:43:28	11120
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\32e0e41519922a216f6d8ca9cbfc4d9b\System.Configuration.ni.dll Script: Quarantine, Delete, Delete via BC	1694892032	System.Configuration.dll	© Microsoft Corporation. All rights reserved.	MD5=486D178B53575874444B67678694317E 994.73 kb, rsAh, created: 18.03.2017 16:12:21, modified: 04.03.2017 00:11:13	9484
C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\dbe59c8ba58a2b4221504038249fa853\System.Xml.ni.dll Script: Quarantine, Delete, Delete via BC	1491927040	.NET Framework	© Microsoft Corporation. All rights reserved.	MD5=EBA64D090620ED36BE660BCC2932426C 7422.66 kb, rsAh, created: 18.03.2017 16:12:22, modified: 04.03.2017 00:11:14	9484
Modules found:492, recognized as trusted 265

Kernel Space Modules Viewer

Module	Base address	Size in memory	Description	Manufacturer
C:\WINDOWS\System32\Drivers\dump_diskdump.sys error getting file info Script: Quarantine, Delete, Delete via BC	32EB0000	00F000 (61440)
C:\WINDOWS\System32\Drivers\dump_dumpfve.sys error getting file info Script: Quarantine, Delete, Delete via BC	32F40000	01D000 (118784)
C:\WINDOWS\System32\Drivers\dump_storahci.sys error getting file info Script: Quarantine, Delete, Delete via BC	32EF0000	027000 (159744)
C:\WINDOWS\system32\drivers\eubakup.sys error getting file info Script: Quarantine, Delete, Delete via BC	2ECB0000	013000 (77824)	Disk Backup Driver	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.
C:\WINDOWS\system32\drivers\EUBKMON.sys error getting file info Script: Quarantine, Delete, Delete via BC	2ECA0000	010000 (65536)
C:\WINDOWS\system32\drivers\eudskacs.sys error getting file info Script: Quarantine, Delete, Delete via BC	2E1E0000	009000 (36864)	Disk Access Driver	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.
C:\WINDOWS\system32\drivers\EuFdDisk.sys error getting file info Script: Quarantine, Delete, Delete via BC	2E1A0000	032000 (204800)	Disk Backup Image Preview Driver	Copyright (C) 2005-2011 CHENGDU YIWO Tech Development Co., Ltd. All rights reserved.
C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys 167.30 kb, rsAh, created: 15.05.2017 17:12:41, modified: 15.05.2017 17:12:41 Script: Quarantine, Delete, Delete via BC	2E160000	02C000 (180224)	IDS Engine [fre_wnet_x64]	© 2016 AO Kaspersky Lab. All Rights Reserved.
C:\WINDOWS\system32\DRIVERS\klif.sys error getting file info Script: Quarantine, Delete, Delete via BC	2D9D0000	0FE000 (1040384)	Core System Interceptors [fre_win8_x64]	© 2016 AO Kaspersky Lab. All Rights Reserved.
C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys error getting file info Script: Quarantine, Delete, Delete via BC	2C890000	039000 (233472)	Kaspersky Lab Anti-Rootkit Monitor	© 2017 AO Kaspersky Lab. All Rights Reserved.
C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys error getting file info Script: Quarantine, Delete, Delete via BC	32C00000	017000 (94208)	Kernel heuristics engine	© 2017 AO Kaspersky Lab. All Rights Reserved.
C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys error getting file info Script: Quarantine, Delete, Delete via BC	32C50000	03E000 (253952)	Kaspersky Lab Anti-Rootkit	© 2017 AO Kaspersky Lab. All Rights Reserved.
C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys error getting file info Script: Quarantine, Delete, Delete via BC	2D500000	01C000 (114688)	Kaspersky Lab Boot Guard Driver	© 2017 AO Kaspersky Lab. All Rights Reserved.
C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys error getting file info Script: Quarantine, Delete, Delete via BC	32C20000	02B000 (176128)	Kaspersky Lab Anti-Rootkit Engine	© 2017 AO Kaspersky Lab. All Rights Reserved.
C:\WINDOWS\system32\DRIVERS\kneps.sys error getting file info Script: Quarantine, Delete, Delete via BC	2E130000	02D000 (184320)	Network Processor [fre_wnet_x64]	© 2016 AO Kaspersky Lab. All Rights Reserved.
Modules found - 201, recognized as trusted - 186

Services

Service	Description	Status	File	Group	Dependencies
AGSService Service: Stop, Delete, Disable, Delete via BC	Adobe Genuine Software Integrity Service	Running	C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe 2175.11 kb, rsAh, created: 20.08.2015 18:04:56, modified: 27.02.2017 10:55:02 Script: Quarantine, Delete, Delete via BC
AVP17.0.0 Service: Stop, Delete, Disable, Delete via BC	Kaspersky Anti-Virus Service 17.0.0	Running	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC
AvrcpService Service: Stop, Delete, Disable, Delete via BC	AvrcpService	Running	C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe 40.21 kb, rsAh, created: 05.10.2015 18:23:34, modified: 02.03.2015 22:26:38 Script: Quarantine, Delete, Delete via BC
BTDevManager Service: Stop, Delete, Disable, Delete via BC	BTDevManager	Running	C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe 115.21 kb, rsAh, created: 05.10.2015 18:23:34, modified: 02.06.2015 13:25:48 Script: Quarantine, Delete, Delete via BC
DbxSvc Service: Stop, Delete, Disable, Delete via BC	DbxSvc	Running	C:\WINDOWS\system32\DbxSvc.exe 47.80 kb, rsAh, created: 16.05.2017 17:01:28, modified: 16.05.2017 17:01:28 Script: Quarantine, Delete, Delete via BC
EaseUS Agent Service: Stop, Delete, Disable, Delete via BC	Service Agent EaseUS	Running	C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe 38.69 kb, rsAh, created: 16.03.2017 08:08:13, modified: 06.12.2016 02:46:06 Script: Quarantine, Delete, Delete via BC
KSDE1.0.0 Service: Stop, Delete, Disable, Delete via BC	Kaspersky Secure Connection Service 1.0.0	Running	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC
WDDriveService Service: Stop, Delete, Disable, Delete via BC	WD Drive Manager	Running	C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe 300.87 kb, RsAh, created: 14.01.2016 11:27:44, modified: 14.01.2016 11:27:44 Script: Quarantine, Delete, Delete via BC		RPCSS
AdobeFlashPlayerUpdateSvc Service: Stop, Delete, Disable, Delete via BC	Adobe Flash Player Update Service	Not started	C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 265.49 kb, rsAh, created: 22.01.2016 17:50:06, modified: 15.05.2017 14:26:20 Script: Quarantine, Delete, Delete via BC
amdacpusrsvc Service: Stop, Delete, Disable, Delete via BC	ACP User Service	Not started	C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe 119.00 kb, rsAh, created: 09.06.2015 00:17:56, modified: 09.06.2015 00:17:56 Script: Quarantine, Delete, Delete via BC
FoxitReaderService Service: Stop, Delete, Disable, Delete via BC	Foxit Reader Service	Not started	C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe 1620.70 kb, rsAh, created: 17.04.2017 06:20:00, modified: 24.02.2017 19:03:42 Script: Quarantine, Delete, Delete via BC
Garmin Device Interaction Service Service: Stop, Delete, Disable, Delete via BC	Garmin Device Interaction Service	Not started	C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe 1073.52 kb, rsAh, created: 28.03.2017 15:34:38, modified: 28.03.2017 15:34:38 Script: Quarantine, Delete, Delete via BC
klvssbrigde64 Service: Stop, Delete, Disable, Delete via BC	klvssbrigde64	Not started	C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe 75.52 kb, rsAh, created: 28.06.2016 01:53:14, modified: 28.06.2016 01:53:14 Script: Quarantine, Delete, Delete via BC		RPCSS
MozillaMaintenance Service: Stop, Delete, Disable, Delete via BC	Mozilla Maintenance Service	Not started	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 169.45 kb, rsAh, created: 18.12.2015 22:13:32, modified: 15.05.2017 16:31:37 Script: Quarantine, Delete, Delete via BC
ose Service: Stop, Delete, Disable, Delete via BC	Office Source Engine	Not started	C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 207.20 kb, rsAh, created: 28.02.2016 06:24:44, modified: 28.02.2016 06:24:44 Script: Quarantine, Delete, Delete via BC
Detected - 245, recognized as trusted - 230

