Results of system analysis

AVZ 5.00 http://z-oleg.com/secur/avz/

Process List

File namePIDDescriptionCopyrightMD5Information
c:\program files (x86)\asus\aahm\1.00.31\aahmsvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3340FC3AAD3BE7CE68A79D18D2C598EC3F8E952,96 kb, RsAh,created: 17.11.2018 19:00:23,modified: 24.01.2017 17:22:52
Command line: "C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe"
C:\Program Files (x86)\ASUS\AAHM\1.00.31\aaHMSvc.exe


Script: Quarantine, Delete, Delete via BC		4194304  FC3AAD3BE7CE68A79D18D2C598EC3F8Eno
c:\program files (x86)\common files\acronis\cdp\afcdpsrv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		36361D9E2A376DBA9370413345485A6312016152,29 kb, rsAh,created: 03.12.2018 13:50:28,modified: 03.12.2018 13:50:28
Command line: "C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
03.12.2018 13:50:28, modified: 03.12.2018 13:50:28

Script: Quarantine, Delete, Delete via BC		9502720  1D9E2A376DBA9370413345485A631201no
C:\Program Files (x86)\Common Files\Acronis\SnapAPI\snapapi.dll


Script: Quarantine, Delete, Delete via BC		1856503808Acronis Snapshot Dynamic Link LibraryCopyright © Acronis International GmbH, 2002-2013.E7A8CDA435124CCBBCF6B1C16D576398no
c:\program files (x86)\common files\adobe\adobegcclient\agmservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3564Adobe Genuine Software ServiceCopyright 2018 Adobe Systems Incorporated. All rights reserved.E4BD6883FE35DA9D625AD1672E3AE3D92842,48 kb, rsAh,created: 10.09.2018 11:21:58,modified: 10.09.2018 11:21:58
Command line: "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe"
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe


Script: Quarantine, Delete, Delete via BC		13107200Adobe Genuine Software ServiceCopyright 2018 Adobe Systems Incorporated. All rights reserved.E4BD6883FE35DA9D625AD1672E3AE3D9no
c:\program files (x86)\common files\adobe\adobegcclient\agsservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3520Adobe Genuine Software Integrity ServiceCopyright 2014 Adobe Systems Incorporated. All rights reserved.0A527B4AEE41D2E3AC77634D59E162B42641,48 kb, rsAh,created: 11.05.2018 11:50:54,modified: 10.09.2018 11:22:00
Command line: "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe"
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe


Script: Quarantine, Delete, Delete via BC		20774912Adobe Genuine Software Integrity ServiceCopyright 2014 Adobe Systems Incorporated. All rights reserved.0A527B4AEE41D2E3AC77634D59E162B4no
c:\program files\amd\cnext\cnext\amddvr.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1868AMD ReLive: Host ApplicationCopyright (C) 2018 Advanced Micro Devices, Inc.8AB6E4B7A9D9D5819415465CB4DFF4381916,38 kb, rsAh,created: 16.11.2018 13:06:34,modified: 16.11.2018 13:06:34
Command line:
c:\program files\amd\cnext\cnext\amdow.exe
Script: Quarantine, Delete, Delete via BC, Terminate		8784AMD ReLive: Desktop OverlayCopyright (C) 2018 Advanced Micro Devices, Inc.DE0AFCDE05967B2AB15D3AAEF207BF8655,88 kb, rsAh,created: 16.11.2018 13:05:52,modified: 16.11.2018 13:05:52
Command line:
c:\program files (x86)\common files\acronis\activeprotection\anti_ransomware_service.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3984Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.7CB44FB56C3BB5A93F448E7CE3034C134277,52 kb, rsAh,created: 23.11.2018 12:00:34,modified: 23.11.2018 12:00:34
Command line: "C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe"
C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe


Script: Quarantine, Delete, Delete via BC		1966080Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.7CB44FB56C3BB5A93F448E7CE3034C13no
C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\LIBMAGIC.dll


Script: Quarantine, Delete, Delete via BC		1941766144  9FC2BCDBB8BE15DC11A5BF5ED861132Bno
C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\xerces_c.dll


Script: Quarantine, Delete, Delete via BC		1939013632  4AA8E9BB98C77B6920F070095DA509B0no
C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll


Script: Quarantine, Delete, Delete via BC		1926496256  CEA56E4310046906AD0271DB1A66C954no
C:\Program Files (x86)\Common Files\Acronis\Home\libssl10.dll


Script: Quarantine, Delete, Delete via BC		1924333568OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.299D2509976E931C47352E6A45E91022no
C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll


Script: Quarantine, Delete, Delete via BC		1924726784OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.5C8DC81FAF55F78107F845706485B0A6no
C:\Program Files (x86)\Common Files\Acronis\Home\curl.dll


Script: Quarantine, Delete, Delete via BC		1922433024libcurl Shared Library© 1996 - 2012 Daniel Stenberg, <daniel@haxx.se>.25D825FD45D0B12802B0456F3D94C956no
C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll


Script: Quarantine, Delete, Delete via BC		1928986624  59A7B3A1EA1EDAB9CD3586FDF195F446no
C:\Program Files (x86)\Common Files\Acronis\FileProtector\file_protector_driver_api.dll


Script: Quarantine, Delete, Delete via BC		1928527872Acronis File Protector Driver APICopyright © Acronis International GmbH, 2002-2013.BC50B1D38F87EE5A295881D706355C5Bno
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3332Adobe Acrobat Update ServiceCopyright © 2013 Adobe Systems Incorporated. All rights reserved.696A8431DD22EDE385D7AB84E0EAF4C982,02 kb, rsAh,created: 14.08.2018 08:27:08,modified: 14.08.2018 08:27:08
Command line: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


Script: Quarantine, Delete, Delete via BC		65536Adobe Acrobat Update ServiceCopyright © 2013 Adobe Systems Incorporated. All rights reserved.696A8431DD22EDE385D7AB84E0EAF4C9no
c:\program files (x86)\asus\asusfancontrolservice\1.09.08\asusfancontrolservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3436ASUS Motherboard Fan Control ServiceASUSTeK Computer Inc. All rights reserved.04452C0E608D77F1626625E17B592366596,46 kb, RsAh,created: 17.11.2018 19:01:26,modified: 24.01.2017 15:57:34
Command line: "C:\Program Files (x86)\ASUS\AsusFanControlService\1.09.08\AsusFanControlService.exe"
C:\Program Files (x86)\ASUS\AsusFanControlService\1.09.08\AsusFanControlService.exe


Script: Quarantine, Delete, Delete via BC		11206656ASUS Motherboard Fan Control ServiceASUSTeK Computer Inc. All rights reserved.04452C0E608D77F1626625E17B592366no
C:\Program Files (x86)\ASUS\AsusFanControlService\1.09.08\ACPIWMI.dll


Script: Quarantine, Delete, Delete via BC		1823604736ASUS WMI InterfaceASUSTeK COMPUTER INC.05B8E7B1FC0609F5A323C0B8F9534D40no
c:\program files (x86)\asus\axsp\1.02.03\atkexcomsvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		34086F67EE24ECD5FCB6086323EE6CCBF9CD911,95 kb, RsAh,created: 17.11.2018 19:00:19,modified: 22.01.2017 08:20:14
Command line: "C:\Program Files (x86)\ASUS\AXSP\1.02.03\atkexComSvc.exe"
C:\Program Files (x86)\ASUS\AXSP\1.02.03\PEbiosinterface32.dll
16.12.2018 20:09:13

Script: Quarantine, Delete, Delete via BC		39649280  5BF6CDE14D4293F0552740806236E502no
f:\temp\temp\ydw0tujh.kk3\getsysteminfodllcache\avz\avz.exe
Script: Quarantine, Delete, Delete via BC, Terminate		147642E9C2990E83EE5A0CA0EAE74A1EF4856795,70 kb, rsAh,created: 16.12.2018 20:33:21,modified: 24.05.2018 11:43:21
Command line: "F:\TEMP\Temp\ydw0tujh.kk3\GetSystemInfoDllCache\avz\avz.exe" Script="F:\TEMP\Temp\ydw0tujh.kk3\GetSystemInfoDllCache\avz\asa.avz" HiddenMode="3" SpoolLog="F:\TEMP\Temp\ydw0tujh.kk3\GetSystemInfo\avz.log" TempFolder="F:\TEMP\Temp\ydw0tujh.kk3\GetSystemInfo\AvzTemp"
F:\TEMP\Temp\ydw0tujh.kk3\GetSystemInfoDllCache\avz\avz.exe
16.12.2018 20:33:21, modified: 24.05.2018 11:43:21

Script: Quarantine, Delete, Delete via BC		4194304  42E9C2990E83EE5A0CA0EAE74A1EF485no
c:\program files (x86)\eaton\personalsolutionpac\bil.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5580DE9AA081C791CCEFA5EDB36145C92DE6208,00 kb, rsAh,created: 06.12.2018 19:03:04,modified: 29.11.2010 11:14:58
Command line: "C:\Program Files (x86)\EATON\PersonalSolutionPac\BIL.exe"
C:\Program Files (x86)\EATON\PersonalSolutionPac\BIL.exe
06.12.2018 19:03:04, modified: 29.11.2010 11:14:58

Script: Quarantine, Delete, Delete via BC		4194304  DE9AA081C791CCEFA5EDB36145C92DE6no
c:\program files (x86)\eaton\personalsolutionpac\cilusb.exe
Script: Quarantine, Delete, Delete via BC, Terminate		63081D57C9761E0F6D91E740446B9893F725224,00 kb, rsAh,created: 06.12.2018 19:03:05,modified: 29.11.2010 11:13:52
Command line: "C:\Program Files (x86)\EATON\PersonalSolutionPac\CilUSB.exe"
C:\Program Files (x86)\EATON\PersonalSolutionPac\CilUSB.exe
06.12.2018 19:03:05, modified: 29.11.2010 11:13:52

Script: Quarantine, Delete, Delete via BC		4194304  1D57C9761E0F6D91E740446B9893F725no
c:\program files (x86)\canon\ij network scanner selector ex2\cnmnsst2.exe
Script: Quarantine, Delete, Delete via BC, Terminate		11132Canon IJ Network Scanner Selector EX2Copyright CANON INC. 2010-2015E7594F966F61CFECC9B70350589DEBBF264,56 kb, rsAh,created: 19.11.2018 17:50:16,modified: 17.06.2015 16:03:40
Command line: "C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe" /FORCE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe


Script: Quarantine, Delete, Delete via BC		4194304Canon IJ Network Scanner Selector EX2Copyright CANON INC. 2010-2015E7594F966F61CFECC9B70350589DEBBFno
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_FRA.DLL


Script: Quarantine, Delete, Delete via BC		268435456Canon IJ Network Scanner Selector EX2 ResourcesCopyright CANON INC. 2010-2015C7673A0124ADF92741E0379C35835615no
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll


Script: Quarantine, Delete, Delete via BC		10551296Canon IJ Network Scanner Selector EX2 ResourcesCopyright CANON INC. 2010-2015A6758CFB476ED0BBB4566A8D039E4FBAno
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\scchmpm.dll


Script: Quarantine, Delete, Delete via BC		1517092864Scanner CHMP MonitorCopyright CANON INC. 20158E2DF322560181731E6E74C6D6CF89A2no
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnwidsd.dll


Script: Quarantine, Delete, Delete via BC		1516896256SNMP SearchCopyright CANON INC. 20158DE7BBF1AAE6E4A7B2C6510CCDC559D8no
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\cnmpu2.dll


Script: Quarantine, Delete, Delete via BC		1516568576Network Port Utility moduleCopyright CANON INC. 2014-2015FB0C9BB9973E7A9F053079BB83A72055no
c:\program files (x86)\leapfrog\leapfrog connect\commandservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3628CommandService Application©2008 – 2018 LeapFrog Enterprises, Inc. All rights reserved.63E0774B3C211C42752C701B25E6C2337233,63 kb, rsAh,created: 13.03.2018 15:35:02,modified: 13.03.2018 15:35:02
Command line: "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe"
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe


Script: Quarantine, Delete, Delete via BC		3604480CommandService Application©2008 – 2018 LeapFrog Enterprises, Inc. All rights reserved.63E0774B3C211C42752C701B25E6C233no
c:\program files (x86)\asus\ai suite iii\dip4\dipawaymode\dipawaymode.exe
Script: Quarantine, Delete, Delete via BC, Terminate		597628A98CF54CD54E6E52B4F8F4D0684B211259,96 kb, rsAh,created: 17.11.2018 19:01:35,modified: 24.01.2017 23:56:34
Command line: "C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe"
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe


