Virus.Win32.Expiro.p (v) (VIPRE), Trojan.Win32.Ransom.FD, Trojan.Win32.Swrort.3.FD, Virus.Win32.Expiro.FD, VirusExpiro.YR (Lavasoft MAS)Behaviour: Ransom, Trojan, Virus
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: dda332f638b924365eb15412723facd8
SHA1: 67e3568702896b33bec6ebed7e2809e62b1ab2f2
SHA256: f44a100374e11a3c74566e64aa07e83d50532da60e6d7de4c3606611efc017d5
SSDeep: 12288:H7o/9Kzp/AWSJqdeYnD4tNFo3dmM4Tkq2kWEyLS/5YoU2HhcAloO3p5MS:H0/9KzyWSJxYctNO3dJ48yyO/5YoUAhX
Size: 740864 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-12-13 11:57:36
Analyzed on: WindowsXP SP3 32-bit
Summary: Virus. A program that recursively replicates a possibly evolved copy of itself.
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Virus creates the following process(es):
%original file name%.exe:1960
Reader_sl.exe:1064
Antivirus_Free_Edition_x86.exe:344
en-US.exe:1324
en-US.exe:1144
en-US.exe:2012
The Virus injects its code into the following process(es):
cisvc.exe:1680
Installer.exe:1704
File activity
The process cisvc.exe:1680 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings% (4 bytes)
%System%\nqkhgpio.tmp (6320 bytes)
%Program Files%\Wireshark\plugins\0.99.6a (4 bytes)
%WinDir%\Prefetch\WMIPRVSE.EXE-28F301A9.pf (56 bytes)
%System%\klkhmpka.tmp (3812 bytes)
%System%\wbem\Logs (4 bytes)
%System%\qnccaoel.tmp (3888 bytes)
%Program Files%\Wireshark\dtds (4 bytes)
%System%\wbem\wmiapsrv.exe (4545 bytes)
%System%\dmadmin.exe (5873 bytes)
%System%\pjaoacnl.tmp (3773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (388 bytes)
%System%\imapi.exe (5441 bytes)
%Documents and Settings%\%current user%\Local Settings (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SLQJCTIZ\Antivirus_Free_Edition_x86[1].exe (12200 bytes)
%WinDir%\Microsoft.NET\Framework (96 bytes)
%System%\doepageb.tmp (3737 bytes)
%Program Files%\WinPcap\apocpdel.tmp (3748 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (8281 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (4185 bytes)
%System%\msiexec.exe (4545 bytes)
%WinDir%\REGISTRATION (4 bytes)
%WinDir% (288 bytes)
%Program Files%\WinPcap\rpcapd.exe (4545 bytes)
%System%\jidcncmo.tmp (3804 bytes)
C:\$Directory (2868 bytes)
%System%\vssvc.exe (6841 bytes)
%System% (10952 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\emgqhnol.tmp (3725 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5 (4 bytes)
%Program Files%\COMMON FILES (4 bytes)
D:\pijiegfa.tmp (15021 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test.pml (8538 bytes)
%System%\wbem\phljjbak.tmp (3787 bytes)
C:\PROGRAM FILES (100 bytes)
%System%\lkcdlaeq.tmp (3738 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ebmpnaip.tmp (7972 bytes)
%System%\wbem\Repository\FS\OBJECTS.DATA (1723 bytes)
%Program Files%\Wireshark (16 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%System%\config (96 bytes)
%System%\sessmgr.exe (5441 bytes)
%System%\scardsvr.exe (4545 bytes)
%Program Files%\Wireshark\radius (32 bytes)
%System%\majempkd.tmp (3742 bytes)
%System%\wbem (1064 bytes)
%System%\drivers (32 bytes)
C:\Perl (4 bytes)
%System%\ohlfpllb.tmp (3760 bytes)
%System%\gjknlogj.tmp (3695 bytes)
%System%\smlogsvc.exe (4545 bytes)
%System%\nqjfkhhe.tmp (3754 bytes)
C:\Antivirus_Free_Edition_x86.exe (50697 bytes)
%System%\wbem\Logs\wbemcore.log (4 bytes)
%System%\locator.exe (4545 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\neilmhml.tmp (7386 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (1536 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (9098 bytes)
%System%\mnmsrvc.exe (4185 bytes)
%System%\netdde.exe (4545 bytes)
%Program Files%\Wireshark\snmp\mibs (588 bytes)
%System%\tlntsvr.exe (4545 bytes)
%Documents and Settings%\%current user%\Cookies (96 bytes)
D:\ncjookla.tmp (3728 bytes)
The Virus deletes the following file(s):
%System%\ohlfpllb.tmp (0 bytes)
%System%\gjknlogj.tmp (0 bytes)
%System%\nqkhgpio.tmp (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\emgqhnol.tmp (0 bytes)
%Program Files%\WinPcap\apocpdel.tmp (0 bytes)
%System%\klkhmpka.tmp (0 bytes)
%System%\doepageb.tmp (0 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\neilmhml.tmp (0 bytes)
%System%\qnccaoel.tmp (0 bytes)
%System%\majempkd.tmp (0 bytes)
%System%\lkcdlaeq.tmp (0 bytes)
%System%\wbem\phljjbak.tmp (0 bytes)
%System%\nqjfkhhe.tmp (0 bytes)
%System%\pjaoacnl.tmp (0 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ebmpnaip.tmp (0 bytes)
D:\pijiegfa.tmp (0 bytes)
%System%\jidcncmo.tmp (0 bytes)
D:\ncjookla.tmp (0 bytes)
The process Installer.exe:1704 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\McAfee.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\OfficeScan95.xml (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ESET.xml (9 bytes)
%Documents and Settings%\All Users\Application Data\1389143984.280.bin (1605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Antivirus.xml (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\BackWeb-4476822.xml (652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Anti-Theft.xml (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Panda.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\F-Secure.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\VETWIN32Vp5.xml (604 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ZoneAlarm.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\1389143984.1240.bin (7900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\RFW.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\DRWEB.xml (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\GUIDs.xml (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\BBC.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GF4V0RUX\lang.xml[1].online (872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\MSC.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\MicroPoint.xml (682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\alading.xml (621 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\lang.xml.online.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Trend Micro.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\kv antivirus.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\COMODO.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Rav.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\WinSS.xml (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\BullGuard.xml (598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Ad-Aware.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Webroot.xml (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Norton.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\SunBelt.xml (1 bytes)
%Documents and Settings%\All Users\Application Data\1389143984.504.bin (281197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\AVG.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Premium.xml (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Kingsoft.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Lavasoft.xml (646 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Microsoft Security Essentials.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\safeguard360.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\avast5.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\JiangMin.xml (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Internet Security.xml (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\detection.xml (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Avira.xml (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Virus.xml (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Norman.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\G Data.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Kaspersky.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\kingsoftSafeguard.xml (618 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\eTrust.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\AntiVir.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Ris.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ServerProtect.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.ipv4.tmp (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Advanced_System_Protect.xml (658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Bussiness Client.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\PC Tools.xml (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Mobile.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\qqprotect.xml (665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\OfficeScanNT.xml (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\lang.xml.online (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender 2011.xml (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\qqpcmgr.xml (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPIR4L6V\lang.xml.online[1].md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\cciss.xml (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Total Security.xml (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ACA.xml (628 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.ipv4 (0 bytes)