Drivers

Service	Description	Status	File	Group	Dependencies
EUBAKUP Driver: Unload, Delete, Disable, Delete via BC	EUBAKUP	Running	C:\WINDOWS\system32\drivers\eubakup.sys 63.66 kb, rsAh, created: 03.03.2016 18:13:56, modified: 28.11.2016 14:13:56 Script: Quarantine, Delete, Delete via BC
EUBKMON Driver: Unload, Delete, Disable, Delete via BC	EUBKMON	Running	C:\WINDOWS\system32\drivers\EUBKMON.sys 51.16 kb, rsAh, created: 03.03.2016 18:13:56, modified: 28.11.2016 14:13:58 Script: Quarantine, Delete, Delete via BC
EUDSKACS Driver: Unload, Delete, Disable, Delete via BC	EUDSKACS	Running	C:\WINDOWS\system32\drivers\eudskacs.sys 22.16 kb, rsAh, created: 03.03.2016 18:13:57, modified: 28.11.2016 14:13:56 Script: Quarantine, Delete, Delete via BC
EUFDDISK Driver: Unload, Delete, Disable, Delete via BC	EUFDDISK	Running	C:\WINDOWS\system32\drivers\EuFdDisk.sys 192.16 kb, rsAh, created: 03.03.2016 18:13:57, modified: 28.11.2016 14:13:56 Script: Quarantine, Delete, Delete via BC
klids Driver: Unload, Delete, Disable, Delete via BC	klids	Running	C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys 167.30 kb, rsAh, created: 15.05.2017 17:12:41, modified: 15.05.2017 17:12:41 Script: Quarantine, Delete, Delete via BC
KLIF Driver: Unload, Delete, Disable, Delete via BC	Kaspersky Lab Driver	Running	C:\WINDOWS\system32\DRIVERS\klif.sys 994.72 kb, rsAh, created: 15.05.2017 17:10:30, modified: 15.05.2017 17:13:08 Script: Quarantine, Delete, Delete via BC	FSFilter Activity Monitor	FltMgr
klupd_klif_arkmon Driver: Unload, Delete, Disable, Delete via BC	klupd_klif_arkmon	Running	C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys 223.91 kb, rsAh, created: 15.05.2017 17:12:10, modified: 15.05.2017 17:12:10 Script: Quarantine, Delete, Delete via BC	Boot Bus Extender
klupd_klif_kimul Driver: Unload, Delete, Disable, Delete via BC	klupd_klif_kimul	Running	C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys 85.53 kb, rsAh, created: 15.05.2017 17:12:08, modified: 15.05.2017 17:12:08 Script: Quarantine, Delete, Delete via BC
klupd_klif_klark Driver: Unload, Delete, Disable, Delete via BC	klupd_klif_klark	Running	C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys 245.77 kb, rsAh, created: 15.05.2017 17:14:50, modified: 15.05.2017 17:14:50 Script: Quarantine, Delete, Delete via BC
klupd_klif_klbg Driver: Unload, Delete, Disable, Delete via BC	klupd_klif_klbg	Running	C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys 110.27 kb, rsAh, created: 15.05.2017 17:12:14, modified: 15.05.2017 17:12:14 Script: Quarantine, Delete, Delete via BC
klupd_klif_mark Driver: Unload, Delete, Disable, Delete via BC	klupd_klif_mark	Running	C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys 169.09 kb, rsAh, created: 15.05.2017 17:12:09, modified: 15.05.2017 17:12:09 Script: Quarantine, Delete, Delete via BC
kneps Driver: Unload, Delete, Disable, Delete via BC	kneps	Running	C:\WINDOWS\system32\DRIVERS\kneps.sys 194.72 kb, rsAh, created: 14.06.2016 17:47:52, modified: 15.05.2017 17:13:07 Script: Quarantine, Delete, Delete via BC
dbx Driver: Unload, Delete, Disable, Delete via BC	dbx	Not started	C:\WINDOWS\system32\DRIVERS\dbx.sys error getting file info Script: Quarantine, Delete, Delete via BC	FSFilter HSM	FltMgr
LHidFilt Driver: Unload, Delete, Disable, Delete via BC	Logitech SetPoint KMDF HID Filter Driver	Not started	C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 84.64 kb, rsAh, created: 17.06.2015 22:25:00, modified: 17.06.2015 22:25:00 Script: Quarantine, Delete, Delete via BC	Pointer Port
LMouFilt Driver: Unload, Delete, Disable, Delete via BC	Logitech SetPoint KMDF Mouse Filter Driver	Not started	C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 67.64 kb, rsAh, created: 17.06.2015 22:25:00, modified: 17.06.2015 22:25:00 Script: Quarantine, Delete, Delete via BC	Pointer Port
LUsbFilt Driver: Unload, Delete, Disable, Delete via BC	Logitech SetPoint KMDF USB Filter	Not started	C:\WINDOWS\System32\Drivers\LUsbFilt.Sys 49.64 kb, rsAh, created: 17.06.2015 22:25:00, modified: 17.06.2015 22:25:00 Script: Quarantine, Delete, Delete via BC	Extended Base
Detected - 370, recognized as trusted - 354