Script: Quarantine, Delete, Delete via BC		4194304  28A98CF54CD54E6E52B4F8F4D0684B21no
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll


Script: Quarantine, Delete, Delete via BC		50200576  00CDCC36019A37DEA5B9BCA9E8A1B0BDno
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll


Script: Quarantine, Delete, Delete via BC		52428800  327ECCE4D751123D1BE2AAC748E82939no
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll


Script: Quarantine, Delete, Delete via BC		55574528  224FF989FCDFB9347B945FF84D05F57Ano
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll


Script: Quarantine, Delete, Delete via BC		56557568  364B9E1A7DCA20CBA259B2210183C377no
c:\program files (x86)\asus\ai suite iii\ez update\ezupdt.exe
Script: Quarantine, Delete, Delete via BC, Terminate		59843267AC5296DC0E9240ADCFFED79F41031427,98 kb, rsAh,created: 17.11.2018 19:00:52,modified: 24.03.2017 11:16:16
Command line: "C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe" -onlytray
C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe


Script: Quarantine, Delete, Delete via BC		4194304  3267AC5296DC0E9240ADCFFED79F4103no
C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll


Script: Quarantine, Delete, Delete via BC		268435456  8422071228876B7863E723417C847119no
C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\UIImprovmentHelper.dll


Script: Quarantine, Delete, Delete via BC		1818099712  6074216F20D630963ED5638F7A70DC2Cno
c:\program files (x86)\filehippo.com\filehippo.appmanager.exe
Script: Quarantine, Delete, Delete via BC, Terminate		10768FileHippo.AppManagerCopyright © 20146798339CF7C87F5F567A8F050614D6B810318,70 kb, rsAh,created: 02.09.2015 12:00:08,modified: 02.09.2015 12:00:08
Command line: "C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe" /background
C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe


Script: Quarantine, Delete, Delete via BC		983040FileHippo.AppManagerCopyright © 20146798339CF7C87F5F567A8F050614D6B8no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\cc73d352d1edf9cfc86a915829e56f81\System.ni.dll
06.12.2018 17:59:14, modified: 06.12.2018 17:59:14

Script: Quarantine, Delete, Delete via BC		1668087808.NET Framework© Microsoft Corporation. All rights reserved.BBE7610E48D3B40CE416FBC109E819E0no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ebe4549215365e4e973f90ba59b7b975\System.Drawing.ni.dll
07.12.2018 09:33:21, modified: 07.12.2018 09:33:21

Script: Quarantine, Delete, Delete via BC		1666383872.NET Framework© Microsoft Corporation. All rights reserved.7A75D800276F4B9E6C74EFAF14DC5A94no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bd3a9a9fbcb08e847ba475738d8d2797\System.Windows.Forms.ni.dll
07.12.2018 09:33:34, modified: 07.12.2018 09:33:34

Script: Quarantine, Delete, Delete via BC		1652621312.NET Framework© Microsoft Corporation. All rights reserved.A4929D8D4F2795B92CFD43220205DDE7no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3f2e6f8503eb4c756c45348fa97c85df\System.Core.ni.dll
06.12.2018 17:59:18, modified: 06.12.2018 17:59:18

Script: Quarantine, Delete, Delete via BC		1644363776.NET Framework© Microsoft Corporation. All rights reserved.37AA507ACE36261DCDF3174FF9B605A3no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e4f38243998aa46e1be7bc7660e5f8b7\System.Configuration.ni.dll
06.12.2018 17:59:34, modified: 06.12.2018 17:59:34

Script: Quarantine, Delete, Delete via BC		1642725376System.Configuration.dll© Microsoft Corporation. All rights reserved.E44C34CC4C3DDE9B184D79484272CC07no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7198fd5e703181538745ce35b56ad516\System.Xml.ni.dll
06.12.2018 17:59:40, modified: 06.12.2018 17:59:40

Script: Quarantine, Delete, Delete via BC		1635123200.NET Framework© Microsoft Corporation. All rights reserved.57FFE2EFDE8BDB37C02BC61B9B61DCFAno
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\bc48e2c3c228932509d0730c849cafc3\System.Data.ni.dll
07.12.2018 09:33:24, modified: 07.12.2018 09:33:24

Script: Quarantine, Delete, Delete via BC		1622671360.NET Framework© Microsoft Corporation. All rights reserved.75B3487459C86F7AECD635E65E182186no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\98f4033e10e819ff1cbd84c7f17bb2a9\System.Runtime.Serialization.ni.dll
06.12.2018 17:59:36, modified: 06.12.2018 17:59:36

Script: Quarantine, Delete, Delete via BC		1599340544System.Runtime.Serialization.dll© Microsoft Corporation. All rights reserved.ED93A18B988719CDCEEAE22405E4BE82no
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8e4740b206fe86d0ddcedca5898dbb46\SMDiagnostics.ni.dll
07.12.2018 09:33:36, modified: 07.12.2018 09:33:36

Script: Quarantine, Delete, Delete via BC		1599209472SMDiagnostics.dll© Microsoft Corporation. All rights reserved.BA5D1B10AAA7E552ED185C17C74F198Dno
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\41de78153ef91d3ab91fa9b5d60389b2\System.ComponentModel.DataAnnotations.ni.dll
07.12.2018 09:33:14, modified: 07.12.2018 09:33:14

Script: Quarantine, Delete, Delete via BC		1598881792System.ComponentModel.DataAnnotations.dll© Microsoft Corporation. All rights reserved.0E5AAB29BD69D5F9632D3FD67427B36Dno
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\c9f7643497f714c607485844857fc6f5\System.Xml.Linq.ni.dll
06.12.2018 17:59:40, modified: 06.12.2018 17:59:40

Script: Quarantine, Delete, Delete via BC		1598423040.NET Framework© Microsoft Corporation. All rights reserved.28A76D747FD18570C2AD0BAE6F0AE2D1no
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\d95b2969e8c3093ac55e8c946f1e7be3\Microsoft.VisualBasic.ni.dll
07.12.2018 09:34:04, modified: 07.12.2018 09:34:04

Script: Quarantine, Delete, Delete via BC		1596456960Visual Basic Runtime Library© Microsoft Corporation. All rights reserved.A31DB505EA348E5C83C5CEFC451ECE0Bno
c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6356Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.BE312805BE40747F348360CDCCA565BB504,45 kb, rsAh,created: 28.11.2018 23:15:47,modified: 12.12.2018 22:37:20
Command line:
c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2004Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.BE312805BE40747F348360CDCCA565BB504,45 kb, rsAh,created: 28.11.2018 23:15:47,modified: 12.12.2018 22:37:20
Command line:
c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5208Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.BE312805BE40747F348360CDCCA565BB504,45 kb, rsAh,created: 28.11.2018 23:15:47,modified: 12.12.2018 22:37:20
Command line:
c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		8716Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.BE312805BE40747F348360CDCCA565BB504,45 kb, rsAh,created: 28.11.2018 23:15:47,modified: 12.12.2018 22:37:20
Command line:
c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		832Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.BE312805BE40747F348360CDCCA565BB504,45 kb, rsAh,created: 28.11.2018 23:15:47,modified: 12.12.2018 22:37:20
Command line:
c:\program files\mozilla firefox\firefox.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2244Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.BE312805BE40747F348360CDCCA565BB504,45 kb, rsAh,created: 28.11.2018 23:15:47,modified: 12.12.2018 22:37:20
Command line:
c:\program files\fresco logic\fresco logic usb3.0 host controller\amd64_host\flxhcim.exe
Script: Quarantine, Delete, Delete via BC, Terminate		11180Fresco Logic(C) Fresco Logic Corporation 2009-2010. All Rights Reserved.94971A73676E0DCC6944868A301F512B55,66 kb, rsAh,created: 02.07.2014 03:44:48,modified: 02.07.2014 03:44:48
Command line:
c:\users\dad\downloads\getsysteminfo6.2.exe
Script: Quarantine, Delete, Delete via BC, Terminate		10744Kaspersky Get System Info?© 2018 AO Kaspersky Lab. All Rights Reserved.3B5865B38366D4D16638B354F9EEFA1D10935,83 kb, rsAh,created: 16.12.2018 20:30:48,modified: 16.12.2018 20:30:57
Command line: "C:\Users\DAD\Downloads\GetSystemInfo6.2.exe"
C:\Users\DAD\Downloads\GetSystemInfo6.2.exe
16.12.2018 20:30:48, modified: 16.12.2018 20:30:57

Script: Quarantine, Delete, Delete via BC		13828096Kaspersky Get System Info?© 2018 AO Kaspersky Lab. All Rights Reserved.3B5865B38366D4D16638B354F9EEFA1Dno
c:\program files (x86)\google\update\googleupdate.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5992Programme d'installation de GoogleCopyright Google Inc. 2007-201092EE791A630830452485E8E375F8DB35149,58 kb, rsAh,created: 18.11.2018 14:03:34,modified: 18.11.2018 14:03:30
Command line: "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


Script: Quarantine, Delete, Delete via BC		13762560Programme d'installation de GoogleCopyright Google Inc. 2007-201092EE791A630830452485E8E375F8DB35no
C:\Program Files (x86)\Google\Update\1.3.33.17\goopdate.dll


Script: Quarantine, Delete, Delete via BC		1852309504Google UpdateCopyright 2007-2010 Google Inc.463A426DA94FC2418A713CEEBB799E22no
f:\temp\temp\safo\gsi.exe
Script: Quarantine, Delete, Delete via BC, Terminate		5004Kaspersky Get System Info2018 AO Kaspersky Lab. All Rights Reserved.11E5413BA184D8D2FA3B1C6DBAAA642E1370,82 kb, rsAh,created: 16.12.2018 20:32:09,modified: 24.05.2018 11:43:19
Command line: F:\TEMP\Temp\safo\GSI.exe
F:\TEMP\Temp\safo\GSI.exe
16.12.2018 20:32:09, modified: 24.05.2018 11:43:19

Script: Quarantine, Delete, Delete via BC		11862016Kaspersky Get System Info2018 AO Kaspersky Lab. All Rights Reserved.11E5413BA184D8D2FA3B1C6DBAAA642Eno
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\cc73d352d1edf9cfc86a915829e56f81\System.ni.dll
06.12.2018 17:59:14, modified: 06.12.2018 17:59:14

Script: Quarantine, Delete, Delete via BC		1668087808.NET Framework© Microsoft Corporation. All rights reserved.BBE7610E48D3B40CE416FBC109E819E0no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ebe4549215365e4e973f90ba59b7b975\System.Drawing.ni.dll
07.12.2018 09:33:21, modified: 07.12.2018 09:33:21

Script: Quarantine, Delete, Delete via BC		1666383872.NET Framework© Microsoft Corporation. All rights reserved.7A75D800276F4B9E6C74EFAF14DC5A94no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bd3a9a9fbcb08e847ba475738d8d2797\System.Windows.Forms.ni.dll
07.12.2018 09:33:34, modified: 07.12.2018 09:33:34

Script: Quarantine, Delete, Delete via BC		1652621312.NET Framework© Microsoft Corporation. All rights reserved.A4929D8D4F2795B92CFD43220205DDE7no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3f2e6f8503eb4c756c45348fa97c85df\System.Core.ni.dll
06.12.2018 17:59:18, modified: 06.12.2018 17:59:18

Script: Quarantine, Delete, Delete via BC		1644363776.NET Framework© Microsoft Corporation. All rights reserved.37AA507ACE36261DCDF3174FF9B605A3no
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7198fd5e703181538745ce35b56ad516\System.Xml.ni.dll
06.12.2018 17:59:40, modified: 06.12.2018 17:59:40

Script: Quarantine, Delete, Delete via BC		1635123200.NET Framework© Microsoft Corporation. All rights reserved.57FFE2EFDE8BDB37C02BC61B9B61DCFAno
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\e4f38243998aa46e1be7bc7660e5f8b7\System.Configuration.ni.dll
06.12.2018 17:59:34, modified: 06.12.2018 17:59:34

Script: Quarantine, Delete, Delete via BC		1642725376System.Configuration.dll© Microsoft Corporation. All rights reserved.E44C34CC4C3DDE9B184D79484272CC07no
c:\program files\common files\logishrd\khal3\khalmnpr.exe
Script: Quarantine, Delete, Delete via BC, Terminate		10312Logitech KHAL Main Process(C) 1998-2018 Logitech. All rights reserved.C758C57B52B653AAECE74E2EADFE122B226,63 kb, rsAh,created: 29.08.2018 21:17:58,modified: 29.08.2018 21:17:58
Command line:
c:\program files\malwarebytes\anti-malware\mbamservice.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3988Malwarebytes Service(C) Malwarebytes. All rights reserved.ECB760B2391608BA4E0A7987ADA70CCF6198,30 kb, rsAh,created: 30.11.2018 18:47:39,modified: 19.09.2018 08:00:06
Command line:
c:\program files\malwarebytes\anti-malware\mbamtray.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3428Malwarebytes Tray Application© Malwarebytes. All rights reserved.727EFCFB3DDEF0906BA4B8D62BCFDDA53631,40 kb, rsAh,created: 30.11.2018 18:47:37,modified: 14.12.2018 18:55:52
Command line: "C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
14.12.2018 18:55:52