The process %original file name%.exe:1960 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SLQJCTIZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\FCDCRK91\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SLQJCTIZ\Antivirus_Free_Edition_x86[1].exe (929694 bytes)
C:\Antivirus_Free_Edition_x86.exe (111880 bytes)
%System%\moccadlc.tmp (3697 bytes)
%System%\clipsrv.exe (4185 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GF4V0RUX\desktop.ini (67 bytes)
%System%\bakdkjbn.tmp (3667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPIR4L6V\desktop.ini (67 bytes)
%System%\cisvc.exe (4185 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\pdockbpm.tmp (3725 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\kimjiqdc.tmp (3689 bytes)
The Virus deletes the following file(s):
%System%\bakdkjbn.tmp (0 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\kimjiqdc.tmp (0 bytes)
%System%\moccadlc.tmp (0 bytes)
The process Antivirus_Free_Edition_x86.exe:344 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\close.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_next.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\uninstall_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\npcomm.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update_config.xml (986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm_p.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\additional.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bd_logo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tw.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpaph.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\unlock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\servers.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_line.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_alert.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\contacts.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_shadow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\it-IT.exe (13056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\delete_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\install_x86.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\flow_background.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_AlertWindow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\htmlayout.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\gzflt.sys.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\it-IT.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\qs_scan_log.xsl.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\npcomm.dll (3648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\award.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\status_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\installer.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\repair_progress.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\htmlayout.dll (7120 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_tall.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdmetrics.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\gzflt.sys (3512 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\details_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\qs_scan_log.xsl.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\bdHtmlBox.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\no_connection.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\unlock_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\contacts.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm_p.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_not_ok.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\UserGuide.pdf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_active.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\small_shadow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_go.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_right.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_ok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\notifications.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsutils.dll (6232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\flow_background.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_line.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\welcome.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdselfpr.sys.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\standalone.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\core\bdcore.dll (2064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\open_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\open_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_go.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_active.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\status_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_header_image.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update.xml (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.ini.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\input_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\lang.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_on.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpgeneric.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_award_flow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\back.png (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_prev.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\cpptexts.xlf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wspack.dll (7912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\setup_progress.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\back.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\bdHtmlBox.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_picture.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_shadow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\repair_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bd_logo.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback.png (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\avcheck.exe (3448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_off.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter.exe (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_skipped.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\minimize.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\pending.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\general.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_informative.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\install_x86.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_next.png (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\welcome.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_tall.png (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\main.ui.css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\core\bdcore.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpgeneric.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\unrar.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tabel.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\products_chart.jpg.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\Installer.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_fb.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_right.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\installer.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\trufos.sys.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wspack.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow1.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\products_chart.jpg (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_left.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\logs.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_install_steps.