Autoruns

File name	Status	Startup method	Description
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 573.52 kb, rsAh, created: 15.03.2017 02:43:06, modified: 15.03.2017 02:43:06 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, SunJavaUpdateSched Delete
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 28060.99 kb, rsAh, created: 17.05.2017 16:36:18, modified: 16.05.2017 17:00:04 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Dropbox Delete
C:\Program Files\CCleaner\CCleaner64.exe 9543.21 kb, rsAh, created: 05.05.2017 13:08:22, modified: 05.05.2017 13:08:22 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, CCleaner Monitoring Delete
C:\Users\Utilisateur\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe 587.08 kb, rsAh, created: 15.05.2017 14:30:53, modified: 15.05.2017 14:30:53 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Google Update Delete
C:\Program Files (x86)\Sticky Password\stpass.exe 62.50 kb, rsAh, created: 16.05.2017 14:41:56, modified: 23.02.2017 11:49:14 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, StickyPassword Delete
C:\WINDOWS\System32\AJRouter.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AJRouter\Parameters, ServiceDll Delete
C:\WINDOWS\System32\appidsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppIDSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\appinfo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Appinfo\Parameters, ServiceDll Delete
C:\WINDOWS\system32\AppReadiness.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppReadiness\Parameters, ServiceDll Delete
C:\WINDOWS\system32\appxdeploymentserver.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AppXSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\AudioEndpointBuilder.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\Parameters, ServiceDll Delete
C:\WINDOWS\System32\Audiosrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Audiosrv\Parameters, ServiceDll Delete
C:\WINDOWS\System32\AxInstSV.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\AxInstSV\Parameters, ServiceDll Delete
C:\WINDOWS\System32\bdesvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BDESVC\Parameters, ServiceDll Delete
C:\WINDOWS\System32\bfe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BFE\Parameters, ServiceDll Delete
C:\WINDOWS\System32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BITS\Parameters, ServiceDll Delete
C:\WINDOWS\System32\bisrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BrokerInfrastructure\Parameters, ServiceDll Delete
C:\WINDOWS\System32\browser.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Browser\Parameters, ServiceDll Delete
C:\WINDOWS\System32\BthHFSrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\BthHFSrv\Parameters, ServiceDll Delete
C:\WINDOWS\system32\bthserv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\bthserv\Parameters, ServiceDll Delete
C:\WINDOWS\System32\CDPSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CDPSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\CDPUserSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CDPUserSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ClipSVC.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ClipSVC\Parameters, ServiceDll Delete
C:\WINDOWS\system32\cryptsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DcomLaunch\Parameters, ServiceDll Delete
C:\WINDOWS\System32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\defragsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\das.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceAssociationService\Parameters, ServiceDll Delete
C:\WINDOWS\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DeviceInstall\Parameters, ServiceDll Delete
C:\WINDOWS\System32\DevicesFlowBroker.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DevicesFlowUserSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\DevQueryBroker.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DevQueryBroker\Parameters, ServiceDll Delete
C:\WINDOWS\system32\diagtrack.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DiagTrack\Parameters, ServiceDll Delete
C:\WINDOWS\system32\dmwappushsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dmwappushservice\Parameters, ServiceDll Delete
C:\WINDOWS\System32\dnsrslvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Dnscache\Parameters, ServiceDll Delete
C:\WINDOWS\System32\dot3svc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\dot3svc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\dps.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DPS\Parameters, ServiceDll Delete
C:\WINDOWS\System32\DeviceSetupManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsmSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\DsSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DsSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\dusmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\DusmSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EapHost\Parameters, ServiceDll Delete
C:\WINDOWS\system32\efssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EFS\Parameters, ServiceDll Delete
C:\WINDOWS\System32\embeddedmodesvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\embeddedmode\Parameters, ServiceDll Delete
C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\EntAppSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\fdPHost.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fdPHost\Parameters, ServiceDll Delete
C:\WINDOWS\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FDResPub\Parameters, ServiceDll Delete
C:\WINDOWS\system32\fhsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\fhsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\FntCache.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FontCache\Parameters, ServiceDll Delete
C:\WINDOWS\system32\FrameServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\FrameServer\Parameters, ServiceDll Delete
C:\WINDOWS\System32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\gpsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\ListSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HomeGroupListener\Parameters, ServiceDll Delete
C:\WINDOWS\System32\hvhostsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\HvHost\Parameters, ServiceDll Delete
C:\WINDOWS\System32\tetheringservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\icssvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ikeext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IKEEXT\Parameters, ServiceDll Delete
C:\WINDOWS\System32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\IpxlatCfg.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\IpxlatCfgSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\irmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\irmon\Parameters, ServiceDll Delete
C:\WINDOWS\system32\msdtckrm.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\KtmRm\Parameters, ServiceDll Delete
C:\WINDOWS\system32\srvsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wkssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters, ServiceDll Delete
C:\WINDOWS\System32\lfsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lfsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\LicenseManagerSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LicenseManager\Parameters, ServiceDll Delete
C:\WINDOWS\System32\lltdsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lltdsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\lmhsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\lmhosts\Parameters, ServiceDll Delete
C:\WINDOWS\System32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\LSM\Parameters, ServiceDll Delete
C:\WINDOWS\System32\moshost.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MapsBroker\Parameters, ServiceDll Delete
C:\WINDOWS\System32\MessagingService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MessagingService\Parameters, ServiceDll Delete
C:\WINDOWS\system32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\MSiSCSI\Parameters, ServiceDll Delete
C:\WINDOWS\System32\NaturalAuth.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NaturalAuthentication\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ncasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcaSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ncbservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcbService\Parameters, ServiceDll Delete
C:\WINDOWS\System32\NcdAutoSetup.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NcdAutoSetup\Parameters, ServiceDll Delete
C:\WINDOWS\System32\netman.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Netman\Parameters, ServiceDll Delete
C:\WINDOWS\System32\netprofmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\netprofm\Parameters, ServiceDll Delete
C:\WINDOWS\System32\NetSetupSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NetSetupSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\NgcCtnrSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcCtnrSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\ngcsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NgcSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\nlasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\nsisvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\nsi\Parameters, ServiceDll Delete
C:\WINDOWS\System32\APHostService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\OneSyncSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2pimsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\p2psvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\p2psvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\pcasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PcaSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\PhoneService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PhoneSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\PimIndexMaintenance.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PimIndexMaintenanceSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PlugPlay\Parameters, ServiceDll Delete
C:\WINDOWS\system32\pnrpauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPAutoReg\Parameters, ServiceDll Delete
C:\WINDOWS\system32\pnrpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PNRPsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ipsecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\PolicyAgent\Parameters, ServiceDll Delete
C:\WINDOWS\system32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Power\Parameters, ServiceDll Delete
C:\WINDOWS\system32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ProfSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\rasauto.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasAuto\Parameters, ServiceDll Delete
C:\WINDOWS\System32\rasmans.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RasMan\Parameters, ServiceDll Delete
C:\WINDOWS\system32\regsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters, ServiceDll Delete
C:\WINDOWS\system32\RDXService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RetailDemo\Parameters, ServiceDll Delete
C:\WINDOWS\System32\RMapi.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RmSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\RpcEpMap.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcEptMapper\Parameters, ServiceDll Delete
C:\WINDOWS\system32\rpcss.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\RpcSs\Parameters, ServiceDll Delete
C:\WINDOWS\System32\SCardSvr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCardSvr\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ScDeviceEnum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\ScDeviceEnum\Parameters, ServiceDll Delete
C:\WINDOWS\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Schedule\Parameters, ServiceDll Delete
C:\WINDOWS\System32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SCPolicySvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\SDRSVC.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SDRSVC\Parameters, ServiceDll Delete
C:\WINDOWS\system32\seclogon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\seclogon\Parameters, ServiceDll Delete
C:\WINDOWS\system32\SEMgrSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SEMgrSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\sens.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SENS\Parameters, ServiceDll Delete
C:\WINDOWS\system32\SensorService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensorService\Parameters, ServiceDll Delete
C:\WINDOWS\system32\sensrsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SensrSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ipnathlp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters, ServiceDll Delete
C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\shpamsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\SmsRouterSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SmsRouter\Parameters, ServiceDll Delete
C:\WINDOWS\System32\ssdpsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SSDPSRV\Parameters, ServiceDll Delete
C:\WINDOWS\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\stisvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\storsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\StorSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\svsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\svsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\swprv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\swprv\Parameters, ServiceDll Delete
C:\WINDOWS\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SysMain\Parameters, ServiceDll Delete
C:\WINDOWS\System32\SystemEventsBrokerServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\SystemEventsBroker\Parameters, ServiceDll Delete
C:\WINDOWS\System32\TabSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TabletInputService\Parameters, ServiceDll Delete
C:\WINDOWS\System32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TermService\Parameters, ServiceDll Delete
C:\WINDOWS\system32\themeservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Themes\Parameters, ServiceDll Delete
C:\WINDOWS\system32\tileobjserver.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\tiledatamodelsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\TimeBrokerServer.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TimeBrokerSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\trkwks.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\TrkWks\Parameters, ServiceDll Delete
C:\WINDOWS\system32\tzautoupdate.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\tzautoupdate\Parameters, ServiceDll Delete
C:\WINDOWS\System32\umrdp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UmRdpService\Parameters, ServiceDll Delete
C:\WINDOWS\System32\userdataservice.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserDataSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\usermgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UserManager\Parameters, ServiceDll Delete
C:\WINDOWS\system32\usocore.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\UsoSvc\Parameters, ServiceDll Delete
C:\Windows\System32\vaultsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\VaultSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicguestinterface\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicheartbeat\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmickvpexchange\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvcext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicrdv\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicshutdown\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmictimesync\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvmsession\Parameters, ServiceDll Delete