Script: Quarantine, Delete, Delete via BC		14680064Malwarebytes Tray Application© Malwarebytes. All rights reserved.727EFCFB3DDEF0906BA4B8D62BCFDDA5no
C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1850736640C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.69D9E1D4A82FFCE973652BB742B97ACAno
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1845559296C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.3B85A80EF1B1A88AB172F647A4B67788no
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1840906240C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.E66EC667078E707ADFE4AE4A4B2F4BC1no
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1837760512C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.12BBC36D2B259545A0DFC3E7ADC1FB59no
C:\Program Files\Malwarebytes\Anti-Malware\MSVCP140.dll
14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1837301760Microsoft® C Runtime Library© Microsoft Corporation. All rights reserved.9DDA681B0406C3575E666F52CBDE4F80no
C:\Program Files\Malwarebytes\Anti-Malware\VCRUNTIME140.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1837170688Microsoft® C Runtime Library© Microsoft Corporation. All rights reserved.E79EF25890B214B13A7473E52330D0ECno
C:\Program Files\Malwarebytes\Anti-Malware\mbcut.dll
14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1835401216Common Utilities(C) Malwarebytes. All rights reserved.A8F9900EC03B8C146FEE06B6F4A3CF32no
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1832386560C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.68CDA1C9BEB5058667A746C7FD01CF6Eno
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1830092800C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.E800DB762544BE7A761FBF9AAFC7D5C9no
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1824129024C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.52CCC457AC5ED9CAE7F6C2F04BEE3577no
C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1822294016C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.3D7DC5D1FF6985A06E0F4E736B5C22E5no
C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1822097408C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.41D1AC6E4652344E6E0F40C2E757555Eno
C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1822031872C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.172F2ED27C74EB1DC99DB5C8B125DBFBno
C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1821966336C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.AEEBF4C6A91FB7C952C4C23A2C2B899Bno
C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1821638656C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.57951FDDFF118189CC45EC4DC52990BAno
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1811152896C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.797ADFBCC8E00F44F2D0296B0B5BFEC3no
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1810366464C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.4D71E53C8503B027D1C88DEF4A330613no
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1810235392C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.38187F5567A13B1144764C6E8FD9202Cno
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1809973248C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.A4B23DFC2558CD0B87363FBE271E17BFno
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1809907712C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.A9110957226342A676CD4D13E459356Eno
C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:53

Script: Quarantine, Delete, Delete via BC		1809842176C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.8DF0446D2FB75EA9656F05F5D67C4D13no
C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
14.12.2018 18:56:17, modified: 14.12.2018 18:55:54

Script: Quarantine, Delete, Delete via BC		1809711104C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.ABA4C82D1906784713C5FBFA16BFB04Bno
c:\program files (x86)\eaton\personalsolutionpac\mgenetsystray.exe
Script: Quarantine, Delete, Delete via BC, Terminate		10540BE4F6B70D67E6E9D3BCB55828B1C80CB1224,00 kb, rsAh,created: 06.12.2018 19:03:05,modified: 24.09.2008 17:37:56
Command line: "C:\Program Files (x86)\EATON\PersonalSolutionPac\mgenetsystray.exe"
C:\Program Files (x86)\EATON\PersonalSolutionPac\mgenetsystray.exe
06.12.2018 19:03:05, modified: 24.09.2008 17:37:56

Script: Quarantine, Delete, Delete via BC		4194304  BE4F6B70D67E6E9D3BCB55828B1C80CBno
c:\program files\windowsapps\microsoft.windows.photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\microsoft.photos.exe
Script: Quarantine, Delete, Delete via BC, Terminate		1003662D06D7235B37895B68DE56687895743467,50 kb, rsAh,created: 17.11.2018 19:25:29,modified: 17.11.2018 19:37:55
Command line:
c:\program files (x86)\common files\acronis\infrastructure\mms_mini.exe
Script: Quarantine, Delete, Delete via BC, Terminate		3584Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.5AC3A342F3E508BADB84137273DC1C564695,40 kb, rsAh,created: 20.09.2018 20:07:30,modified: 20.09.2018 20:07:30
Command line: "C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe"
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe


Script: Quarantine, Delete, Delete via BC		2293760Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.5AC3A342F3E508BADB84137273DC1C56no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_text_bundle.dll


Script: Quarantine, Delete, Delete via BC		1952776192Texts for AB AgentCopyright (C) Acronis International GmbH, 2002-2016.AD53AE034CDBA300F1D0715D0DAD3854no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\resource.dll


Script: Quarantine, Delete, Delete via BC		1932328960Acronis Resource Loader DLLCopyright (C) Acronis International GmbH, 2002-2016.0749C2B85E052404CC073FF6C54F85AFno
C:\Program Files (x86)\Common Files\Acronis\Home\logging.dll


Script: Quarantine, Delete, Delete via BC		1927741440Event loggerCopyright (C) Acronis International GmbH, 2002-2018.C3F682DEB06EACF731D1A6B9C578182Cno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\security_core.dll


Script: Quarantine, Delete, Delete via BC		1927479296 Copyright (C) Acronis International GmbH, 2002-2016.45596D55705BD91464F45EA95394DC3Eno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\async_service.dll


Script: Quarantine, Delete, Delete via BC		1927151616Acronis Enterprise Core Async ServiceCopyright (C) Acronis International GmbH, 2002-2016.4330DF3159587FA84DB54C7087CAB5FEno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\settings.dll


Script: Quarantine, Delete, Delete via BC		1926692864Acronis Enterprise SettingsCopyright (C) Acronis International GmbH, 2002-2016.A62BCF16318C840DE3EE80A4C99EAABFno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\ipc_client.dll


Script: Quarantine, Delete, Delete via BC		1923022848Acronis Enterprise IPC ClientCopyright (C) Acronis International GmbH, 2002-2016.73E5B8BE676195F9078E22F236741660no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\ipc_server.dll


Script: Quarantine, Delete, Delete via BC		1920139264Acronis Enterprise IPCServerCopyright (C) Acronis International GmbH, 2002-2016.6555255AF8FCD16BF8F507FEEC71C0BBno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\access_manager.dll


Script: Quarantine, Delete, Delete via BC		1918238720Access Management implementationCopyright (C) Acronis International GmbH, 2002-2016.49ABBB75E9C3F7E1FBEBCDE574652683no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll


Script: Quarantine, Delete, Delete via BC		1914699776  E2A20389B201F9F93011A224F49BB4D6no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll


Script: Quarantine, Delete, Delete via BC		1913520128  A1B5862D5FAB22F697621C1B2B999C8Bno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\por.dll


Script: Quarantine, Delete, Delete via BC		1912668160Acronis Enterprise PORCopyright (C) Acronis International GmbH, 2002-2016.B6AFF2DF06846E1C348CB6319CBE8197no
C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll


Script: Quarantine, Delete, Delete via BC		1929707520Thread PoolCopyright (C) 2006 AcronisD7D3E14137216FC01D6187F168B6CC46no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\service_commands_addon.dll


Script: Quarantine, Delete, Delete via BC		1910898688Service commands addonCopyright (C) Acronis International GmbH, 2002-2016.43797FAA7B3029093B0D9F28A2EBDFB2no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\zmq_infra.dll


Script: Quarantine, Delete, Delete via BC		1907425280ZMQ Infrastructure addonCopyright (C) Acronis International GmbH, 2002-2016.7F974EB7C6B20E425374F32CCC0806B3no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\sync_connectivity_agent_addon.dll


Script: Quarantine, Delete, Delete via BC		1905983488sync connectivity agent addonCopyright (C) Acronis International GmbH, 2002-2016.DC4E712818AFF93C373E7ABB7F80364Eno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\dml.dll


Script: Quarantine, Delete, Delete via BC		1903689728Acronis Enterprise DMLCopyright (C) Acronis International GmbH, 2002-2016.7589BA03A3E8F9D3E9C9F5BF5C2007FBno
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\dml_sqlite_addon.dll


Script: Quarantine, Delete, Delete via BC		1901723648DML based on SQLite AddonCopyright (C) Acronis International GmbH, 2002-2016.678427A51B891870D1AF84E228E30399no
C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll


Script: Quarantine, Delete, Delete via BC		1928986624  59A7B3A1EA1EDAB9CD3586FDF195F446no
C:\Program Files (x86)\Common Files\Acronis\Home\curl.dll


Script: Quarantine, Delete, Delete via BC		1922433024libcurl Shared Library© 1996 - 2012 Daniel Stenberg, <daniel@haxx.se>.25D825FD45D0B12802B0456F3D94C956no
C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll


Script: Quarantine, Delete, Delete via BC		1924726784OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.5C8DC81FAF55F78107F845706485B0A6no
C:\Program Files (x86)\Common Files\Acronis\Home\libssl10.dll


Script: Quarantine, Delete, Delete via BC		1924333568OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.299D2509976E931C47352E6A45E91022no
C:\Program Files (x86)\Common Files\Acronis\Infrastructure\remote_facade.dll


Script: Quarantine, Delete, Delete via BC		1895563264Remote FacadeCopyright (C) Acronis International GmbH, 2002-2016.BA074DE974EF3B6D75462CBFF61E94F6no
C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
03.12.2018 13:57:39

Script: Quarantine, Delete, Delete via BC		1873870848  C26AB4BDF22B0375E7CECC6A7EE517EDno
C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll


Script: Quarantine, Delete, Delete via BC		1871839232  CCB34E6A0B28DE90F9F9D55940FAF14Fno
C:\Program Files (x86)\Common Files\Acronis\Home\archive3_adapter.dll


Script: Quarantine, Delete, Delete via BC		1870266368  9E6D2128FE5EECD374936F0F080AB79Ano
C:\Program Files (x86)\Common Files\Acronis\Home\pcs_io.dll


Script: Quarantine, Delete, Delete via BC		1869807616  5DC7CF0BD8A38CF1BFBBBE736FD9CE29no
C:\Program Files (x86)\Common Files\Acronis\Home\winpthreads4.dll


Script: Quarantine, Delete, Delete via BC		1869742080  69319A3161F98120B319FFFCFEF0AD16no
C:\Program Files (x86)\Common Files\Acronis\Home\zstd.dll


Script: Quarantine, Delete, Delete via BC		1869479936  E68E0C5BECB69BFCDCB1165B8625A974no
C:\Program Files (x86)\Common Files\Acronis\Home\schedule.dll


Script: Quarantine, Delete, Delete via BC		1864040448  515F078374091DC917BC81A3185BB3F3no
C:\Program Files (x86)\Common Files\Acronis\SnapAPI\snapapi.dll


Script: Quarantine, Delete, Delete via BC		1856503808Acronis Snapshot Dynamic Link LibraryCopyright © Acronis International GmbH, 2002-2013.E7A8CDA435124CCBBCF6B1C16D576398no
C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll


Script: Quarantine, Delete, Delete via BC		1819934720  66F53A90C9F458D42BAA24E782ED0C8Ano
C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll


Script: Quarantine, Delete, Delete via BC		1819672576  D2A473E833CA74261C4D5BCC72EDD739no
C:\Program Files (x86)\Common Files\Acronis\Home\http.dll


Script: Quarantine, Delete, Delete via BC		1819082752Http dllCopyright (C) Acronis International GmbH, 2002-2016.67CA4DE0FD889A0C95256171E668674Bno
C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll


Script: Quarantine, Delete, Delete via BC		1926496256  CEA56E4310046906AD0271DB1A66C954no
c:\programdata\microsoft\windows defender\platform\4.18.1812.3-0\mpcmdrun.exe
Script: Quarantine, Delete, Delete via BC, Terminate		6380Microsoft Malware Protection Command Line Utility© Microsoft Corporation. All rights reserved.FA121970C68FC5E586DEF0B21D5BCDAD457,63 kb, rsAh,created: 11.12.2018 15:37:40,modified: 11.12.2018 15:37:39
Command line:
c:\program files (x86)\nero\update\nasvc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		2056NeroUpdateCopyright 2017 Nero AG and its licensorsDB8FED660790858BEE0704577723AF26776,37 kb, rsAh,created: 27.11.2017 17:33:36,modified: 27.11.2017 17:33:36
Command line: "C:\Program Files (x86)\Nero\Update\NASvc.exe"
C:\Program Files (x86)\Nero\Update\NASvc.exe