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\pt-BR.exe (13056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_picture.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\lock_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_uninstall.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wslib.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\avcheck.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_ok.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\setup_progress.html (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\ro-RO.exe (11800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text_en.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\ro-RO.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_hover.png (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\pt-BR.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_top_text.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\small_shadow.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\general.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\close.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\unrar.dll (5640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\standalone.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_award_flow.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\Installer.exe (8744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\trufos.sys (8664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\install_x64.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_skipped.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdardrv.dll (2864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_uninstall.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\input_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_sb.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_notok.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\cpptexts.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\UserGuide.pdf (3795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpaph.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_disabled.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdardrv.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter4.exe (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter4.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_informative.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_ok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\lock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_middle.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\trufos.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\gzfltum.dll (1600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\uninstall_progress.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsutils.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_header_image.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\feedback_banner.png (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wslib.dll (20870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\award.png (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\details_button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done_big.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\feedback_banner.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\qs_scan_log.xsl (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\en-US.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tabel.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\gzfltum.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_sb.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\lang.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow2.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_notok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\servers.xml (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done_big.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpmalware.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\no_connection.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tw.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdselfpr.sys (1608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text_en.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\setuplauncher.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\loader_install.gif.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\main.ui.css.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_off.png (954 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical_big.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\notifications.xlf (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_hover.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\setuplauncher.exe (22688 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\trufos.dll (9519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\delete_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\loader_install.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_not_ok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_middle.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\pending.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\top_header_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpmalware.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\install_x64.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\minimize.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_fb.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_top_text.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\additional.dll (34133 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\qs_scan_log.xsl (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdmetrics.dll (3104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow1.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\logs.xlf (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\top_header_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_alert.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\en-US.exe (16708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.ini (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_prev.png (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update_config.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_AlertWindow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_install_steps.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow2.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.dll (4944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_left.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_ok.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical_big.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback.png.md5 (32 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_355937 (0 bytes)
The process en-US.exe:1324 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\uninstall_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update_config.xml (986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bd_logo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tw.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpaph.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\unlock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_line.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\contacts.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\no_connection.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_AlertWindow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\installer.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\details_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\bdHtmlBox.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\flow_background.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm_p.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_not_ok.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_active.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_right.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text_en.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\open_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_go.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_active.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\pending.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update.xml (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\input_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpgeneric.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\back.png (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\cpptexts.xlf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_picture.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_shadow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\repair_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback.png (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_next.png (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_tall.png (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tabel.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\products_chart.jpg (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_uninstall.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_ok.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\setup_progress.html (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\welcome.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_hover.png (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_top_text.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\small_shadow.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\general.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\close.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_award_flow.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_skipped.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_sb.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_notok.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\UserGuide.pdf (3795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_disabled.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_informative.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\lock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\feedback_banner.png (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\award.png (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done_big.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\qs_scan_log.xsl (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\servers.xml (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpmalware.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_off.png (954 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical_big.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow2.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\notifications.xlf (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_hover.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\status_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\delete_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\loader_install.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_middle.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_header_image.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\minimize.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_fb.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow1.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\logs.xlf (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\top_header_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_alert.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_prev.png (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_install_steps.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\main.ui.css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_left.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_ok.png (3 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_374984 (0 bytes)
The process en-US.exe:1144 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\uninstall_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update_config.xml (986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bd_logo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tw.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpaph.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\unlock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_line.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\contacts.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\no_connection.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_AlertWindow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\installer.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\details_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\bdHtmlBox.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\flow_background.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm_p.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_not_ok.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_active.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_right.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text_en.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\open_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_go.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_active.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\pending.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update.xml (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\input_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpgeneric.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\back.png (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\cpptexts.xlf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_picture.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_shadow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\repair_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback.png (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_next.png (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_tall.png (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tabel.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\products_chart.jpg (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_uninstall.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_ok.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\setup_progress.html (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\welcome.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_hover.png (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_top_text.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\small_shadow.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\general.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\close.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_award_flow.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_skipped.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_sb.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_notok.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\UserGuide.pdf (3795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_disabled.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_informative.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\lock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\feedback_banner.png (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\award.png (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done_big.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\qs_scan_log.xsl (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\servers.xml (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpmalware.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_off.png (954 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical_big.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow2.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\notifications.xlf (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_hover.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\status_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\delete_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\loader_install.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_middle.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_header_image.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\minimize.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_fb.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow1.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\logs.xlf (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\top_header_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_alert.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_prev.png (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_install_steps.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\main.ui.css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_left.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_ok.png (3 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_371015 (0 bytes)