C:\WINDOWS\System32\icsvcext.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\vmicvss\Parameters, ServiceDll Delete
C:\WINDOWS\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\Parameters, ServiceDll Delete
C:\WINDOWS\system32\WalletService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WalletService\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wbiosrvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WbioSrvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wcmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wcmsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wcncsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wcncsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Wecsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\wephostsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WEPHOSTSVC\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wercplsupport.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wercplsupport\Parameters, ServiceDll Delete
C:\WINDOWS\System32\WerSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WerSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wfdsconmgrsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WFDSConMgrSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wiarpc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WiaRpc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\wbem\WMIsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters, ServiceDll Delete
C:\WINDOWS\system32\flightsettings.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wisvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WlanSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\wlidsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wlidsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\lpasvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wlpasvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\workfolderssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\workfolderssvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\wpdbusenum.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WPDBusEnum\Parameters, ServiceDll Delete
C:\WINDOWS\system32\WpnService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WpnService\Parameters, ServiceDll Delete
C:\WINDOWS\System32\WpnUserService.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WpnUserService\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wscsvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wuauserv\Parameters, ServiceDll Delete
C:\WINDOWS\System32\WUDFSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\wudfsvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\wwansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\WwanSvc\Parameters, ServiceDll Delete
C:\WINDOWS\System32\xbgmsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\xbgm\Parameters, ServiceDll Delete
C:\WINDOWS\System32\XblAuthManager.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblAuthManager\Parameters, ServiceDll Delete
C:\WINDOWS\System32\XblGameSave.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XblGameSave\Parameters, ServiceDll Delete
C:\WINDOWS\System32\XboxGipSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XboxGipSvc\Parameters, ServiceDll Delete
C:\WINDOWS\system32\XboxNetApiSvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\XboxNetApiSvc\Parameters, ServiceDll Delete
C:\PROGRA~2\MICROS~1\Office12\OLMAPI32.DLL 2956.25 kb, rsAh, created: 13.07.2016 02:38:08, modified: 13.07.2016 02:38:08 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Outlook\Performance, Library Delete
C:\WINDOWS\system32\sysmain.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\rdyboost\Performance, Library Delete
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\EventMessages.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Adobe Setup, EventMessageFile
C:\WINDOWS\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Application Hang, EventMessageFile
C:\WINDOWS\System32\drivers\ati2erec.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile
C:\Program Files\Bonjour\mDNSResponder.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Bonjour Service, EventMessageFile
C:\Windows\System32\icardres.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\eventlog_provider.dll 12.84 kb, rsAh, created: 15.05.2017 19:37:32, modified: 09.05.2017 05:13:03 Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Chrome, EventMessageFile
C:\WINDOWS\system32\DbxSvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\DbxSvc, EventMessageFile
C:\WINDOWS\system32\dosvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeliveryOptimization, EventMessageFile
C:\WINDOWS\system32\dwm.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Desktop Window Manager, EventMessageFile
C:\WINDOWS\system32\dwminit.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Dwminit, EventMessageFile
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
C:\WINDOWS\System32\UI0Detect.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Interactive Services detection, EventMessageFile
C:\Windows\System32\fxsevent.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Fax, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-Runtime, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AppModel-State, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Audit-CVE, EventMessageFile
C:\WINDOWS\System32\AxInstSv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-AxInstallService, EventMessageFile
C:\WINDOWS\system32\BlbEvents.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Backup, EventMessageFile
C:\WINDOWS\system32\defragsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Defrag, EventMessageFile
C:\WINDOWS\System32\dosvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-DeliveryOptimization, EventMessageFile
C:\WINDOWS\system32\eapsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EapHost, EventMessageFile
C:\WINDOWS\system32\efscore.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EFS, EventMessageFile
C:\WINDOWS\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-EventCollector, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-SoftwareRestrictionPolicies, EventMessageFile
C:\WINDOWS\System32\MsSpellCheckingHost.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Spellchecking-Host, EventMessageFile
C:\WINDOWS\system32\SrEvents.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-System-Restore, EventMessageFile
C:\WINDOWS\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User Profiles Service, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-User-Loader, EventMessageFile
C:\WINDOWS\system32\WINSAT.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WindowsSystemAssessmentTool, EventMessageFile
C:\WINDOWS\system32\winsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-Winsrv, EventMessageFile
C:\WINDOWS\system32\wbem\WinMgmtR.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft-Windows-WMI, EventMessageFile
C:\WINDOWS\System32\profsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Profsvc, EventMessageFile
C:\WINDOWS\System32\wscsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\SecurityCenter, EventMessageFile
C:\WINDOWS\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Software Protection Platform Service, EventMessageFile
C:\WINDOWS\system32\srcore.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\System Restore, EventMessageFile
C:\WINDOWS\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSS, EventMessageFile
c:\2fd620145f8c2609166f6befcacbb4a0\DW\DW20.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\WINDOWS\System32\wersvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\WerSvc, EventMessageFile
C:\WINDOWS\system32\sdengin2.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Backup, EventMessageFile
C:\WINDOWS\system32\wsepno.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Windows Search Service Profile Notification, EventMessageFile
C:\WINDOWS\System32\wininit.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wininit, EventMessageFile
C:\WINDOWS\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Winlogon, EventMessageFile
C:\WINDOWS\System32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wlclntfy, EventMessageFile
C:\WINDOWS\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\HardwareEvents, DisplayNameFile
C:\Program Files (x86)\Kaspersky Lab\Kaspersky error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Kaspersky Event Log\kis, EventMessageFile
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\bl.ppl 7941.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 15.05.2017 17:12:45 Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Kaspersky Event Log\kis-bl, EventMessageFile
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\safe_banking.dll 1548.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48 Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Kaspersky Event Log\kis-safe_banking, EventMessageFile
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\bl_ksde.ppl 2177.09 kb, rsAh, created: 29.03.2017 12:11:48, modified: 15.05.2017 17:33:38 Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Kaspersky Event Log\ksde-bl, EventMessageFile
C:\WINDOWS\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service, DisplayNameFile
C:\WINDOWS\system32\sppsvc.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Key Management Service\KmsRequests, EventMessageFile
C:\WINDOWS\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\Microsoft-Windows-Eventlog, EventMessageFile
C:\WINDOWS\System32\VSSVC.EXE error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Security\VSSAudit, EventMessageFile
C:\WINDOWS\System32\Drivers\acpi.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ACPI, EventMessageFile
C:\WINDOWS\System32\drivers\agp440.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\agp440, EventMessageFile
C:\WINDOWS\System32\drivers\amdk8.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdK8, EventMessageFile
C:\WINDOWS\System32\drivers\ati2erec.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile
C:\WINDOWS\System32\drivers\ati2erec.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap, EventMessageFile
C:\WINDOWS\System32\drivers\amdppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AmdPPM, EventMessageFile
C:\WINDOWS\system32\winsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Application Popup, EventMessageFile
C:\WINDOWS\system32\AppReadiness.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\AppReadiness, EventMessageFile
C:\WINDOWS\System32\drivers\bxvbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\b06bdrv, EventMessageFile
C:\WINDOWS\System32\Drivers\BthEnum.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BthEnum, EventMessageFile
C:\WINDOWS\System32\Drivers\BthLEEnum.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BthLEEnum, EventMessageFile
C:\WINDOWS\System32\Drivers\Bthport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHPORT, EventMessageFile
C:\WINDOWS\System32\Drivers\Bthport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\WINDOWS\System32\Drivers\BthUsb.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\BTHUSB, EventMessageFile
C:\WINDOWS\System32\drivers\cht4sx64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cht4iscsi, EventMessageFile
C:\WINDOWS\System32\drivers\cht4vx64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\cht4vbd, EventMessageFile
C:\WINDOWS\System32\dxgwdi.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Display, EventMessageFile
C:\WINDOWS\System32\drivers\e1i63x64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\e1iexpress, EventMessageFile
C:\WINDOWS\System32\drivers\evbda.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ebdrv, EventMessageFile
C:\WINDOWS\System32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\FltMgr, EventMessageFile
C:\WINDOWS\System32\drivers\gagp30kx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\gagp30kx, EventMessageFile
C:\WINDOWS\System32\Drivers\hidbth.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\HidBth, EventMessageFile
C:\WINDOWS\System32\Drivers\hidi2c.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\hidi2c, EventMessageFile
C:\WINDOWS\System32\drivers\i8042prt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\i8042prt, EventMessageFile
C:\WINDOWS\System32\drivers\iaStorAV.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorAV, EventMessageFile
C:\WINDOWS\System32\drivers\iaStorV.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iaStorV, EventMessageFile
C:\WINDOWS\System32\drivers\ibbus.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\ibbus, EventMessageFile
C:\WINDOWS\system32\drivers\iaLPSSi_GPIO.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-GPIO, EventMessageFile
C:\WINDOWS\system32\drivers\iaLPSSi_I2C.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS-I2C, EventMessageFile
C:\WINDOWS\system32\drivers\iaLPSS2i_GPIO2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS2-GPIO2, EventMessageFile
C:\WINDOWS\system32\drivers\iaLPSS2i_I2C.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Intel-iaLPSS2-I2C, EventMessageFile
C:\WINDOWS\System32\drivers\intelppm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\intelppm, EventMessageFile
C:\WINDOWS\System32\drivers\ipmidrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\IPMIDRV, EventMessageFile
C:\WINDOWS\System32\irmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\irevents, EventMessageFile
C:\WINDOWS\System32\drivers\isapnp.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\isapnp, EventMessageFile
C:\WINDOWS\System32\iscsilog.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\iScsiPrt, EventMessageFile
C:\WINDOWS\System32\drivers\kbdclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdclass, EventMessageFile
C:\WINDOWS\System32\drivers\kbdhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\kbdhid, EventMessageFile
C:\Windows\System32\locationframework.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Lfsvc, EventMessageFile
C:\WINDOWS\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LsaSrv, EventMessageFile
C:\WINDOWS\system32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\LSM, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Audit-CVE, EventMessageFile
C:\WINDOWS\system32\fveapi.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-API, EventMessageFile
C:\WINDOWS\system32\drivers\fvevol.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-BitLocker-Driver, EventMessageFile
C:\WINDOWS\system32\qmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bits-Client, EventMessageFile
C:\WINDOWS\system32\bthserv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Bluetooth-BthLEPrepairing, EventMessageFile
C:\WINDOWS\system32\drivers\cmimcext.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CoreSystem-InitMachineConfig, EventMessageFile
C:\WINDOWS\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Client, EventMessageFile
C:\WINDOWS\system32\cofiredm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-CorruptedFileRecovery-Server, EventMessageFile
C:\WINDOWS\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Directory-Services-SAM, EventMessageFile
C:\WINDOWS\system32\dfdts.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DiskDiagnostic, EventMessageFile
C:\WINDOWS\system32\WUDFPlatform.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-DriverFrameworks-UserMode, EventMessageFile
C:\WINDOWS\System32\Drivers\EhStorTcgDrv.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EnhancedStorage-EhStorTcgDrv, EventMessageFile
C:\WINDOWS\system32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-EventCollector, EventMessageFile
C:\WINDOWS\System32\wevtsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Eventlog, EventMessageFile