Script: Quarantine, Delete, Delete via BC		16842752NeroUpdateCopyright 2017 Nero AG and its licensorsDB8FED660790858BEE0704577723AF26no
C:\Program Files (x86)\Nero\Update\NASvcPS.dll


Script: Quarantine, Delete, Delete via BC		1855389696NeroUpdate PS© 2017 Nero AG1F8E495A0245F02F1C51DB8579BABD68no
c:\users\dad\appdata\local\microsoft\onedrive\onedrive.exe
Script: Quarantine, Delete, Delete via BC, Terminate		10612Microsoft OneDrive© Microsoft Corporation. All rights reserved.8FA40C01CCD239C0CA7F747015E336B11507,09 kb, rsAh,created: 17.11.2018 18:39:33,modified: 16.12.2018 20:06:14
Command line: "C:\Users\DAD\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\OneDrive.exe
16.12.2018 20:06:14

Script: Quarantine, Delete, Delete via BC		14745600Microsoft OneDrive© Microsoft Corporation. All rights reserved.8FA40C01CCD239C0CA7F747015E336B1no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\ucrtbase.dll
16.12.2018 20:06:22, modified: 16.12.2018 20:06:22

Script: Quarantine, Delete, Delete via BC		1798963200Microsoft® C Runtime Library© Microsoft Corporation. All rights reserved.F4FC5B29E0F161AFAB64F2500D3899A8no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\LoggingPlatform.dll
16.12.2018 20:06:13, modified: 16.12.2018 20:06:13

Script: Quarantine, Delete, Delete via BC		1816657920Logging Platform© Microsoft Corporation. All rights reserved.62D1668C53BBD30AAF48B1428F72DBFEno
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\VCRUNTIME140.dll
16.12.2018 20:06:23, modified: 16.12.2018 20:06:23

Script: Quarantine, Delete, Delete via BC		1854275584Microsoft® C Runtime Library© Microsoft Corporation. All rights reserved.A570F580AC690E1F8D646939CF16C9AAno
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\MSVCP140.dll
16.12.2018 20:06:14, modified: 16.12.2018 20:06:14

Script: Quarantine, Delete, Delete via BC		1816199168Microsoft® C Runtime Library© Microsoft Corporation. All rights reserved.9F5A06303799D8C450CC5B997D8DB911no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncClient.dll
16.12.2018 20:06:12, modified: 16.12.2018 20:06:12

Script: Quarantine, Delete, Delete via BC		1795358720Microsoft OneDrive Client© Microsoft Corporation. All rights reserved.F83C65824F8EAD91A3EEAEC3C7704B1Bno
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\ETWLog.dll
16.12.2018 20:06:12, modified: 16.12.2018 20:06:12

Script: Quarantine, Delete, Delete via BC		1854210048ETW Session Library© Microsoft Corporation. All rights reserved.8C476BEC28B5809B95B48B4C61025668no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Telemetry.dll
16.12.2018 20:06:21, modified: 16.12.2018 20:06:21

Script: Quarantine, Delete, Delete via BC		1820786688Telemetry Library© Microsoft Corporation. All rights reserved.A2DAB6FAF0175E4961365CCAC82CCFC6no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\RemoteAccess.dll
16.12.2018 20:06:19, modified: 16.12.2018 20:06:19

Script: Quarantine, Delete, Delete via BC		1802108928Remote Access© Microsoft Corporation. All rights reserved.A9A294C13B4B339C0FFE7EB97406E19Fno
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncSessions.dll
16.12.2018 20:06:12, modified: 16.12.2018 20:06:12

Script: Quarantine, Delete, Delete via BC		1793589248P2P Session Library© Microsoft Corporation. All rights reserved.74F7D423430570410BD0A5A640863BC5no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\UpdateRingSettings.dll
16.12.2018 20:06:22, modified: 16.12.2018 20:06:22

Script: Quarantine, Delete, Delete via BC		1854472192Update Ring Settings© Microsoft Corporation. All rights reserved.68AC398A2E2C4475F4DD12B500BAAAA6no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\LogUploader.dll
16.12.2018 20:06:13, modified: 16.12.2018 20:06:13

Script: Quarantine, Delete, Delete via BC		1792999424OneDrive Sync LogUploader Library© Microsoft Corporation. All rights reserved.DBB4787D1C6FAE4C3A7D713A39CE8DA4no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncViews.dll
16.12.2018 20:06:12, modified: 16.12.2018 20:06:12

Script: Quarantine, Delete, Delete via BC		1785856000Microsoft OneDrive Qt Components© Microsoft Corporation. All rights reserved.80FDB62AF0CBD58C1E2EC06F58F0327Fno
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\SyncEngine.DLL
16.12.2018 20:06:20, modified: 16.12.2018 20:06:20

Script: Quarantine, Delete, Delete via BC		1786773504Microsoft OneDrive Sync Engine© Microsoft Corporation. All rights reserved.0C1B624BA5865647A676BEB67D2A32D7no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\WnsClientApi.dll
16.12.2018 20:06:23, modified: 16.12.2018 20:06:23

Script: Quarantine, Delete, Delete via BC		1784676352OneDrive WNS Client Library© Microsoft Corporation. All rights reserved.AA2816561BDE82B89D7056F95E6921DCno
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\ADAL.dll
16.12.2018 20:06:11, modified: 16.12.2018 20:06:11

Script: Quarantine, Delete, Delete via BC		1783365632ADAL.Native© Microsoft Corporation. All rights reserved.6EF9E496E235A2F8FB5F6282DFE5BEC9no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Qt5Qml.dll
16.12.2018 20:06:16, modified: 16.12.2018 20:06:16

Script: Quarantine, Delete, Delete via BC		1775501312C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.EEF122750F530369E70747E7F1FE21C8no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Qt5Quick.dll
16.12.2018 20:06:16, modified: 16.12.2018 20:06:16

Script: Quarantine, Delete, Delete via BC		1772355584C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.A52AA7396DD1C823769522D4ABB16B39no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Qt5Core.dll
16.12.2018 20:06:15, modified: 16.12.2018 20:06:15

Script: Quarantine, Delete, Delete via BC		1778450432C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.B7C493B3B5B2171BD1F398312F8807BCno
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Qt5WinExtras.dll
16.12.2018 20:06:18, modified: 16.12.2018 20:06:18

Script: Quarantine, Delete, Delete via BC		1762000896C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.34A2C85238DCEA2613FF0168A16B0E53no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Qt5Gui.dll
16.12.2018 20:06:15, modified: 16.12.2018 20:06:15

Script: Quarantine, Delete, Delete via BC		1767112704C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.E1D6C41155D1DBA9ED5779CCD1B0D675no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Qt5Widgets.dll
16.12.2018 20:06:17, modified: 16.12.2018 20:06:17

Script: Quarantine, Delete, Delete via BC		1762590720C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.BE1BD7E9B3EF8057A337EC29230B0A1Ano
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\Qt5Network.dll
16.12.2018 20:06:15, modified: 16.12.2018 20:06:15

Script: Quarantine, Delete, Delete via BC		1760821248C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.90EDA1678B19AE2BD7CA089B6F2F4027no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\LIBEAY32.dll
16.12.2018 20:06:13, modified: 16.12.2018 20:06:13

Script: Quarantine, Delete, Delete via BC		1759248384OpenSSL Shared LibraryCopyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.FBF38519599BA88BE4359922CAFD4EA8no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\SSLEAY32.dll
16.12.2018 20:06:20, modified: 16.12.2018 20:06:20

Script: Quarantine, Delete, Delete via BC		1758920704OpenSSL Shared LibraryCopyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.288D4B2875F72C68475EE8BF77B4FC33no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSync.Resources.dll
16.12.2018 20:06:12, modified: 16.12.2018 20:06:12

Script: Quarantine, Delete, Delete via BC		114556928Microsoft OneDrive© Microsoft Corporation. All rights reserved.4BB92A57358FF73D2AAD72C56416B6B8no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSync.LocalizedResources.dll
16.12.2018 20:06:12, modified: 16.12.2018 20:06:12

Script: Quarantine, Delete, Delete via BC		110362624Microsoft OneDrive© Microsoft Corporation. Tous droits réservés.09616D1C7FF7B743EB8BD180A6FBEFF6no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\platforms\qwindows.dll
16.12.2018 20:06:24, modified: 16.12.2018 20:06:24

Script: Quarantine, Delete, Delete via BC		1753481216C++ Application Development FrameworkCopyright (C) 2017 The Qt Company Ltd.7F554BA01D0A991CC01239E286FAD6A7no
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\18.222.1104.0007\FileSyncFALWB.dll
16.12.2018 20:06:12, modified: 16.12.2018 20:06:12

Script: Quarantine, Delete, Delete via BC		1751121920Microsoft OneDriveFile Sync FAL WB© Microsoft Corporation. All rights reserved.0057AF2062C340CAEC3B9111CC7A52F0no
c:\program files (x86)\eaton\personalsolutionpac\pctl.exe
Script: Quarantine, Delete, Delete via BC, Terminate		452047A8A1AA07894D891598F0F93321A294312,00 kb, rsAh,created: 06.12.2018 19:03:03,modified: 29.11.2010 11:13:58
Command line: "C:\Program Files (x86)\EATON\PersonalSolutionPac\PCtl.exe"
C:\Program Files (x86)\EATON\PersonalSolutionPac\PCtl.exe
06.12.2018 19:03:03, modified: 29.11.2010 11:13:58

Script: Quarantine, Delete, Delete via BC		4194304  47A8A1AA07894D891598F0F93321A294no
c:\program files\amd\cnext\cnext\radeonsettings.exe
Script: Quarantine, Delete, Delete via BC, Terminate		7624Radeon Settings: Host ApplicationCopyright (C) 2018 Advanced Micro Devices, Inc.0FA3930CFE65DC235BDB8508CFCBB69912252,38 kb, rsAh,created: 16.11.2018 13:06:30,modified: 16.11.2018 13:06:30
Command line:
Registry.exe
Script: Quarantine, Delete, Delete via BC, Terminate		120error getting file info
Command line:
c:\program files (x86)\eaton\personalsolutionpac\runsc.exe
Script: Quarantine, Delete, Delete via BC, Terminate		34449692CB98E13012C3FC013B376BC46BBD124,00 kb, rsAh,created: 06.12.2018 19:03:05,modified: 29.11.2010 11:14:06
Command line: "C:\Program Files (x86)\EATON\PersonalSolutionPac\RunSC.exe"
C:\Program Files (x86)\EATON\PersonalSolutionPac\RunSC.exe
06.12.2018 19:03:05, modified: 29.11.2010 11:14:06

Script: Quarantine, Delete, Delete via BC		4194304  9692CB98E13012C3FC013B376BC46BBDno
c:\program files (x86)\common files\acronis\schedule2\schedul2.exe
Script: Quarantine, Delete, Delete via BC, Terminate		33805F605204501B9318CD22BB2EA4672D091130,46 kb, rsAh,created: 23.11.2018 12:07:34,modified: 23.11.2018 12:07:34
Command line: "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe


Script: Quarantine, Delete, Delete via BC		2555904  5F605204501B9318CD22BB2EA4672D09no
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schdevid.dll


Script: Quarantine, Delete, Delete via BC		1924268032  A92B05EDAB96DF28649227CDC63FE646no
c:\program files\logitech\setpointp\setpoint.exe
Script: Quarantine, Delete, Delete via BC, Terminate		532Logitech SetPoint Event Manager (UNICODE)(C) 1998-2018 Logitech. All rights reserved.9561BCB3E397397F815F492EDFACA67E3062,63 kb, rsAh,created: 07.09.2018 18:06:32,modified: 07.09.2018 18:06:32
Command line:
c:\program files (x86)\common files\acronis\syncagent\syncagentsrv.exe
Script: Quarantine, Delete, Delete via BC, Terminate		8964FAB8BBA9C2D355EECDCC2669D3AA39116961,11 kb, rsAh,created: 23.11.2018 12:08:28,modified: 23.11.2018 12:08:28
Command line: "C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe"
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe


Script: Quarantine, Delete, Delete via BC		18022400  FAB8BBA9C2D355EECDCC2669D3AA3911no
C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll


Script: Quarantine, Delete, Delete via BC		1929707520Thread PoolCopyright (C) 2006 AcronisD7D3E14137216FC01D6187F168B6CC46no
C:\Program Files (x86)\Common Files\Acronis\Home\libssl10.dll


Script: Quarantine, Delete, Delete via BC		1924333568OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.299D2509976E931C47352E6A45E91022no
C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll


Script: Quarantine, Delete, Delete via BC		1924726784OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.5C8DC81FAF55F78107F845706485B0A6no
C:\Program Files (x86)\Common Files\Acronis\Home\curl.dll


Script: Quarantine, Delete, Delete via BC		1922433024libcurl Shared Library© 1996 - 2012 Daniel Stenberg, <daniel@haxx.se>.25D825FD45D0B12802B0456F3D94C956no
C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll


Script: Quarantine, Delete, Delete via BC		1858535424  C345CC56EC999E6B6A786021B0228D73no
C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll


Script: Quarantine, Delete, Delete via BC		1928986624  59A7B3A1EA1EDAB9CD3586FDF195F446no
c:\program files (x86)\acronis\trueimagehome\trueimagemonitor.exe
Script: Quarantine, Delete, Delete via BC, Terminate		110001A3BF15FD3137D0D4C4EBE9C669CF7674673,48 kb, rsAh,created: 23.11.2018 13:02:28,modified: 23.11.2018 13:02:28
Command line: "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe


Script: Quarantine, Delete, Delete via BC		18874368  1A3BF15FD3137D0D4C4EBE9C669CF767no
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Widgets.dll


Script: Quarantine, Delete, Delete via BC		1587281920C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.0710D38591946948EC393F2F3D4067D7no
C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll


Script: Quarantine, Delete, Delete via BC		1574961152  E1C723CD49230B53351B5B1BCA585DC8no
C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll


Script: Quarantine, Delete, Delete via BC		1819934720  66F53A90C9F458D42BAA24E782ED0C8Ano
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Gui.dll


Script: Quarantine, Delete, Delete via BC		1569193984C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.C81B1D283977FFE75FC4435F8029C0D9no
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Core.dll


Script: Quarantine, Delete, Delete via BC		1564213248C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.BB4419E041E1DC23C339A86481FCD0E1no
C:\Program Files (x86)\Acronis\TrueImageHome\qt_supp.dll


Script: Quarantine, Delete, Delete via BC		1563361280  1220C7F95EF87319E5E8B511DC406EE3no
C:\Program Files (x86)\Acronis\TrueImageHome\qt_supp_ex.dll


Script: Quarantine, Delete, Delete via BC		1562378240  1593B894F7B2809C4D43260636213139no
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WebKit.dll


Script: Quarantine, Delete, Delete via BC		1537802240C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.DD7E955EC00A98D4E3EA58EBC189EB4Fno
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Network.dll


Script: Quarantine, Delete, Delete via BC		1533083648C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.30636DBD9FB5AA72F51CEB9CE06C653Dno
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WebKitWidgets.dll


Script: Quarantine, Delete, Delete via BC		1532821504C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.90662C453AA33EA4B52DD209D5F75444no
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5WinExtras.dll


Script: Quarantine, Delete, Delete via BC		1532493824C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.A50D429E677B3D72D29F5549BC0EDFEFno
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Sql.dll


Script: Quarantine, Delete, Delete via BC		1532231680C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.5E9CB7016BE5FC27C7F1F2C3F1AFC3E9no
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5PrintSupport.dll


Script: Quarantine, Delete, Delete via BC		1531904000C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.F058458D73CE3D1D96AEB77873CE814Eno
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Qml.dll


Script: Quarantine, Delete, Delete via BC		1528561664C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.1D9AA1E32625789695049A838662449Fno
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5Quick.dll


Script: Quarantine, Delete, Delete via BC		1525415936C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.3344ACAC576B0EBE3D4F808017C3A23Ano
C:\Program Files (x86)\Acronis\TrueImageHome\Qt5OpenGL.dll


Script: Quarantine, Delete, Delete via BC		1525022720C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.E6A926830A153D2BFB96487BB8484801no
C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll


Script: Quarantine, Delete, Delete via BC		1871839232  CCB34E6A0B28DE90F9F9D55940FAF14Fno
C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
03.12.2018 13:57:39

Script: Quarantine, Delete, Delete via BC		1873870848  C26AB4BDF22B0375E7CECC6A7EE517EDno
C:\Program Files (x86)\Common Files\Acronis\Home\logging.dll


Script: Quarantine, Delete, Delete via BC		1927741440Event loggerCopyright (C) Acronis International GmbH, 2002-2018.C3F682DEB06EACF731D1A6B9C578182Cno
C:\Program Files (x86)\Common Files\Acronis\Home\archive3_adapter.dll


Script: Quarantine, Delete, Delete via BC		1870266368  9E6D2128FE5EECD374936F0F080AB79Ano
C:\Program Files (x86)\Common Files\Acronis\Home\pcs_io.dll


Script: Quarantine, Delete, Delete via BC		1869807616  5DC7CF0BD8A38CF1BFBBBE736FD9CE29no
C:\Program Files (x86)\Common Files\Acronis\Home\libssl10.dll


Script: Quarantine, Delete, Delete via BC		1924333568OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.299D2509976E931C47352E6A45E91022no
C:\Program Files (x86)\Common Files\Acronis\Home\zstd.dll


Script: Quarantine, Delete, Delete via BC		1869479936  E68E0C5BECB69BFCDCB1165B8625A974no
C:\Program Files (x86)\Common Files\Acronis\Home\libcrypto10.dll


Script: Quarantine, Delete, Delete via BC		1924726784OpenSSL shared libraryCopyright ?© 1998-2006 The OpenSSL Project. Copyright ?© 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.5C8DC81FAF55F78107F845706485B0A6no
C:\Program Files (x86)\Common Files\Acronis\Home\winpthreads4.dll


Script: Quarantine, Delete, Delete via BC		1869742080  69319A3161F98120B319FFFCFEF0AD16no
C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll


Script: Quarantine, Delete, Delete via BC		1929707520Thread PoolCopyright (C) 2006 AcronisD7D3E14137216FC01D6187F168B6CC46no
C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll


Script: Quarantine, Delete, Delete via BC		1928986624  59A7B3A1EA1EDAB9CD3586FDF195F446no
C:\Program Files (x86)\Common Files\Acronis\Home\schedule.dll


Script: Quarantine, Delete, Delete via BC		1864040448  515F078374091DC917BC81A3185BB3F3no
C:\Program Files (x86)\Acronis\TrueImageHome\platforms\qwindows.dll


Script: Quarantine, Delete, Delete via BC		1523843072C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.1B104497A1A595315030F1A8989E29D5no
C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll


Script: Quarantine, Delete, Delete via BC		1634861056  2AFC34E45DC8C3490F0EB13CB3FA515Ano
C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qgif.dll


Script: Quarantine, Delete, Delete via BC		1634795520C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.91A46B5CEAEC6793346E976CFE312122no
C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qico.dll


Script: Quarantine, Delete, Delete via BC		1523777536C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.EA398BE2B46580EB363D325D3EDE284Eno
C:\Program Files (x86)\Acronis\TrueImageHome\imageformats\qjpeg.dll


Script: Quarantine, Delete, Delete via BC		1523449856C++ application development framework.Copyright (C) 2015 The Qt Company Ltd.78418952A43128BCB8D471532BFD73C2no
C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll


Script: Quarantine, Delete, Delete via BC		1819672576  D2A473E833CA74261C4D5BCC72EDD739no
C:\Program Files (x86)\Common Files\Acronis\Tnd\tnd_driver_api.dll


Script: Quarantine, Delete, Delete via BC		1517486080Acronis Try&Decide LibraryCopyright © Acronis International GmbH, 2002-2015.C23841DEE98C4D9FC88701A6BED9CAF8no
C:\Program Files (x86)\Common Files\Acronis\Home\http.dll


Script: Quarantine, Delete, Delete via BC		1819082752Http dllCopyright (C) Acronis International GmbH, 2002-2016.67CA4DE0FD889A0C95256171E668674Bno
C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll


Script: Quarantine, Delete, Delete via BC		1926496256  CEA56E4310046906AD0271DB1A66C954no
c:\program files\windowsapps\microsoft.windowsstore_11810.1001.12.0_x64__8wekyb3d8bbwe\winstore.app.exe
Script: Quarantine, Delete, Delete via BC, Terminate		9776StoreCopyright © 2015FEDC81E87FBD2180E99A71D9DEC2771816,00 kb, rsAh,created: 17.11.2018 19:27:47,modified: 17.11.2018 19:28:32
Command line:
Detected:156, recognized as trusted 111

Kernel Space Modules Viewer

Module Redirector Base address Size in memory Description Manufacturer
C:\Windows\system32\drivers\wd\WdFilter.sys
323,18 kb, rsAh, created: 11.12.2018 15:37:40, modified: 11.12.2018 15:37:39
Script: Quarantine, Delete, Delete via BC		x64D41F000000054000 (344064)Microsoft antimalware file system filter driver© Microsoft Corporation. All rights reserved.
C:\Windows\System32\Drivers\dump_diskdump.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		x6432F400000000F000 (61440)  
C:\Windows\System32\Drivers\dump_storahci.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		x6432F800000002D000 (184320)  
C:\Windows\System32\Drivers\dump_dumpfve.sys
error getting file info
Script: Quarantine, Delete, Delete via BC		x6432FD00000001D000 (118784)  
C:\Windows\system32\drivers\wd\WdNisDrv.sys
60,68 kb, rsAh, created: 11.12.2018 15:37:40, modified: 11.12.2018 15:37:39
Script: Quarantine, Delete, Delete via BC		x6473D1000000012000 (73728)Windows Defender Network Stream Filter© Microsoft Corporation. All rights reserved.
C:\Windows\system32\drivers\IOMap64.sys
34,52 kb, rsah, created: 17.11.2018 19:03:12, modified: 26.01.2017 21:50:28
Script: Quarantine, Delete, Delete via BC		x64744E000000009000 (36864)ASUS Kernel Mode Driver for NT Copyright 2017 ASUSTeK Computer Inc.
Items found - 198, recognized as trusted - 192