The process en-US.exe:2012 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\uninstall_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update_config.xml (986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bd_logo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tw.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpaph.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\unlock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_line.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\contacts.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\no_connection.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_AlertWindow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\installer.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\details_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\bdHtmlBox.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\flow_background.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm_p.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_not_ok.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_active.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_right.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text_en.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\open_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_go.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_active.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\pending.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update.xml (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\input_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpgeneric.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\back.png (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\cpptexts.xlf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_picture.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_shadow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\repair_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback.png (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_next.png (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_tall.png (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tabel.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\products_chart.jpg (846 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_uninstall.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_ok.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\setup_progress.html (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\welcome.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_hover.png (51 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_top_text.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\small_shadow.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\general.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\close.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_award_flow.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_skipped.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_sb.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_notok.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\UserGuide.pdf (3795 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_disabled.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_informative.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\lock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\feedback_banner.png (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\award.png (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done_big.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\qs_scan_log.xsl (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\servers.xml (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpmalware.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_off.png (954 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical_big.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow2.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\notifications.xlf (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_hover.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\status_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\delete_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\loader_install.gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_middle.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_header_image.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\minimize.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_fb.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow1.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\logs.xlf (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\top_header_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_alert.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_on.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_prev.png (48 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_install_steps.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\main.ui.css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_left.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_ok.png (3 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\__tmp_rar_sfx_access_check_369343 (0 bytes)
Registry activity
The process cisvc.exe:1680 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 7C B3 A9 FA EE 32 86 23 8A B1 26 B4 83 EE 33"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\System]
"EnableSmartScreen" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"HideSCAHealth" = "1"
The process Installer.exe:1704 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"
[HKU\.DEFAULT\Software\SetID]
"xxwsid_wsid2" = "95417F27-1DBA-4EF2-98B0-BFA52F2AFEB0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 2D 51 35 B6 BA 7E 3C EA 49 E9 1E 7A 2E 14 09"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Virus modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Virus deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The Virus disables automatic startup of the application by deleting the following autorun value:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InstallerLauncher"
The process %original file name%.exe:1960 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE 89 80 B9 CF C2 19 0A 9A 0E B6 5F B7 07 5F 32"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Virus modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Virus deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process Reader_sl.exe:1064 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process Antivirus_Free_Edition_x86.exe:344 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF F9 82 4D FC 8F 41 12 F5 97 11 1C FE 1B 28 9A"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RarSFX0]
"Installer.exe" = "Bitdefender Installation File"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
The Virus modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Virus modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
"UNCAsIntranet" = "1"
The Virus modifies IE settings for security zones to map all web-nodes that bypassing proxy to the Intranet Zone:
"ProxyBypass" = "1"
The process en-US.exe:1324 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AA B5 55 DC 21 45 D4 0F C2 1C E5 0C AE 78 0B 4D"
The process en-US.exe:1144 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 D8 07 58 B9 40 23 75 84 9D F3 55 D3 F7 71 C8"
The process en-US.exe:2012 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E CD 68 76 3F CD 7F D1 29 48 54 6A A6 C2 6E 91"
Network activity (URLs)
| URL | IP |
|---|---|
| hxxp://nimbus.bitdefender.net/config/server | 54.236.215.239 |
| hxxp://nimbus.bitdefender.net/_ServerStatus | |
| hxxp://ep01.ore.amz.nimbus.bitdefender.net/_ServerStatus | 54.200.120.25 |
| hxxp://irlpool.nimbus.bitdefender.net/_ServerStatus | |
| hxxp://hq.nimbus.bitdefender.net/ | 81.161.59.32 |
| hxxp://hq.nimbus.bitdefender.net/_ServerStatus | |
| hxxp://ep01.tky.amz.nimbus.bitdefender.net/_ServerStatus | 54.249.10.88 |
| hxxp://nimbus.bitdefender.net/ | |
| hxxp://72.21.81.253/npd/free/lang/lang.xml.online.md5 | |
| hxxp://72.21.81.253/npd/free/lang/lang.xml.online | |
| ep01.nvi.amz.nimbus.bitdefender.net | 54.236.201.39 |
| ep01.irl.amz.nimbus.bitdefender.net | 54.246.147.204 |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1960
Antivirus_Free_Edition_x86.exe:344
en-US.exe:1324
en-US.exe:1144
en-US.exe:2012 - Delete the original Virus file.