C:\WINDOWS\system32\drivers\exfat.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-exFAT-SQM, EventMessageFile
C:\WINDOWS\system32\drivers\fastfat.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fat-SQM, EventMessageFile
C:\WINDOWS\system32\fthsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Fault-Tolerant-Heap, EventMessageFile
C:\WINDOWS\system32\drivers\fltmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FilterManager, EventMessageFile
C:\WINDOWS\System32\mpssvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Firewall, EventMessageFile
C:\WINDOWS\system32\fdphost.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-FunctionDiscoveryHost, EventMessageFile
C:\WINDOWS\system32\drivers\msgpioclx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GPIO-ClassExtension, EventMessageFile
C:\WINDOWS\system32\gpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-GroupPolicy, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-hal-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HAL, EventMessageFile
C:\WINDOWS\system32\drivers\http.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-HttpEvent, EventMessageFile
C:\WINDOWS\system32\oobe\InstallEventRes.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-InstallUX, EventMessageFile
C:\WINDOWS\system32\iphlpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Iphlpsvc, EventMessageFile
C:\WINDOWS\system32\iumbase.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-IsolatedUserMode, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Boot, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-General, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Interrupt-Steering, EventMessageFile
C:\WINDOWS\system32\Microsoft-Windows-System-Events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-IO, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-pnp-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-PnP, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Power, EventMessageFile
C:\WINDOWS\system32\microsoft-windows-kernel-processor-power-events.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-Processor-Power, EventMessageFile
C:\Windows\System32\Drivers\VerifierExt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Kernel-XDV, EventMessageFile
C:\WINDOWS\system32\lpksetup.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-LanguagePackSetup, EventMessageFile
C:\WINDOWS\system32\MemoryDiagnostic.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Memory-Diagnostic-Task-Handler, EventMessageFile
C:\WINDOWS\System32\relpost.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Results, EventMessageFile
C:\WINDOWS\System32\mdsched.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MemoryDiagnostics-Schedule, EventMessageFile
C:\WINDOWS\system32\drivers\mountmgr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-MountMgr, EventMessageFile
C:\WINDOWS\system32\drivers\ndis.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NDIS, EventMessageFile
C:\WINDOWS\system32\drivers\NdisImPlatform.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NdisImPlatformSysEvtProvider, EventMessageFile
C:\WINDOWS\system32\drivers\bridge.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NetworkBridge, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-SQM, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Ntfs-UBPM, EventMessageFile
C:\WINDOWS\system32\drivers\nvdimmn.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-NvdimmN, EventMessageFile
C:\WINDOWS\system32\drivers\wof.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-OverlayFilter, EventMessageFile
C:\WINDOWS\system32\drivers\pmem.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-PmemDisk, EventMessageFile
C:\WINDOWS\system32\umpoext.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Power-Meter-Polling, EventMessageFile
C:\WINDOWS\system32\drivers\refs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ReFS, EventMessageFile
C:\WINDOWS\system32\drivers\refsv1.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ReFS-v1, EventMessageFile
C:\WINDOWS\system32\reseteng.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResetEng, EventMessageFile
C:\WINDOWS\system32\fdrespub.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ResourcePublication, EventMessageFile
C:\WINDOWS\system32\drivers\scmdisk0101.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-ScmDisk0101, EventMessageFile
C:\WINDOWS\system32\certprop.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SCPNP, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Serial-ClassExtension-V2, EventMessageFile
C:\WINDOWS\system32\oobe\winsetup.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Setup, EventMessageFile
C:\WINDOWS\system32\setupetw.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SetupPlatform, EventMessageFile
C:\WINDOWS\system32\drivers\SpbCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-ClassExtension, EventMessageFile
C:\WINDOWS\system32\drivers\hidi2c.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-SPB-HIDI2C, EventMessageFile
C:\WINDOWS\system32\csrsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Subsys-SMSS, EventMessageFile
C:\WINDOWS\system32\schedsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TaskScheduler, EventMessageFile
C:\WINDOWS\system32\lsm.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-LocalSessionManager, EventMessageFile
C:\WINDOWS\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-TerminalServices-RemoteConnectionManager, EventMessageFile
C:\WINDOWS\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Time-Service, EventMessageFile
C:\WINDOWS\System32\Drivers\UMDF\UsbccidDriver.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\WINDOWS\system32\drivers\MAUSBHOST.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-MAUSBHOST, EventMessageFile
C:\WINDOWS\System32\drivers\usbhub3.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-USBHUB3, EventMessageFile
C:\WINDOWS\system32\drivers\usbxhci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-USBXHCI, EventMessageFile
C:\WINDOWS\system32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserModePowerService, EventMessageFile
C:\WINDOWS\system32\umpnpmgr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-UserPnp, EventMessageFile
C:\WINDOWS\system32\whealogr.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WHEA-Logger, EventMessageFile
C:\WINDOWS\System32\pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsToGo-StartupOptions, EventMessageFile
C:\WINDOWS\system32\wuaueng.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WindowsUpdateClient, EventMessageFile
C:\WINDOWS\system32\wininit.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Wininit, EventMessageFile
C:\WINDOWS\system32\winlogon.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-Winlogon, EventMessageFile
C:\WINDOWS\system32\wlansvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-WLAN-AutoConfig, EventMessageFile
C:\WINDOWS\System32\drivers\mlx4_bus.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mlx4_bus, EventMessageFile
C:\WINDOWS\System32\drivers\mouclass.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouclass, EventMessageFile
C:\WINDOWS\System32\drivers\mouhid.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mouhid, EventMessageFile
C:\WINDOWS\System32\Drivers\umdf\Microsoft.Bluetooth.Profiles.HidOverGatt.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mshidumdf, EventMessageFile
C:\WINDOWS\System32\iscsiexe.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MSiSCSI, EventMessageFile
C:\WINDOWS\System32\drivers\MTConfig.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\MTConfig, EventMessageFile
C:\WINDOWS\system32\drivers\ntfs.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Ntfs, EventMessageFile
C:\WINDOWS\System32\drivers\nvdimmn.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvdimmn, EventMessageFile
C:\WINDOWS\System32\drivers\nvstor.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nvstor, EventMessageFile
C:\WINDOWS\System32\drivers\nv_agp.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\nv_agp, EventMessageFile
C:\WINDOWS\System32\drivers\parport.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Parport, EventMessageFile
C:\WINDOWS\System32\Drivers\Pcmcia.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pcmcia, EventMessageFile
C:\WINDOWS\System32\drivers\pmem.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\pmem, EventMessageFile
C:\WINDOWS\System32\umpo.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Power, EventMessageFile
C:\WINDOWS\System32\drivers\processr.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Processor, EventMessageFile
C:\WINDOWS\system32\sstpsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RasSstp, EventMessageFile
C:\WINDOWS\system32\RDXService.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RetailDemo, EventMessageFile
C:\WINDOWS\System32\Drivers\rfcomm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\RFCOMM, EventMessageFile
C:\WINDOWS\System32\drivers\rt640x64.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\rt640x64, EventMessageFile
C:\WINDOWS\System32\samsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SAM, EventMessageFile
C:\WINDOWS\System32\drivers\sbp2port.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sbp2port, EventMessageFile
C:\WINDOWS\System32\lsasrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Schannel, EventMessageFile
C:\WINDOWS\System32\drivers\scmdisk0101.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\scmdisk0101, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx, EventMessageFile
C:\WINDOWS\system32\drivers\SerCx2.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sercx2, EventMessageFile
C:\WINDOWS\System32\drivers\serial.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Serial, EventMessageFile
C:\WINDOWS\System32\drivers\sermouse.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\sermouse, EventMessageFile
C:\WINDOWS\system32\services.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Service Control Manager, EventMessageFile
C:\WINDOWS\System32\snmptrap.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\SNMPTRAP, EventMessageFile
C:\WINDOWS\system32\drivers\SpbCx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\spbcx, EventMessageFile
C:\WINDOWS\System32\wiaservc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\StillImage, EventMessageFile
C:\WINDOWS\System32\tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TCPMon, EventMessageFile
C:\WINDOWS\system32\termsrv.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TermService, EventMessageFile
C:\WINDOWS\System32\drivers\tpm.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\TPM, EventMessageFile
C:\WINDOWS\System32\drivers\tsusbflt.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\tsusbflt, EventMessageFile
C:\WINDOWS\System32\drivers\uagp35.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\uagp35, EventMessageFile
C:\WINDOWS\System32\Drivers\uefi.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UEFI, EventMessageFile
C:\WINDOWS\System32\drivers\uliagpkx.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\uliagpkx, EventMessageFile
C:\WINDOWS\System32\umrdp.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\UmRdpService, EventMessageFile
C:\WINDOWS\System32\Drivers\usbehci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbehci, EventMessageFile
C:\WINDOWS\System32\Drivers\usbser.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\usbser, EventMessageFile
C:\WINDOWS\System32\vdsbas.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Basic Provider, EventMessageFile
C:\WINDOWS\System32\vdsdyn.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Dynamic Provider, EventMessageFile
C:\WINDOWS\System32\vdsvd.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\VDS Virtual Disk Provider, EventMessageFile
C:\WINDOWS\System32\vds.exe error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Virtual Disk Service, EventMessageFile
C:\WINDOWS\system32\drivers\volsnap.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Volsnap, EventMessageFile
C:\WINDOWS\System32\drivers\vpci.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\vpci, EventMessageFile
C:\WINDOWS\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\W32Time, EventMessageFile
C:\WINDOWS\System32\drivers\wacompen.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WacomPen, EventMessageFile
C:\WINDOWS\system32\WalletService.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WalletService, EventMessageFile
C:\Windows\System32\drivers\Wdf01000.sys error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wdf01000, EventMessageFile
C:\WINDOWS\System32\wecsvc.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\wecsvc, EventMessageFile
C:\Program Files (x86)\Windows Defender\MpEvMsg.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\WinDefend, EventMessageFile
C:\WINDOWS\System32\DFDTS.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Windows Disk Diagnostic, EventMessageFile
C:\WINDOWS\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient, DllName Delete
C:\WINDOWS\system32\w32time.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer, DllName Delete
C:\WINDOWS\System32\vmictimeprovider.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider, DllName Delete
.dll error getting file info Script: Quarantine, Delete, Delete via BC	--	?	HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe 91.20 kb, rsAh, created: 17.04.2017 06:20:10, modified: 22.01.2017 10:35:28 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {1B96FAD8-1C10-416E-8027-6EFF94045F6F} Delete
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll 523.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {39C9FA89-7012-4573-A92D-BFD1F8CA542D} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {087B3AE3-E237-4467-B8DB-5A38AB959AC9} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {3B092F0C-7696-40E3-A80F-68D74DA84210} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {63542C48-9552-494A-84F7-73AA6A7C99C1} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\propertyhdl.dll 345.10 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {AE424E85-F6DF-4910-A6A9-438797986431} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} Delete
auditcse.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{16be69fa-4209-4250-88cb-716cf41954e0}, DLLName Delete
C:\WINDOWS\System32\TsUsbRedirectionGroupPolicyExtension.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4bcd6cde-777b-48b6-9804-43568e23545d}, DLLName Delete
WorkFoldersGPExt.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4d968b55-cac2-4ff5-983f-0a54603781a3}, DLLName Delete
pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}, DLLName Delete
pwlauncher.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C34B2751-1CF4-44F5-9262-C3FC39666591}, DLLName Delete
auditcse.dll error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName Delete
C:\Windows\System32\WUDFHost.exe error getting file info Script: Quarantine, Delete, Delete via BC	Active	Registry key	HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\WUDF\Services\{193a1820-d9ac-4997-8c55-be817523f6aa}, HostProcessImagePath Delete
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 1116.84 kb, rsAh, created: 11.12.2016 20:24:50, modified: 09.05.2017 05:12:58 Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk,
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE 12712.22 kb, rsAh, created: 22.03.2017 07:52:24, modified: 22.03.2017 07:52:24 Script: Quarantine, Delete, Delete via BC	Active	Shortcut in Startup folder	C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk,
Autoruns items found - 850, recognized as trusted - 434