Autoruns

File name Redirector Startup method Description
C:\PROGRA~1\MICROS~1\Office15\OLMAPI32.DLL
5476,08 kb, rsAh, created: 15.11.2018 18:16:44, modified: 15.11.2018 18:16:44
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Outlook\Performance, Library
Delete
C:\Windows\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\ATIeRecord, EventMessageFile
C:\Windows\System32\icardres.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\CardSpace 4.0.0.0, EventMessageFile
C:\Program Files\Common Files\Microsoft Shared\Ink\IPSEventLogMsg.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Handwriting Recognition, EventMessageFile
c:\program files\common files\logishrd\bluetooth\LBTServMsg.dll
9,13 kb, rsAh, created: 13.06.2018 22:56:16, modified: 13.06.2018 22:56:16
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LBTServ, EventMessageFile
C:\Program Files\Microsoft Office\Office15\1036\lyncDesktopResources.dll
636,28 kb, rsAh, created: 02.11.2018 08:45:34, modified: 02.11.2018 08:45:34
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\LyncPlatform, EventMessageFile
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
6198,30 kb, rsAh, created: 30.11.2018 18:47:39, modified: 19.09.2018 08:00:06
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\MBAMService, EventMessageFile
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE15\MSORES.DLL
131910,75 kb, rsAh, created: 20.09.2018 18:37:42, modified: 20.09.2018 18:37:42
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Microsoft Office 15, EventMessageFile
C:\PROGRA~1\MICROS~1\Office15\1036\MAPIR.DLL
1306,70 kb, rsAh, created: 02.11.2018 08:59:32, modified: 02.11.2018 08:59:32
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Outlook, EventMessageFile
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
1644,78 kb, rsAh, created: 04.12.2018 10:30:13, modified: 26.11.2018 21:29:32
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\Steam Client Service, EventMessageFile
c:\74fe5e2f7731086724733c9bd5\DW\DW20.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\Application\VSSetup, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdag, EventMessageFile
C:\Windows\System32\drivers\ati2erec.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\amdkmdap, EventMessageFile
C:\Windows\System32\Drivers\UMDF\UsbccidDriver.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\Microsoft-Windows-USB-CCID, EventMessageFile
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk,
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk,
C:\Program Files (x86)\Google\Google
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Earth Pro.lnk,
Pro\client\googleearth.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Earth Pro.lnk,
C:\Users\DAD\AppData\Local\Molotov\Molotov.exe
276,00 kb, rsAh, created: 28.11.2018 13:23:27, modified: 28.11.2018 13:23:27
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Molotov.lnk,
C:\Program Files (x86)\Pouchin
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pouchin TV Mod.lnk,
Mod\PouchinTVMod_x64.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Pouchin TV Mod.lnk,
C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
0,34 kb, rsAh, created: 17.11.2018 18:36:45, modified: 20.11.2018 07:58:16
Script: Quarantine, Delete, Delete via BC		x64File in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk,
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk,
C:\Program Files (x86)\ZedTV\zedtv.exe
1263,00 kb, rsAh, created: 18.11.2018 14:00:53, modified: 20.11.2018 14:56:46
Script: Quarantine, Delete, Delete via BC		x64Shortcut in Startup folderC:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\, C:\Users\DAD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ZedTV.lnk,
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, TrueImageMonitor.exe
Delete
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
121,63 kb, rsAh, created: 13.03.2018 15:35:04, modified: 13.03.2018 15:35:04
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Monitor
Delete
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
264,56 kb, rsAh, created: 19.11.2018 17:50:16, modified: 17.06.2015 16:03:40
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, IJNetworkScannerSelectorEX2
Delete
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
55,66 kb, rsAh, created: 02.07.2014 03:44:48, modified: 02.07.2014 03:44:48
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, FLxHCIm64
Delete
C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe
1827,48 kb, rsAh, created: 20.09.2018 07:32:24, modified: 20.09.2018 07:32:24
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Acrobat Assistant 8.0
Delete
C:\Program Files (x86)\EATON\PersonalSolutionPac\mgenetsystray.exe
1224,00 kb, rsAh, created: 06.12.2018 19:03:05, modified: 24.09.2008 17:37:56
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, pspNetSystray
Delete
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1507,09 kb, rsAh, created: 17.11.2018 18:39:33, modified: 16.12.2018 20:06:14
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive
Delete
C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
10318,70 kb, rsAh, created: 02.09.2015 12:00:08, modified: 02.09.2015 12:00:08
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, FileHippo.com
Delete
C:\Program Files\Microsoft Office\Office15\lync.exe
27518,81 kb, rsAh, created: 31.10.2018 12:18:24, modified: 31.10.2018 12:18:24
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Lync
Delete
C:\Program Files (x86)\Steam\steam.exe
3058,28 kb, rsAh, created: 22.05.2018 01:30:20, modified: 26.11.2018 21:29:30
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam
Delete
.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\Windows\Microsoft.NET\Framework\v4.7.3190\aspnet_isapi.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\ASP.NET\4.7.3190.0, DllFullPath
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8BA85C75-763B-4103-94EB-9470F12FE0F7}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete
C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL
322,73 kb, rsAh, created: 31.10.2018 12:21:36, modified: 31.10.2018 12:21:36
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {DB19096C-5365-4164-A246-59FEFF9D8062}
Delete
C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
5146,91 kb, rsAh, created: 23.11.2018 12:08:34, modified: 23.11.2018 12:08:34
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C539A15B-3AF9-4c92-B771-50CB78F5C751}
Delete
C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
5146,91 kb, rsAh, created: 23.11.2018 12:08:34, modified: 23.11.2018 12:08:34
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Delete
C:\Program Files (x86)\Common Files\Nero\Nero 2018\NeroShellExt\NeroShellExt.dll
2931,87 kb, rsAh, created: 21.11.2017 02:49:38, modified: 21.11.2017 02:49:38
Script: Quarantine, Delete, Delete via BC		x32Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B700823E-66A8-4489-8FC0-C0909F3BAF6B}
Delete
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
736,73 kb, rsAh, created: 23.11.2018 12:07:34, modified: 23.11.2018 12:07:34
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, Acronis Scheduler2 Service
Delete
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
2607,48 kb, rsAh, created: 10.09.2018 11:21:56, modified: 10.09.2018 11:21:56
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AdobeGCInvoker-1.0
Delete
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
497,98 kb, rsAh, created: 11.04.2018 00:54:48, modified: 11.04.2018 00:54:48
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, AdobeAAMUpdater-1.0
Delete
C:\Program Files\Logitech\SetPointP\SetPoint.exe
3062,63 kb, rsAh, created: 07.09.2018 18:06:32, modified: 07.09.2018 18:06:32
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, EvtMgr6
Delete
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1507,09 kb, rsAh, created: 17.11.2018 18:39:33, modified: 16.12.2018 20:06:14
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, OneDrive
Delete
C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
10318,70 kb, rsAh, created: 02.09.2015 12:00:08, modified: 02.09.2015 12:00:08
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, FileHippo.com
Delete
C:\Program Files\Microsoft Office\Office15\lync.exe
27518,81 kb, rsAh, created: 31.10.2018 12:18:24, modified: 31.10.2018 12:18:24
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Lync
Delete
C:\Program Files (x86)\Steam\steam.exe
3058,28 kb, rsAh, created: 22.05.2018 01:30:20, modified: 26.11.2018 21:29:30
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, Steam
Delete
C:\PROGRA~1\MICROS~1\Office15\MLCFG32.CPL
83,37 kb, rsAh, created: 31.10.2018 12:18:18, modified: 31.10.2018 12:18:18
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls, mlcfg32.cpl
Delete
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
66,13 kb, rsAh, created: 13.06.2018 22:56:04, modified: 13.06.2018 22:56:04
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn, DLLName
Delete
.dll
error getting file info
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Lsa, Security Packages
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {8BA85C75-763B-4103-94EB-9470F12FE0F7}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete
C:\Program Files\WinRAR\rarext.dll
519,71 kb, rsAh, created: 18.11.2018 20:39:39, modified: 30.09.2018 19:02:15
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B41DB860-64E4-11D2-9906-E49FADC173CA}
Delete
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll
179,12 kb, rsAh, created: 18.11.2018 20:47:23, modified: 06.09.2018 12:01:16
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
Delete
C:\Program Files (x86)\Common Files\Nero\Nero 2018\NeroShellExt\x64\NeroShellExt.dll
3838,87 kb, rsAh, created: 21.11.2017 02:49:42, modified: 21.11.2017 02:49:42
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {B700823E-66A8-4489-8FC0-C0909F3BAF6B}
Delete
C:\Program Files\AMD\CNext\CNext\atiacm64.dll
1427,88 kb, rsAh, created: 16.11.2018 13:06:02, modified: 16.11.2018 13:06:02
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {5E2121EE-0300-11D4-8D3B-444553540000}
Delete
C:\Program Files\Logitech\SetPointP\kbcplext.dll
109,63 kb, rsAh, created: 07.09.2018 18:18:00, modified: 07.09.2018 18:18:00
Script: Quarantine, Delete, Delete via BC		x64Registry keyHKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved, {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
Delete
Items found - 1095, recognized as trusted - 1031

Internet Explorer extension modules (BHOs, Toolbars ...)

File name Redirector Type Description Manufacturer CLSID
C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
159,70 kb, rsAh, created: 31.10.2018 12:21:36, modified: 31.10.2018 12:21:36
Script: Quarantine, Delete, Delete via BC		x32BHOSkype for Business {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Delete
C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
357,63 kb, rsAh, created: 07.09.2018 18:18:00, modified: 07.09.2018 18:18:00
Script: Quarantine, Delete, Delete via BC		x32BHOLogitech SetPoint(C) 1998-2018 Logitech. All rights reserved.{AF949550-9094-4807-95EC-D1C317803333}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32BHOMicrosoft OneDrive for Business Extensions {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete
C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
494,77 kb, rsAh, created: 10.04.2018 20:58:26, modified: 10.04.2018 20:58:26
Script: Quarantine, Delete, Delete via BC		x32Extension moduleMicrosoft OneNote Internet Explorer Add-in {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
159,70 kb, rsAh, created: 31.10.2018 12:21:36, modified: 31.10.2018 12:21:36
Script: Quarantine, Delete, Delete via BC		x32Extension moduleSkype for Business {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Delete
C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
465,27 kb, rsAh, created: 10.04.2018 20:58:26, modified: 10.04.2018 20:58:26
Script: Quarantine, Delete, Delete via BC		x32Extension moduleMicrosoft OneNote Internet Explorer Add-in {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
Delete
C:\Program Files\Microsoft Office\Office15\OCHelper.dll
223,67 kb, rsAh, created: 31.10.2018 12:18:16, modified: 31.10.2018 12:18:16
Script: Quarantine, Delete, Delete via BC		x64BHOSkype for Business {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Delete
C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
212,68 kb, rsAh, created: 19.11.2018 18:02:34, modified: 23.02.2016 20:24:00
Script: Quarantine, Delete, Delete via BC		x64BHOEasy-WebPrint EXCopyright CANON INC. 2011-2016.{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
Delete
C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
167,68 kb, rsAh, created: 20.09.2018 07:32:28, modified: 20.09.2018 07:32:28
Script: Quarantine, Delete, Delete via BC		x64BHOAdobe PDF Toolbar for Internet ExplorerCopyright 1984-2015 Adobe Systems Incorporated and its licensors. All rights reserved.{AE7CD045-E861-484f-8273-0445EE161910}
Delete
C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
425,13 kb, rsAh, created: 07.09.2018 18:18:00, modified: 07.09.2018 18:18:00
Script: Quarantine, Delete, Delete via BC		x64BHOLogitech SetPoint(C) 1998-2018 Logitech. All rights reserved.{AF949550-9094-4807-95EC-D1C317803333}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64BHOMicrosoft OneDrive for Business Extensions {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete
C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
167,68 kb, rsAh, created: 20.09.2018 07:32:28, modified: 20.09.2018 07:32:28
Script: Quarantine, Delete, Delete via BC		x64BHOAdobe PDF Toolbar for Internet ExplorerCopyright 1984-2015 Adobe Systems Incorporated and its licensors. All rights reserved.{F4971EE7-DAA0-4053-9964-665D8EE6A077}
Delete
C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
6005,16 kb, rsAh, created: 19.11.2018 18:02:34, modified: 23.02.2016 20:30:04
Script: Quarantine, Delete, Delete via BC		x64ToolbarEasy-WebPrint EXCopyright CANON INC. 2009-2016.{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
Delete
C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
167,68 kb, rsAh, created: 20.09.2018 07:32:28, modified: 20.09.2018 07:32:28
Script: Quarantine, Delete, Delete via BC		x64ToolbarAdobe PDF Toolbar for Internet ExplorerCopyright 1984-2015 Adobe Systems Incorporated and its licensors. All rights reserved.{47833539-D0C5-4125-9FA8-0819E2EAAC93}
Delete
C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
610,27 kb, rsAh, created: 10.04.2018 20:53:24, modified: 10.04.2018 20:53:24
Script: Quarantine, Delete, Delete via BC		x64Extension moduleMicrosoft OneNote Internet Explorer Add-in {2670000A-7350-4f3c-8081-5663EE0C6C49}
Delete
C:\Program Files\Microsoft Office\Office15\OCHelper.dll
223,67 kb, rsAh, created: 31.10.2018 12:18:16, modified: 31.10.2018 12:18:16
Script: Quarantine, Delete, Delete via BC		x64Extension moduleSkype for Business {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Delete
C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
573,77 kb, rsAh, created: 10.04.2018 20:53:24, modified: 10.04.2018 20:53:24
Script: Quarantine, Delete, Delete via BC		x64Extension moduleMicrosoft OneNote Internet Explorer Add-in {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
Delete
C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
6005,16 kb, rsAh, created: 19.11.2018 18:02:34, modified: 23.02.2016 20:30:04
Script: Quarantine, Delete, Delete via BC		x64Explorer BarEasy-WebPrint EXCopyright CANON INC. 2009-2016.{21347690-EC41-4F9A-8887-1F4AEE672439}
Delete
Items found - 26, recognized as trusted - 8