- Delete or disinfect the following files created/modified by the Virus:
%Documents and Settings% (4 bytes)
%System%\nqkhgpio.tmp (6320 bytes)
%Program Files%\Wireshark\plugins\0.99.6a (4 bytes)
%WinDir%\Prefetch\WMIPRVSE.EXE-28F301A9.pf (56 bytes)
%System%\klkhmpka.tmp (3812 bytes)
%System%\wbem\Logs (4 bytes)
%System%\qnccaoel.tmp (3888 bytes)
%Program Files%\Wireshark\dtds (4 bytes)
%System%\wbem\wmiapsrv.exe (4545 bytes)
%System%\dmadmin.exe (5873 bytes)
%System%\pjaoacnl.tmp (3773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (388 bytes)
%System%\imapi.exe (5441 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319 (672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SLQJCTIZ\Antivirus_Free_Edition_x86[1].exe (12200 bytes)
%System%\doepageb.tmp (3737 bytes)
%Program Files%\WinPcap\apocpdel.tmp (3748 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\wpffontcache_v0400.exe (8281 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (4185 bytes)
%System%\msiexec.exe (4545 bytes)
%WinDir%\REGISTRATION (4 bytes)
%Program Files%\WinPcap\rpcapd.exe (4545 bytes)
%System%\jidcncmo.tmp (3804 bytes)
C:\$Directory (2868 bytes)
%System%\vssvc.exe (6841 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\emgqhnol.tmp (3725 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5 (4 bytes)
%Program Files%\COMMON FILES (4 bytes)
D:\pijiegfa.tmp (15021 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\test.pml (8538 bytes)
%System%\wbem\phljjbak.tmp (3787 bytes)
C:\PROGRAM FILES (100 bytes)
%System%\lkcdlaeq.tmp (3738 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ebmpnaip.tmp (7972 bytes)
%System%\wbem\Repository\FS\OBJECTS.DATA (1723 bytes)
%WinDir%\WinSxS\Policies\x86_Policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%System%\config (96 bytes)
%System%\sessmgr.exe (5441 bytes)
%System%\scardsvr.exe (4545 bytes)
%Program Files%\Wireshark\radius (32 bytes)
%System%\majempkd.tmp (3742 bytes)
%System%\drivers (32 bytes)
C:\Perl (4 bytes)
%System%\ohlfpllb.tmp (3760 bytes)
%System%\gjknlogj.tmp (3695 bytes)
%System%\smlogsvc.exe (4545 bytes)
%System%\nqjfkhhe.tmp (3754 bytes)
C:\Antivirus_Free_Edition_x86.exe (50697 bytes)
%System%\wbem\Logs\wbemcore.log (4 bytes)
%System%\locator.exe (4545 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF\neilmhml.tmp (7386 bytes)
%System%\wbem\Repository\FS\INDEX.BTR (1536 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (9098 bytes)
%System%\mnmsrvc.exe (4185 bytes)
%System%\netdde.exe (4545 bytes)
%Program Files%\Wireshark\snmp\mibs (588 bytes)
%System%\tlntsvr.exe (4545 bytes)
%Documents and Settings%\%current user%\Cookies (96 bytes)
D:\ncjookla.tmp (3728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\McAfee.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\OfficeScan95.xml (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ESET.xml (9 bytes)
%Documents and Settings%\All Users\Application Data\1389143984.280.bin (1605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Antivirus.xml (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\BackWeb-4476822.xml (652 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Anti-Theft.xml (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Panda.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\F-Secure.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\VETWIN32Vp5.xml (604 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ZoneAlarm.xml (3 bytes)
%Documents and Settings%\All Users\Application Data\1389143984.1240.bin (7900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\RFW.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\DRWEB.xml (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\GUIDs.xml (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\BBC.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GF4V0RUX\lang.xml[1].online (872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\MSC.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\MicroPoint.xml (682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\alading.xml (621 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\lang.xml.online.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Trend Micro.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\kv antivirus.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\COMODO.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Rav.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\WinSS.xml (586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\BullGuard.xml (598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Ad-Aware.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Webroot.xml (619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Norton.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\SunBelt.xml (1 bytes)
%Documents and Settings%\All Users\Application Data\1389143984.504.bin (281197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\AVG.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Premium.xml (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Kingsoft.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Lavasoft.xml (646 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Microsoft Security Essentials.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\safeguard360.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\avast5.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\JiangMin.xml (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Internet Security.xml (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\detection.xml (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Avira.xml (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Virus.xml (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Norman.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\G Data.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Kaspersky.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\kingsoftSafeguard.xml (618 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\eTrust.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\AntiVir.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Ris.xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ServerProtect.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.ipv4.tmp (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Advanced_System_Protect.xml (658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Bussiness Client.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\PC Tools.xml (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Mobile.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\qqprotect.xml (665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\OfficeScanNT.xml (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender 2011.xml (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\qqpcmgr.xml (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPIR4L6V\lang.xml.online[1].md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\cciss.xml (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\Bitdefender Total Security.xml (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\extern\ACA.xml (628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SLQJCTIZ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\FCDCRK91\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%System%\moccadlc.tmp (3697 bytes)
%System%\clipsrv.exe (4185 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GF4V0RUX\desktop.ini (67 bytes)
%System%\bakdkjbn.tmp (3667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPIR4L6V\desktop.ini (67 bytes)
%System%\cisvc.exe (4185 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\pdockbpm.tmp (3725 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\kimjiqdc.tmp (3689 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\close.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_next.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\uninstall_progress.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\npcomm.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update_config.xml (986 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_disabled.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm_p.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\additional.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bd_logo.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tw.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpaph.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\unlock_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\servers.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_line.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_alert.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\contacts.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_shadow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\it-IT.exe (13056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\delete_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\install_x86.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\flow_background.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_AlertWindow.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\htmlayout.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\gzflt.sys.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\it-IT.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\qs_scan_log.xsl.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\award.