Internet Explorer extension modules (BHOs, Toolbars ...)

File name	Type	Description	Manufacturer	CLSID
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll 1004.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48 Script: Quarantine, Delete, Delete via BC	BHO	Kaspersky Protection plugins	© 2016 AO Kaspersky Lab. All Rights Reserved.	{2E38825B-8815-42CF-9126-C58BC28D4591} Delete
C:\Program Files (x86)\LastPass\LPToolbar.dll 2331.02 kb, rsAh, created: 04.11.2016 08:26:17, modified: 04.11.2016 08:26:31 Script: Quarantine, Delete, Delete via BC	BHO	LastPass Toolbar	Copyright (C) 2012	{95D9ECF5-2A4D-4550-BE49-70D42F71296E} Delete
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 8.0.6\ie_engine.dll 1386.11 kb, rsAh, created: 22.12.2016 23:58:46, modified: 22.12.2016 23:58:46 Script: Quarantine, Delete, Delete via BC	BHO	Internet Explorer Plugin	© 2016 AO Kaspersky Lab. All Rights Reserved.	{F710F7E5-A520-471D-989C-F653AC328FB2} Delete
C:\Program Files (x86)\LastPass\LPToolbar.dll 2331.02 kb, rsAh, created: 04.11.2016 08:26:17, modified: 04.11.2016 08:26:31 Script: Quarantine, Delete, Delete via BC	Toolbar	LastPass Toolbar	Copyright (C) 2012	{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} Delete
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll 1004.85 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48 Script: Quarantine, Delete, Delete via BC	Toolbar	Kaspersky Protection plugins	© 2016 AO Kaspersky Lab. All Rights Reserved.	{093F479D-712E-46CD-9E06-62E734A05F68} Delete
error getting file info	Extension module			{40AE684B-A1EA-4FF4-8E05-5BCADC4D4DB2} Delete
error getting file info	Extension module			{43699cd0-e34f-11de-8a39-0800200c9a66} Delete
error getting file info	Extension module			{92780B25-18CC-41C8-B9BE-3C9C571A8263} Delete
Items found - 9, recognized as trusted - 1

Windows Explorer extension modules

File name	Destination	Description	Manufacturer	CLSID
error getting file info	Contacts folder			{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} Delete
error getting file info	WebCheck			{E6FB5E20-DE35-11CF-9C87-00AA005127ED} Delete
error getting file info	Catalyst Context Menu extension			{5E2121EE-0300-11D4-8D3B-444553540000} Delete
C:\Program Files (x86)\Foxit Software\Foxit Reader\Shell Extensions\FoxitPrevhost.exe 91.20 kb, rsAh, created: 17.04.2017 06:20:10, modified: 22.01.2017 10:35:28 Script: Quarantine, Delete, Delete via BC	Foxit PDF Preview Provider (XP)	Foxit PDF Preview Handler Host	Copyright © 2005-2017 Foxit Software Inc. All Rights Reserved.	{1B96FAD8-1C10-416E-8027-6EFF94045F6F} Delete
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\shellex.dll 523.59 kb, rsAh, created: 29.03.2017 12:11:48, modified: 29.03.2017 12:11:48 Script: Quarantine, Delete, Delete via BC	Scan with Kaspersky Anti-Virus	Shell Extension	© 2016 AO Kaspersky Lab. All Rights Reserved.	{39C9FA89-7012-4573-A92D-BFD1F8CA542D} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	LibreOffice Infotip Handler		Copyright © 2000-2017 by LibreOffice contributors. All rights reserved.	{087B3AE3-E237-4467-B8DB-5A38AB959AC9} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	LibreOffice Thumbnail Viewer		Copyright © 2000-2017 by LibreOffice contributors. All rights reserved.	{3B092F0C-7696-40E3-A80F-68D74DA84210} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	LibreOffice Property Sheet Handler		Copyright © 2000-2017 by LibreOffice contributors. All rights reserved.	{63542C48-9552-494A-84F7-73AA6A7C99C1} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\propertyhdl.dll 345.10 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	LibreOffice Property Handler		Copyright © 2000-2017 by LibreOffice contributors. All rights reserved.	{AE424E85-F6DF-4910-A6A9-438797986431} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	LibreOffice Column Handler		Copyright © 2000-2017 by LibreOffice contributors. All rights reserved.	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} Delete
C:\Program Files (x86)\LibreOffice 5\program\shlxthdl\shlxthdl.dll 597.60 kb, rsAh, created: 27.04.2017 12:08:04, modified: 27.04.2017 12:08:04 Script: Quarantine, Delete, Delete via BC	ColumnHandler		Copyright © 2000-2017 by LibreOffice contributors. All rights reserved.	{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} Delete
Items found - 33, recognized as trusted - 22

Printing system extensions (print monitors, providers)

File name	Type	Name	Description	Manufacturer
AppMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Appmon
IPPMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	IppMon
localspl.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Local Port
FXSMON.DLL error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Microsoft Shared Fax Monitor
tcpmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	Standard TCP/IP Port
usbmon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	USB Monitor
WSDMon.dll error getting file info Script: Quarantine, Delete, Delete via BC	Monitor	WSD Port
inetpp.dll error getting file info Script: Quarantine, Delete, Delete via BC	Provider	HTTP Print Services
win32spl.dll error getting file info Script: Quarantine, Delete, Delete via BC	Provider	LanMan Print Services
Items found - 9, recognized as trusted - 0