Windows Explorer extension modules

File name Redirector Destination Description Manufacturer $CLSID

error getting file info		x32Contacts folder  {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete

error getting file info		x32WebCheck  {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)Microsoft OneDrive for Business Extensions {8BA85C75-763B-4103-94EB-9470F12FE0F7}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)Microsoft OneDrive for Business Extensions {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Icon Overlay 3 (InSync)Microsoft OneDrive for Business Extensions {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Browser HelperMicrosoft OneDrive for Business Extensions {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete
C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL
322,73 kb, rsAh, created: 31.10.2018 12:21:36, modified: 31.10.2018 12:21:36
Script: Quarantine, Delete, Delete via BC		x32NameextMicrosoft Office 2013 component {DB19096C-5365-4164-A246-59FEFF9D8062}
Delete
C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
5146,91 kb, rsAh, created: 23.11.2018 12:08:34, modified: 23.11.2018 12:08:34
Script: Quarantine, Delete, Delete via BC		x32Acronis True Image Shell Extension  {C539A15B-3AF9-4c92-B771-50CB78F5C751}
Delete
C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
5146,91 kb, rsAh, created: 23.11.2018 12:08:34, modified: 23.11.2018 12:08:34
Script: Quarantine, Delete, Delete via BC		x32Acronis True Image Shell Context Menu Extension  {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Delete
C:\Program Files (x86)\Common Files\Nero\Nero 2018\NeroShellExt\NeroShellExt.dll
2931,87 kb, rsAh, created: 21.11.2017 02:49:38, modified: 21.11.2017 02:49:38
Script: Quarantine, Delete, Delete via BC		x32Nero Shell Extension 2018Nero Burning ROM Shell ExtensionCopyright (C) 2017 Nero AG and its licensors{B700823E-66A8-4489-8FC0-C0909F3BAF6B}
Delete

error getting file info		x32Contacts folder  {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete

error getting file info		x32WebCheck  {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)Microsoft OneDrive for Business Extensions {8BA85C75-763B-4103-94EB-9470F12FE0F7}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)Microsoft OneDrive for Business Extensions {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Icon Overlay 3 (InSync)Microsoft OneDrive for Business Extensions {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
Delete
C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
1703,78 kb, rsAh, created: 18.07.2018 22:15:52, modified: 18.07.2018 22:15:52
Script: Quarantine, Delete, Delete via BC		x32Microsoft SkyDrive Pro Browser HelperMicrosoft OneDrive for Business Extensions {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete
C:\Program Files (x86)\Microsoft Office\Office15\NAMEEXT.DLL
322,73 kb, rsAh, created: 31.10.2018 12:21:36, modified: 31.10.2018 12:21:36
Script: Quarantine, Delete, Delete via BC		x32NameextMicrosoft Office 2013 component {DB19096C-5365-4164-A246-59FEFF9D8062}
Delete
C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
5146,91 kb, rsAh, created: 23.11.2018 12:08:34, modified: 23.11.2018 12:08:34
Script: Quarantine, Delete, Delete via BC		x32Acronis True Image Shell Extension  {C539A15B-3AF9-4c92-B771-50CB78F5C751}
Delete
C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
5146,91 kb, rsAh, created: 23.11.2018 12:08:34, modified: 23.11.2018 12:08:34
Script: Quarantine, Delete, Delete via BC		x32Acronis True Image Shell Context Menu Extension  {C539A15A-3AF9-4c92-B771-50CB78F5C751}
Delete
C:\Program Files (x86)\Common Files\Nero\Nero 2018\NeroShellExt\NeroShellExt.dll
2931,87 kb, rsAh, created: 21.11.2017 02:49:38, modified: 21.11.2017 02:49:38
Script: Quarantine, Delete, Delete via BC		x32Nero Shell Extension 2018Nero Burning ROM Shell ExtensionCopyright (C) 2017 Nero AG and its licensors{B700823E-66A8-4489-8FC0-C0909F3BAF6B}
Delete

error getting file info		x64Contacts folder  {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete

error getting file info		x64WebCheck  {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)Microsoft OneDrive for Business Extensions {8BA85C75-763B-4103-94EB-9470F12FE0F7}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)Microsoft OneDrive for Business Extensions {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Icon Overlay 3 (InSync)Microsoft OneDrive for Business Extensions {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Browser HelperMicrosoft OneDrive for Business Extensions {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete

error getting file info		x64WinRAR shell extension  {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Delete
C:\Program Files\WinRAR\rarext.dll
519,71 kb, rsAh, created: 18.11.2018 20:39:39, modified: 30.09.2018 19:02:15
Script: Quarantine, Delete, Delete via BC		x64WinRAR shell extensionWinRAR shell extensionCopyright © Alexander Roshal 1993-2018{B41DB860-64E4-11D2-9906-E49FADC173CA}
Delete
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll
179,12 kb, rsAh, created: 18.11.2018 20:47:23, modified: 06.09.2018 12:01:16
Script: Quarantine, Delete, Delete via BC		x64Revo Uninstaller Pro ExtensionRevo Uninstaller Pro Extension (c) VS Revo Group Ltd. All rights reserved.{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
Delete
C:\Program Files (x86)\Common Files\Nero\Nero 2018\NeroShellExt\x64\NeroShellExt.dll
3838,87 kb, rsAh, created: 21.11.2017 02:49:42, modified: 21.11.2017 02:49:42
Script: Quarantine, Delete, Delete via BC		x64Nero Shell Extension 2018Nero Burning ROM Shell ExtensionCopyright (C) 2017 Nero AG and its licensors{B700823E-66A8-4489-8FC0-C0909F3BAF6B}
Delete
C:\Program Files\AMD\CNext\CNext\atiacm64.dll
1427,88 kb, rsAh, created: 16.11.2018 13:06:02, modified: 16.11.2018 13:06:02
Script: Quarantine, Delete, Delete via BC		x64Catalyst Context Menu extensionRadeon Settings: Desktop Control PanelCopyright (C) 2018 Advanced Micro Devices, Inc.{5E2121EE-0300-11D4-8D3B-444553540000}
Delete

error getting file info		x64{B9B9F083-2B04-452A-8691-83694AC1037B}  Logitech Setpoint Extension
Delete
C:\Program Files\Logitech\SetPointP\kbcplext.dll
109,63 kb, rsAh, created: 07.09.2018 18:18:00, modified: 07.09.2018 18:18:00
Script: Quarantine, Delete, Delete via BC		x64Logitech Setpoint ExtensionLogitech SetPoint Event Manager(C) 1998-2018 Logitech. All rights reserved.{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
Delete

error getting file info		x64Contacts folder  {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}
Delete

error getting file info		x64WebCheck  {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Icon Overlay 1 (ErrorConflict)Microsoft OneDrive for Business Extensions {8BA85C75-763B-4103-94EB-9470F12FE0F7}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Icon Overlay 2 (SyncInProgress)Microsoft OneDrive for Business Extensions {CD55129A-B1A1-438E-A425-CEBC7DC684EE}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Icon Overlay 3 (InSync)Microsoft OneDrive for Business Extensions {E768CD3B-BDDC-436D-9C13-E1B39CA257B1}
Delete
C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL
2298,77 kb, rsAh, created: 18.07.2018 22:11:00, modified: 18.07.2018 22:11:00
Script: Quarantine, Delete, Delete via BC		x64Microsoft SkyDrive Pro Browser HelperMicrosoft OneDrive for Business Extensions {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
Delete

error getting file info		x64WinRAR shell extension  {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Delete
C:\Program Files\WinRAR\rarext.dll
519,71 kb, rsAh, created: 18.11.2018 20:39:39, modified: 30.09.2018 19:02:15
Script: Quarantine, Delete, Delete via BC		x64WinRAR shell extensionWinRAR shell extensionCopyright © Alexander Roshal 1993-2018{B41DB860-64E4-11D2-9906-E49FADC173CA}
Delete
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll
179,12 kb, rsAh, created: 18.11.2018 20:47:23, modified: 06.09.2018 12:01:16
Script: Quarantine, Delete, Delete via BC		x64Revo Uninstaller Pro ExtensionRevo Uninstaller Pro Extension (c) VS Revo Group Ltd. All rights reserved.{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
Delete
C:\Program Files (x86)\Common Files\Nero\Nero 2018\NeroShellExt\x64\NeroShellExt.dll
3838,87 kb, rsAh, created: 21.11.2017 02:49:42, modified: 21.11.2017 02:49:42
Script: Quarantine, Delete, Delete via BC		x64Nero Shell Extension 2018Nero Burning ROM Shell ExtensionCopyright (C) 2017 Nero AG and its licensors{B700823E-66A8-4489-8FC0-C0909F3BAF6B}
Delete
C:\Program Files\AMD\CNext\CNext\atiacm64.dll
1427,88 kb, rsAh, created: 16.11.2018 13:06:02, modified: 16.11.2018 13:06:02
Script: Quarantine, Delete, Delete via BC		x64Catalyst Context Menu extensionRadeon Settings: Desktop Control PanelCopyright (C) 2018 Advanced Micro Devices, Inc.{5E2121EE-0300-11D4-8D3B-444553540000}
Delete

error getting file info		x64{B9B9F083-2B04-452A-8691-83694AC1037B}  Logitech Setpoint Extension
Delete
C:\Program Files\Logitech\SetPointP\kbcplext.dll
109,63 kb, rsAh, created: 07.09.2018 18:18:00, modified: 07.09.2018 18:18:00
Script: Quarantine, Delete, Delete via BC		x64Logitech Setpoint ExtensionLogitech SetPoint Event Manager(C) 1998-2018 Logitech. All rights reserved.{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}
Delete
Items found - 140, recognized as trusted - 94

Printing system extensions (print monitors, providers)

File name Redirector Name Type Description Manufacturer
Items found - 10, recognized as trusted - 10

Task Scheduler jobs

File name Redirector Job name Description Manufacturer Path Command line
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1162,52 kb, rsAh, created: 14.08.2018 08:27:08, modified: 14.08.2018 08:27:08
Script: Quarantine, Delete, Delete via BC		x64Adobe Acrobat Update Task
Script: Delete		Adobe Reader and Acrobat Manager C:\Windows\system32\Tasks\C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
2607,48 kb, rsAh, created: 10.09.2018 11:21:56, modified: 10.09.2018 11:21:56
Script: Quarantine, Delete, Delete via BC		x64AdobeGCInvoker-1.0-DESKTOP-ET3GGEB-DAD
Script: Delete		Adobe GC Invoker UtilityCopyright 2017 Adobe Systems Incorporated. All rights reserved.C:\Windows\system32\Tasks\C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
1949,46 kb, rsAh, created: 17.11.2018 19:00:39, modified: 02.03.2017 16:01:34
Script: Quarantine, Delete, Delete via BC		x64ASUS AISuiteIII
Script: Delete		  C:\Windows\system32\Tasks\ASUS\C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe -schedule
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
1259,96 kb, rsAh, created: 17.11.2018 19:01:35, modified: 24.01.2017 23:56:34
Script: Quarantine, Delete, Delete via BC		x64ASUS DIPAwayMode
Script: Delete		  C:\Windows\system32\Tasks\ASUS\C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
1427,98 kb, rsAh, created: 17.11.2018 19:00:52, modified: 24.03.2017 11:16:16
Script: Quarantine, Delete, Delete via BC		x64Ez Update
Script: Delete		  C:\Windows\system32\Tasks\ASUS\C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe -onlytray
C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
4313,96 kb, rsAh, created: 17.11.2018 19:01:29, modified: 29.12.2016 22:36:26
Script: Quarantine, Delete, Delete via BC		x64GpuFanHelper
Script: Delete		GpuFanHelperTODO: (c) <Company name>. All rights reserved.C:\Windows\system32\Tasks\ASUS\C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe
C:\Program Files\CCleaner\CCUpdate.exe
535,96 kb, rsAh, created: 10.12.2018 11:10:16, modified: 10.12.2018 11:10:16
Script: Quarantine, Delete, Delete via BC		x64CCleaner Update
Script: Delete		CCleaner emergency updaterCopyright © 2005-2018 Piriform LtdC:\Windows\system32\Tasks\C:\Program Files\CCleaner\CCUpdate.exe
C:\Program Files\CCleaner\CCleaner.exe
14293,19 kb, rsAh, created: 10.12.2018 11:09:52, modified: 10.12.2018 11:09:52
Script: Quarantine, Delete, Delete via BC		x64CCleanerSkipUAC
Script: Delete		CCleanerCopyright © 2005-2018 Piriform Software LtdC:\Windows\system32\Tasks\"C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
149,58 kb, rsAh, created: 18.11.2018 14:03:34, modified: 18.11.2018 14:03:30
Script: Quarantine, Delete, Delete via BC		x64GoogleUpdateTaskMachineCore
Script: Delete		Programme d'installation de GoogleCopyright Google Inc. 2007-2010C:\Windows\system32\Tasks\C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
149,58 kb, rsAh, created: 18.11.2018 14:03:34, modified: 18.11.2018 14:03:30
Script: Quarantine, Delete, Delete via BC		x64GoogleUpdateTaskMachineUA
Script: Delete		Programme d'installation de GoogleCopyright Google Inc. 2007-2010C:\Windows\system32\Tasks\C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe
457,63 kb, rsAh, created: 11.12.2018 15:37:40, modified: 11.12.2018 15:37:39
Script: Quarantine, Delete, Delete via BC		x64Windows Defender Cache Maintenance
Script: Delete		Microsoft Malware Protection Command Line Utility© Microsoft Corporation. All rights reserved.C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe
457,63 kb, rsAh, created: 11.12.2018 15:37:40, modified: 11.12.2018 15:37:39
Script: Quarantine, Delete, Delete via BC		x64Windows Defender Cleanup
Script: Delete		Microsoft Malware Protection Command Line Utility© Microsoft Corporation. All rights reserved.C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe
457,63 kb, rsAh, created: 11.12.2018 15:37:40, modified: 11.12.2018 15:37:39
Script: Quarantine, Delete, Delete via BC		x64Windows Defender Scheduled Scan
Script: Delete		Microsoft Malware Protection Command Line Utility© Microsoft Corporation. All rights reserved.C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe
457,63 kb, rsAh, created: 11.12.2018 15:37:40, modified: 11.12.2018 15:37:39
Script: Quarantine, Delete, Delete via BC		x64Windows Defender Verification
Script: Delete		Microsoft Malware Protection Command Line Utility© Microsoft Corporation. All rights reserved.C:\Windows\system32\Tasks\Microsoft\Windows\Windows Defender\C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1812.3-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe
6723,87 kb, rsAh, created: 10.08.2017 00:08:58, modified: 10.08.2017 00:08:58
Script: Quarantine, Delete, Delete via BC		x64Nero Info
Script: Delete		Nero InfoCopyright(C) 2017 Nero AG and its licensorsC:\Windows\system32\Tasks\Nero\"C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe" -shedul
C:\Users\DAD\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
2429,28 kb, rsAh, created: 17.11.2018 18:39:33, modified: 16.12.2018 20:06:14
Script: Quarantine, Delete, Delete via BC		x64OneDrive Standalone Update Task-S-1-5-21-1392598645-3295394695-4140781040-1001
Script: Delete		Standalone Updater© Microsoft Corporation. All rights reserved.C:\Windows\system32\Tasks\%localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
C:\Program Files\AMD\CNext\CNext\cncmd.exe
47,88 kb, rsAh, created: 16.11.2018 13:06:06, modified: 16.11.2018 13:06:06
Script: Quarantine, Delete, Delete via BC		x64StartCN
Script: Delete		Radeon Settings: Command Line InterfaceCopyright (C) 2018 Advanced Micro Devices, Inc.C:\Windows\system32\Tasks\"C:\Program Files\AMD\CNext\CNext\cncmd.exe" startwithdelay
C:\Program Files\AMD\CNext\CNext\dvrcmd.exe
62,38 kb, rsAh, created: 16.11.2018 13:06:10, modified: 16.11.2018 13:06:10
Script: Quarantine, Delete, Delete via BC		x64StartDVR
Script: Delete		AMD ReLive: Command Line InterfaceCopyright (C) 2018 Advanced Micro Devices, Inc.C:\Windows\system32\Tasks\"C:\Program Files\AMD\CNext\CNext\dvrcmd.exe"
Items found - 99, recognized as trusted - 81