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\status_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\installer.xlf (59 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\repair_progress.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_tall.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdmetrics.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\details_button.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\qs_scan_log.xsl.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\bdHtmlBox.html (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\no_connection.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\unlock_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\contacts.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_not_ok.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\UserGuide.pdf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_active.png (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\small_shadow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_go.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_right.png (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_ok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\notifications.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsutils.dll (6232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\flow_background.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_line.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\welcome.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_disabled.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdselfpr.sys.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\btn_combo_active.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\standalone.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\core\bdcore.dll (2064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\open_normal.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\open_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_header_image.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.ini.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\input_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_on.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpgeneric.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_award_flow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\back.png (182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\scroll_prev.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\cpptexts.xlf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wspack.dll (7912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\setup_progress.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_left.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\back.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\bdHtmlBox.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_picture.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_big_button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bd_logo.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback.png (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\avcheck.exe (3448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sswitch_off.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter.exe (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_skipped.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\minimize.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\pending.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\general.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_informative.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\main.ui.css (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\core\bdcore.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpgeneric.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\unrar.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tabel.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\products_chart.jpg.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\Installer.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_fb.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_right.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\installer.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\trufos.sys.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wspack.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow1.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_margin_left.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\logs.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_install_steps.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\pt-BR.exe (13056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\big_picture.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\lock_normal.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_uninstall.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wslib.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm.html (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\avcheck.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_ok.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\ro-RO.exe (11800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text_en.html (57 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\ro-RO.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\pt-BR.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_top_text.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_right_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\standalone.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\button_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\install_x64.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdardrv.dll (2864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background_uninstall.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\input_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_sb.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_notok.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\cpptexts.xlf.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpaph.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdardrv.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter4.exe (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\WPFKickstarter4.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_ok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\install_button_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\alert_middle.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\trufos.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\gzfltum.dll (1600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\uninstall_progress.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\wsutils.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_header_image.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\feedback_banner.png (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\details_button.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done_big.png (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\feedback_banner.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\en-US.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bg.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tabel.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\background.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\gzfltum.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_sb.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\lang.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\award_flow2.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_notok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\rem_confirm.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_done_big.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpmalware.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\no_connection.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_tw.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula_text_en.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\setuplauncher.exe.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\loader_install.gif.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\main.ui.css.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical_big.png (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\sys_btn.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_number_events.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\bdnc.dll.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\progress_bar_not_ok.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\top_header_bg.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\httpmalware.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\share_top_text.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\update_config.xml.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\bg_AlertWindow.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\eula.html.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_off_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\checkbox_on_hover.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\icon_critical_big.png.md5 (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RarSFX0\lang\images\tabs_bg_feedback.png.md5 (32 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.