Task Scheduler jobs

File name	Job name	Job state	Description	Manufacturer	Path	Command line	Type
C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe 150.82 kb, rsAh, created: 14.02.2016 15:17:12, modified: 14.02.2016 15:24:19 Script: Quarantine, Delete, Delete via BC	GoogleUpdateTaskUserS-1-5-21-2968659796-734848828-1345844350-1001Core.job Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Programme d'installation de Google	Copyright Google Inc. 2007-2010		C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe /c	32
C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe 150.82 kb, rsAh, created: 14.02.2016 15:17:12, modified: 14.02.2016 15:24:19 Script: Quarantine, Delete, Delete via BC	GoogleUpdateTaskUserS-1-5-21-2968659796-734848828-1345844350-1001UA.job Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Programme d'installation de Google	Copyright Google Inc. 2007-2010		C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler	32
C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe error getting file info Script: Quarantine, Delete, Delete via BC	abDocsDllLoader Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.			C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe task	64
C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe 39.41 kb, rsAh, created: 20.01.2016 11:51:52, modified: 20.01.2016 11:51:52 Script: Quarantine, Delete, Delete via BC	ACCAgent Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	LiveUpdate Agent	(C) All rights reserved	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe	64
C:\Program Files (x86)\Acer\Care Center\ACCStd.exe 4535.41 kb, rsAh, created: 20.01.2016 11:50:56, modified: 20.01.2016 11:50:56 Script: Quarantine, Delete, Delete via BC	ACCBackgroundApplication Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	ACCStd	(C)All rights reserved	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Acer\Care Center\ACCStd.exe	64
C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe error getting file info Script: Quarantine, Delete, Delete via BC	AcerCloud Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.			C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe task	64
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 265.49 kb, rsAh, created: 22.01.2016 17:50:06, modified: 15.05.2017 14:26:20 Script: Quarantine, Delete, Delete via BC	Adobe Flash Player Updater Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Adobe® Flash® Player Update Service 25.0 r0	Copyright © 1996-2017 Adobe Systems Incorporated	C:\WINDOWS\system32\Tasks\	C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe	64
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 496.22 kb, rsAh, created: 07.01.2016 20:33:48, modified: 07.01.2016 20:33:48 Script: Quarantine, Delete, Delete via BC	AdobeAAMUpdater-1.0-MAURICE-Utilisateur Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Adobe Updater Startup Utility	© 2009-2015 Adobe Systems Incorporated and its licensors. All rights reserved.	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled	64
C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe 1846.35 kb, RsAh, created: 14.01.2016 11:26:20, modified: 14.01.2016 11:26:20 Script: Quarantine, Delete, Delete via BC	DriveUtilitiesHelper_Reg_HKLMWow6432Run Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	WD Drive Utilities Helper	© 2016 Western Digital Technologies, Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\CareCenter\	C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe	64
C:\Program Files (x86)\Common Files\lpuninstall.exe 17203.52 kb, rsAh, created: 18.12.2015 20:08:45, modified: 04.11.2016 08:26:33 Script: Quarantine, Delete, Delete via BC	Install LastPass FF RunOnce.lnk_FolderCommonAppdata Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	LastPass Installer	Copyright 2008-2016	C:\WINDOWS\system32\Tasks\CareCenter\	C:\Program Files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com	64
C:\Program Files (x86)\Common Files\lpuninstall.exe 17203.52 kb, rsAh, created: 18.12.2015 20:08:45, modified: 04.11.2016 08:26:33 Script: Quarantine, Delete, Delete via BC	Install LastPass IE RunOnce.lnk_FolderCommonAppdata Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	LastPass Installer	Copyright 2008-2016	C:\WINDOWS\system32\Tasks\CareCenter\	C:\Program Files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com	64
C:\Program Files (x86)\POP Peeper\POPPeeper.exe 2625.70 kb, rsAh, created: 23.10.2016 17:05:38, modified: 23.10.2016 17:05:38 Script: Quarantine, Delete, Delete via BC	POP Peeper_Reg_HKCURun_S-1-5-21-2968659796-734848828-1345844350-1001 Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	POP Peeper Email Notifier	Copyright (C) 2001-2016 Esumsoft	C:\WINDOWS\system32\Tasks\CareCenter\	C:\Program Files (x86)\POP Peeper\POPPeeper.exe -min	64
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe 1719.84 kb, RsAh, created: 07.12.2015 17:04:22, modified: 07.12.2015 17:04:22 Script: Quarantine, Delete, Delete via BC	WD Drive Unlocker_Reg_HKLMWow6432Run Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	WD Drive Auto Unlock	© 2015 Western Digital Technologies, Inc. All rights reserved.	C:\WINDOWS\system32\Tasks\CareCenter\	C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe	64
C:\Program Files\CCleaner\CCleaner.exe 7440.21 kb, rsAh, created: 05.05.2017 13:08:20, modified: 05.05.2017 13:08:20 Script: Quarantine, Delete, Delete via BC	CCleanerSkipUAC Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	CCleaner	Copyright © 2005-2017 Piriform Ltd	C:\WINDOWS\system32\Tasks\	"C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)	64
C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe 38.91 kb, rsAh, created: 28.03.2017 15:34:32, modified: 28.03.2017 15:34:32 Script: Quarantine, Delete, Delete via BC	GarminUpdaterTask Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Garmin.Omt.Express.SelfUpdater	Copyright © 2015	C:\WINDOWS\system32\Tasks\	C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe	64
C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe 150.82 kb, rsAh, created: 14.02.2016 15:17:12, modified: 14.02.2016 15:24:19 Script: Quarantine, Delete, Delete via BC	GoogleUpdateTaskUserS-1-5-21-2968659796-734848828-1345844350-1001Core Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Programme d'installation de Google	Copyright Google Inc. 2007-2010	C:\WINDOWS\system32\Tasks\	C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe /c	64
C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe 150.82 kb, rsAh, created: 14.02.2016 15:17:12, modified: 14.02.2016 15:24:19 Script: Quarantine, Delete, Delete via BC	GoogleUpdateTaskUserS-1-5-21-2968659796-734848828-1345844350-1001Core1d257dde002115 Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Programme d'installation de Google	Copyright Google Inc. 2007-2010	C:\WINDOWS\system32\Tasks\	C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe /c	64
C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe 150.82 kb, rsAh, created: 14.02.2016 15:17:12, modified: 14.02.2016 15:24:19 Script: Quarantine, Delete, Delete via BC	GoogleUpdateTaskUserS-1-5-21-2968659796-734848828-1345844350-1001UA Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Programme d'installation de Google	Copyright Google Inc. 2007-2010	C:\WINDOWS\system32\Tasks\	C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler	64
C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe 150.82 kb, rsAh, created: 14.02.2016 15:17:12, modified: 14.02.2016 15:24:19 Script: Quarantine, Delete, Delete via BC	GoogleUpdateTaskUserS-1-5-21-2968659796-734848828-1345844350-1001UA1d257dde0e5d18 Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Programme d'installation de Google	Copyright Google Inc. 2007-2010	C:\WINDOWS\system32\Tasks\	C:\Users\Utilisateur\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler	64
C:\WINDOWS\system32\MRT.exe error getting file info Script: Quarantine, Delete, Delete via BC	MRT_HB Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Outil de suppression de logiciels malveillants Microsoft Windows	© Microsoft Corporation. Tous droits rйservйs.	C:\WINDOWS\system32\Tasks\Microsoft\Windows\RemovalTools\	C:\WINDOWS\system32\MRT.exe /EHB /Q	64
C:\Users\Utilisateur\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe 1681.12 kb, rsAh, created: 26.01.2017 17:50:36, modified: 11.04.2017 09:24:29 Script: Quarantine, Delete, Delete via BC	OneDrive Standalone Update Task v2 Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.	Standalone Updater	© Microsoft Corporation. All rights reserved.	C:\WINDOWS\system32\Tasks\	%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe	64
C:\FICHIERS PERSONNEL\Logiciel\mcw10.exe error getting file info Script: Quarantine, Delete, Delete via BC	{269D1E3B-3872-4F4D-94DA-CD204A483AEF} Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.			C:\WINDOWS\system32\Tasks\	C:\WINDOWS\system32\pcalua.exe -a "C:\FICHIERS PERSONNEL\Logiciel\mcw10.exe" -d "C:\FICHIERS PERSONNEL\Logiciel"	64
C:\Users\Utilisateur\Downloads\Application_Acer_1.01.3016.0_W81x64_A\Quick Access_V1.01.3016.0_W81x64\Setup.exe error getting file info Script: Quarantine, Delete, Delete via BC	{FF4FEEF3-8725-4EB7-8204-1AB411C37B9D} Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.			C:\WINDOWS\system32\Tasks\	C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Utilisateur\Downloads\Application_Acer_1.01.3016.0_W81x64_A\Quick Access_V1.01.3016.0_W81x64\Setup.exe" -d "C:\Users\Utilisateur\Downloads\Application_Acer_1.01.3016.0_W81x64_A\Quick Access_V1.01.3016.0_W81x64"	64
C:\Users\Utilisateur\Downloads\Application_Acer_1.01.3016.0_W81x64_A\Quick Access_V1.01.3016.0_W81x64 error getting file info Script: Quarantine, Delete, Delete via BC	{FF4FEEF3-8725-4EB7-8204-1AB411C37B9D} Script: Delete	One or more of the properties that are needed to run this task on a schedule have not been set.			C:\WINDOWS\system32\Tasks\	C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Utilisateur\Downloads\Application_Acer_1.01.3016.0_W81x64_A\Quick Access_V1.01.3016.0_W81x64\Setup.exe" -d "C:\Users\Utilisateur\Downloads\Application_Acer_1.01.3016.0_W81x64_A\Quick Access_V1.01.3016.0_W81x64"	64
Items found - 114, recognized as trusted - 90

SPI/LSP settings

Namespace providers (NSP)

Manufacturer	Status	EXE file	Description	GUID
Detected - 6, recognized as trusted - 6

Transport protocol providers (TSP, LSP)

Manufacturer EXE file Description
Detected - 12, recognized as trusted - 12
Results of automatic SPI settings check
LSP settings checked. No errors detected

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes
TCP ports
139 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
445 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
5357 LISTENING 0.0.0.0 0 System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49664 LISTENING 0.0.0.0 0 wininit.exe [892]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49667 LISTENING 0.0.0.0 0 spoolsv.exe [2612]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49668 LISTENING 0.0.0.0 0 lsass.exe [420]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49681 LISTENING 0.0.0.0 0 c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate
49682 LISTENING 0.0.0.0 0 c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate
49692 LISTENING 0.0.0.0 0 services.exe [392]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
50412 CLOSE_WAIT 52.84.90.54 443 c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate
60247 TIME_WAIT 38.113.165.68 443 [0]
error getting file info
60248 TIME_WAIT 38.113.165.80 443 [0]
error getting file info
60249 TIME_WAIT 62.128.100.49 443 [0]
error getting file info
60256 TIME_WAIT 38.113.165.68 443 [0]
error getting file info
60257 TIME_WAIT 38.113.165.68 443 [0]
error getting file info
60264 ESTABLISHED 38.113.165.68 443 c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate
60265 ESTABLISHED 38.113.165.68 443 c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate
60266 TIME_WAIT 62.128.100.47 443 [0]
error getting file info
UDP ports
137 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
138 LISTENING -- -- System.exe [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3702 LISTENING -- -- dasHost.exe [3492]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
3702 LISTENING -- -- dasHost.exe [3492]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
49666 LISTENING -- -- dasHost.exe [3492]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate
53807 LISTENING -- -- c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate
56068 LISTENING -- -- c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate
64770 LISTENING -- -- c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304]
235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28
Script: Quarantine, Delete, Delete via BC, Terminate

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Description Manufacturer
Items found - 17, recognized as trusted - 17

Active Setup

File name Description Manufacturer CLSID
Items found - 4, recognized as trusted - 4

HOSTS file

Hosts file record

Protocols and handlers

File name Type Description Manufacturer CLSID
Items found - 15, recognized as trusted - 15

Shared resources

Network name Path Notes
ADMIN$ C:\WINDOWS Administration а distance
C$ C:\ Partage par dйfaut
FICHIERS PERSONNEL C:\FICHIERS PERSONNEL
IPC$ IPC distant
Users C:\Users