SPI/LSP settings

Manufacturer Status EXE file Redirector Description Manufacturer GUID
Items found - 16, recognized as trusted - 16

SPI/LSP settings

Protocol Name EXE file Redirector Description Manufacturer
Items found - 30, recognized as trusted - 30

TCP/UDP ports

Port Status Remote Host Remote Port Application Redirector Notes Description Manufacturer
TCP ports
445LISTENING0.0.0.00System [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		x64Microsoft NET  
49664LISTENING0.0.0.00wininit.exe [460]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49703LISTENING0.0.0.00services.exe [656]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
58091LISTENING0.0.0.00C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
58101LISTENING0.0.0.00C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
6109LISTENING0.0.0.00C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
6109ESTABLISHED127.0.0.149736C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
6109ESTABLISHED127.0.0.149756C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49668ESTABLISHED127.0.0.149669C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49669ESTABLISHED127.0.0.149668C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49670ESTABLISHED127.0.0.149671C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49671ESTABLISHED127.0.0.149670C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49672ESTABLISHED127.0.0.149673C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49673ESTABLISHED127.0.0.149672C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49674ESTABLISHED127.0.0.149675C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49675ESTABLISHED127.0.0.149674C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49676ESTABLISHED127.0.0.149677C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49677ESTABLISHED127.0.0.149676C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49678ESTABLISHED127.0.0.149679C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49679ESTABLISHED127.0.0.149678C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49680ESTABLISHED127.0.0.149681C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49681ESTABLISHED127.0.0.149680C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49682ESTABLISHED127.0.0.149683C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49683ESTABLISHED127.0.0.149682C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49684ESTABLISHED127.0.0.149685C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49685ESTABLISHED127.0.0.149684C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49686ESTABLISHED127.0.0.149687C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49687ESTABLISHED127.0.0.149686C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49688ESTABLISHED127.0.0.149689C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49689ESTABLISHED127.0.0.149688C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49690ESTABLISHED127.0.0.149691C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49691ESTABLISHED127.0.0.149690C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [3984]
4277,52 kb, rsAh, created: 23.11.2018 12:00:34, modified: 23.11.2018 12:00:34
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Acronis Active Protection ServiceCopyright (C) Acronis International GmbH, 2002-2017.
49707ESTABLISHED127.0.0.149708C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49708ESTABLISHED127.0.0.149707C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49709ESTABLISHED127.0.0.149710C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49710ESTABLISHED127.0.0.149709C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49711ESTABLISHED127.0.0.149712C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49712ESTABLISHED127.0.0.149711C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49713ESTABLISHED127.0.0.149714C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49714ESTABLISHED127.0.0.149713C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49715ESTABLISHED127.0.0.149716C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49716ESTABLISHED127.0.0.149715C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49717ESTABLISHED127.0.0.149718C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49718ESTABLISHED127.0.0.149717C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
49736ESTABLISHED127.0.0.16109C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49738ESTABLISHED127.0.0.149739C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49739ESTABLISHED127.0.0.149738C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49740ESTABLISHED127.0.0.149741C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49741ESTABLISHED127.0.0.149740C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49742ESTABLISHED127.0.0.149743C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49743ESTABLISHED127.0.0.149742C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49744ESTABLISHED127.0.0.149745C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49745ESTABLISHED127.0.0.149744C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49746ESTABLISHED127.0.0.149747C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49747ESTABLISHED127.0.0.149746C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49748ESTABLISHED127.0.0.149749C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49749ESTABLISHED127.0.0.149748C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
49756ESTABLISHED127.0.0.16109C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [11000]
4673,48 kb, rsAh, created: 23.11.2018 13:02:28, modified: 23.11.2018 13:02:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
50416ESTABLISHED127.0.0.150417C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50417ESTABLISHED127.0.0.150416C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50418ESTABLISHED127.0.0.150419C:\Program Files\Mozilla Firefox\firefox.exe [8716]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50419ESTABLISHED127.0.0.150418C:\Program Files\Mozilla Firefox\firefox.exe [8716]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50424ESTABLISHED127.0.0.150425C:\Program Files\Mozilla Firefox\firefox.exe [832]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50425ESTABLISHED127.0.0.150424C:\Program Files\Mozilla Firefox\firefox.exe [832]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50431ESTABLISHED127.0.0.150432C:\Program Files\Mozilla Firefox\firefox.exe [2244]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50432ESTABLISHED127.0.0.150431C:\Program Files\Mozilla Firefox\firefox.exe [2244]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50585ESTABLISHED127.0.0.150586C:\Program Files\Mozilla Firefox\firefox.exe [6356]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50586ESTABLISHED127.0.0.150585C:\Program Files\Mozilla Firefox\firefox.exe [6356]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
59243LISTENING0.0.0.00C:\Program Files\Logitech\SetPointP\SetPoint.exe [532]
3062,63 kb, rsAh, created: 07.09.2018 18:06:32, modified: 07.09.2018 18:06:32
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Logitech SetPoint Event Manager (UNICODE)(C) 1998-2018 Logitech. All rights reserved.
139LISTENING0.0.0.00System [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		x64Microsoft NET  
49774CLOSE_WAIT104.83.119.8443C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [9776]
16,00 kb, rsAh, created: 17.11.2018 19:27:47, modified: 17.11.2018 19:28:32
Script: Quarantine, Delete, Delete via BC, Terminate		x64 StoreCopyright © 2015
49775CLOSE_WAIT104.83.119.8443C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [9776]
16,00 kb, rsAh, created: 17.11.2018 19:27:47, modified: 17.11.2018 19:28:32
Script: Quarantine, Delete, Delete via BC, Terminate		x64 StoreCopyright © 2015
49780CLOSE_WAIT2.18.245.81443C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe [9776]
16,00 kb, rsAh, created: 17.11.2018 19:27:47, modified: 17.11.2018 19:28:32
Script: Quarantine, Delete, Delete via BC, Terminate		x64 StoreCopyright © 2015
50427ESTABLISHED35.164.206.41443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50765TIME_WAIT52.85.219.212443  [0]
x64   
50810TIME_WAIT192.168.1.149152  [0]
x64   
50816TIME_WAIT52.203.19.42443  [0]
x64   
50817TIME_WAIT52.203.19.42443  [0]
x64   
50818ESTABLISHED52.85.219.237443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50820ESTABLISHED52.85.219.237443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50821TIME_WAIT52.85.219.237443  [0]
x64   
50835ESTABLISHED52.10.161.248443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50836ESTABLISHED52.10.161.248443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50837ESTABLISHED93.184.220.2980C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50838ESTABLISHED93.184.220.2980C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50839ESTABLISHED52.43.123.0443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50840ESTABLISHED52.43.123.0443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50841ESTABLISHED52.43.123.0443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50842ESTABLISHED52.43.123.0443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50843ESTABLISHED52.43.123.0443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50844ESTABLISHED52.43.123.0443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50846TIME_WAIT93.184.220.2980  [0]
x64   
50847ESTABLISHED93.184.220.2980C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50848TIME_WAIT93.184.220.2980  [0]
x64   
50849ESTABLISHED35.165.95.232443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
50866ESTABLISHED104.31.91.96443C:\Program Files\Mozilla Firefox\firefox.exe [2004]
504,45 kb, rsAh, created: 28.11.2018 23:15:47, modified: 12.12.2018 22:37:20
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Firefox©Firefox and Mozilla Developers; available under the MPL 2 license.
UDP ports
24100LISTENING----C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
61920LISTENING----C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
24100LISTENING----C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
24101LISTENING----C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
137LISTENING----System [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		x64Microsoft NET  
138LISTENING----System [4]
error getting file info
Script: Quarantine, Delete, Delete via BC, Terminate		x64Microsoft NET  
50326LISTENING----C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [8964]
6961,11 kb, rsAh, created: 23.11.2018 12:08:28, modified: 23.11.2018 12:08:28
Script: Quarantine, Delete, Delete via BC, Terminate		x64   
52549LISTENING----C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [11132]
264,56 kb, rsAh, created: 19.11.2018 17:50:16, modified: 17.06.2015 16:03:40
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Canon IJ Network Scanner Selector EX2Copyright CANON INC. 2010-2015
52550LISTENING----C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [11132]
264,56 kb, rsAh, created: 19.11.2018 17:50:16, modified: 17.06.2015 16:03:40
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Canon IJ Network Scanner Selector EX2Copyright CANON INC. 2010-2015
61920LISTENING----C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [3584]
4695,40 kb, rsAh, created: 20.09.2018 20:07:30, modified: 20.09.2018 20:07:30
Script: Quarantine, Delete, Delete via BC, Terminate		x64 Managed Machine Service MiniCopyright (C) Acronis International GmbH, 2002-2016.
Items found - 122, recognized as trusted - 16

Downloaded Program Files (DPF)

File name Redirector Description Manufacturer $CLSID Source URL
Items found - 0, recognized as trusted - 0

Control Panel Applets (CPL)

File name Redirector Description Manufacturer
Items found - 36, recognized as trusted - 36

Active Setup

File name Redirector Description Manufacturer $CLSID
Items found - 18, recognized as trusted - 18

HOSTS file

Hosts file record 
127.0.0.1 activation.acronis.com web-api-tih.acronis.com

0.0.0.0                   telemetry.malwarebytes.com
Clear Hosts file

Protocols and handlers

File name Redirector Type Description Manufacturer $CLSID
C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
66,75 kb, rsAh, created: 14.03.2018 01:24:24, modified: 14.03.2018 01:24:24
Script: Quarantine, Delete, Delete via BC		x32HandlerMicrosoft Office 2013 component {D924BDC6-C83A-4BD5-90D0-095128A113D1}
Delete
C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
88,25 kb, rsAh, created: 14.03.2018 01:19:28, modified: 14.03.2018 01:19:28
Script: Quarantine, Delete, Delete via BC		x64HandlerMicrosoft Office 2013 component {D924BDC6-C83A-4BD5-90D0-095128A113D1}
Delete
Items found - 43, recognized as trusted - 41

Shared resources

Network name Path Notes
ADMIN$C:\WindowsAdministration à distance
IPC$ IPC distant
E$E:\Partage par défaut
F$F:\Partage par défaut
C$C:\Partage par défaut

Script commands
Add commands to script:
Additional operations:
File list