Suspicious objects

File Description Type

Attention !!! Database was last updated 2016-02-29 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.46 private build
Scanning started at 19.05.2017 06:13:07
Database loaded: signatures - 9995, NN profile(s) - 2, malware removal microprograms - 23, signature database released 29.02.2016 04:00
Heuristic microprograms loaded: 408
PVS microprograms loaded: 9
Digital signatures of system files loaded: 789285
Heuristic analyzer mode: Maximum heuristics mode
Malware removal mode: disabled
Windows version is: 10.0.15063,  "Windows 10 Home", install date 11.04.2017 08:21:33 ; AVZ is run with administrator rights (+)
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .rdata
Function kernel32.dll:ReadConsoleInputExA (1117) intercepted, method - ProcAddressHijack.GetProcAddress ->7659B332->757BF530
Function kernel32.dll:ReadConsoleInputExW (1118) intercepted, method - ProcAddressHijack.GetProcAddress ->7659B365->757BF560
 Analysis: ntdll.dll, export table found in section .text
Function ntdll.dll:NtCreateFile (280) intercepted, method - ProcAddressHijack.GetProcAddress ->770722B0->6AF22D30
Function ntdll.dll:NtSetInformationFile (576) intercepted, method - ProcAddressHijack.GetProcAddress ->77071FD0->6AF230B0
Function ntdll.dll:NtSetValueKey (608) intercepted, method - ProcAddressHijack.GetProcAddress ->77072360->6AF585D0
Function ntdll.dll:ZwCreateFile (1743) intercepted, method - ProcAddressHijack.GetProcAddress ->770722B0->6AF22D30
Function ntdll.dll:ZwSetInformationFile (2037) intercepted, method - ProcAddressHijack.GetProcAddress ->77071FD0->6AF230B0
Function ntdll.dll:ZwSetValueKey (2069) intercepted, method - ProcAddressHijack.GetProcAddress ->77072360->6AF585D0
 Analysis: user32.dll, export table found in section .text
Function user32.dll:CallNextHookEx (1534) intercepted, method - ProcAddressHijack.GetProcAddress ->763FDA00->6AF22AC0
Function user32.dll:SetWindowsHookExW (2375) intercepted, method - ProcAddressHijack.GetProcAddress ->76400E70->6AF58650
Function user32.dll:Wow64Transition (1503) intercepted, method - CodeHijack (not defined)
 Analysis: advapi32.dll, export table found in section .text
Function advapi32.dll:CveEventWrite (1233) intercepted, method - ProcAddressHijack.GetProcAddress ->76D9271C->757EAEE0
Function advapi32.dll:I_ScRegisterPreshutdownRestart (1386) intercepted, method - ProcAddressHijack.GetProcAddress ->76D93643->75FFB870
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
Function netapi32.dll:NetFreeAadJoinInformation (130) intercepted, method - ProcAddressHijack.GetProcAddress ->73AAC1CA->681AB630
Function netapi32.dll:NetGetAadJoinInformation (131) intercepted, method - ProcAddressHijack.GetProcAddress ->73AAC1F9->681AB9A0
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
2. Scanning RAM
 Number of processes found: 25
Extended process analysis: 2940 C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 2308 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
[ES]:Program code includes networking-related functionality
[ES]:Listens on TCP ports !
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 2392 C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 6044 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
Extended process analysis: 7660 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
[ES]:Program code includes networking-related functionality
Extended process analysis: 3792 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
[ES]:Application has no visible windows
Extended process analysis: 3304 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
[ES]:Loads RASAPI DLL - may use dialing ?
Extended process analysis: 5288 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
[ES]:Program code includes networking-related functionality
[ES]:Application has no visible windows
 Number of modules loaded: 492
Scanning RAM - complete
3. Scanning disks
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
 Checking - disabled by user
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Services Bureau ? distance)
>> Services: potentially dangerous service allowed: SSDPSRV (D?couverte SSDP)
>> Services: potentially dangerous service allowed: Schedule (Planificateur de t?ches)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
Checking - complete
9. Troubleshooting wizard
Checking - complete
Files scanned: 519, extracted from archives: 1, malicious software found 0, suspicions - 0
Scanning finished at 19.05.2017 06:15:16
Time of scanning: 00:02:10
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service http://virusdetector.ru/
System Analysis in progress
Network diagnostics
 DNS and Ping test
  Host="yandex.ru", IP="77.88.55.88,5.255.255.77,77.88.55.77,5.255.255.88", Ping=OK (0,124,77.88.55.88)
  Host="google.ru", IP="96.20.0.45,96.20.0.39,96.20.0.54,96.20.0.34,96.20.0.49,96.20.0.30,96.20.0.25,96.20.0.59,96.20.0.40,96.20.0.24,96.20.0.20,96.20.0.55,96.20.0.35,96.20.0.50,96.20.0.44,96.20.0.29", Ping=OK (0,9,96.20.0.45)
  Host="google.com", IP="96.20.0.40,96.20.0.25,96.20.0.55,96.20.0.24,96.20.0.49,96.20.0.20,96.20.0.35,96.20.0.45,96.20.0.39,96.20.0.44,96.20.0.50,96.20.0.59,96.20.0.29,96.20.0.54,96.20.0.30,96.20.0.34", Ping=OK (0,12,96.20.0.40)
  Host="www.kaspersky.com", IP="4.59.181.209", Ping=OK (0,37,4.59.181.209)
  Host="www.kaspersky.ru", IP="4.59.181.226", Ping=OK (0,39,4.59.181.226)
  Host="dnl-03.geo.kaspersky.com", IP="66.110.49.4", Ping=OK (0,27,66.110.49.4)
  Host="dnl-11.geo.kaspersky.com", IP="38.117.98.253", Ping=OK (0,43,38.117.98.253)
  Host="activation-v2.kaspersky.com", IP="4.59.181.141", Ping=OK (0,33,4.59.181.141)
  Host="odnoklassniki.ru", IP="217.20.156.159,217.20.155.58,5.61.23.5", Ping=OK (0,145,217.20.156.159)
  Host="vk.com", IP="87.240.165.82,95.213.11.180", Ping=OK (0,134,87.240.165.82)
  Host="vkontakte.ru", IP="95.213.4.228,95.213.4.229", Ping=OK (0,142,95.213.4.228)
  Host="twitter.com", IP="104.244.42.1,104.244.42.129", Ping=OK (0,92,104.244.42.1)
  Host="facebook.com", IP="31.13.80.36", Ping=OK (0,19,31.13.80.36)
  Host="ru-ru.facebook.com", IP="31.13.80.8", Ping=OK (0,18,31.13.80.8)
 Network IE settings
  IE setting AutoConfigURL=
  IE setting AutoConfigProxy=wininet.dll
  IE setting ProxyOverride=
  IE setting ProxyServer=
  IE setting Internet\ManualProxies=
 Network TCP/IP settings
 Network Persistent Routes

 System Analysis - complete


Script commands 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
Operations with AVZPM (true=enable,false=disable)
BootCleaner - import list of deleted files
BootCleaner - import all
Remove traces of deleted files
ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining a file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting a file
Insert template for DelCLSID() - removing a CLSID item from registry
Additional operations:Performance tweaking: disable service TermService (Services Bureau а distance)
Performance tweaking: disable service SSDPSRV (Dйcouverte SSDP)
Performance tweaking: disable service Schedule (Planificateur de tвches)
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access

File list

Port	Status	Remote Host	Remote Port	Application	Notes
TCP ports
139	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
445	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
5357	LISTENING	0.0.0.0	0	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49664	LISTENING	0.0.0.0	0	wininit.exe [892] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49667	LISTENING	0.0.0.0	0	spoolsv.exe [2612] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49668	LISTENING	0.0.0.0	0	lsass.exe [420] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49681	LISTENING	0.0.0.0	0	c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate
49682	LISTENING	0.0.0.0	0	c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate
49692	LISTENING	0.0.0.0	0	services.exe [392] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
50412	CLOSE_WAIT	52.84.90.54	443	c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate
60247	TIME_WAIT	38.113.165.68	443	[0] error getting file info
60248	TIME_WAIT	38.113.165.80	443	[0] error getting file info
60249	TIME_WAIT	62.128.100.49	443	[0] error getting file info
60256	TIME_WAIT	38.113.165.68	443	[0] error getting file info
60257	TIME_WAIT	38.113.165.68	443	[0] error getting file info
60264	ESTABLISHED	38.113.165.68	443	c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate
60265	ESTABLISHED	38.113.165.68	443	c:\program files (x86)\kaspersky lab\kaspersky internet security 17.0.0\avp.exe [2308] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate
60266	TIME_WAIT	62.128.100.47	443	[0] error getting file info
UDP ports
137	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
138	LISTENING	--	--	System.exe [4] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3702	LISTENING	--	--	dasHost.exe [3492] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
3702	LISTENING	--	--	dasHost.exe [3492] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
49666	LISTENING	--	--	dasHost.exe [3492] error getting file info Script: Quarantine, Delete, Delete via BC, Terminate
53807	LISTENING	--	--	c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate
56068	LISTENING	--	--	c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate
64770	LISTENING	--	--	c:\program files (x86)\kaspersky lab\kaspersky secure connection 1.0\ksde.exe [3304] 235.88 kb, rsAh, created: 28.06.2016 01:54:28, modified: 28.06.2016 01:54:28 Script: Quarantine, Delete, Delete via BC, Terminate

Network name	Path	Notes
ADMIN$	C:\WINDOWS	Administration а distance
C$	C:\	Partage par dйfaut
FICHIERS PERSONNEL	C:\FICHIERS PERSONNEL
IPC$		IPC distant
Users	C:\Users