Upload File

host name: os name: os version: os

Download Host Name: OS Name: OS Version: OS

If you can't read please download the document

Upload: truonggoodkool

Post on 18-Nov-2014

168 views

Category:

Documents


20 download

Report

TRANSCRIPT

Host Name: OS Name: OS Version: OS Manufacturer: OS Configuration: OS Build Type: Registered Owner: Registered Organization: Product ID: Original Install Date: System Up Time: System Manufacturer: System Model: System type: Processor(s): ~1999 Mhz BIOS Version: Windows Directory: System Directory: Boot Device: System Locale: Input Locale: Time Zone: Total Physical Memory: Available Physical Memory: Virtual Memory: Max Size: Virtual Memory: Available: Virtual Memory: In Use: Page File Location(s): Domain: Logon Server: Hotfix(s):

V-THANH Microsoft Windows XP Professional 5.1.2600 Service Pack 3 Build 2600 Microsoft Corporation Standalone Workstation Multiprocessor Free Ho Van Viet Thanh QK 9 55274-640-3838562-23379 2/10/2010, 11:27:03 PM 0 Days, 1 Hours, 29 Minutes, 6 Seconds ECS 945GCT-M2 X86-based PC 1 Processor(s) Installed. [01]: x86 Family 6 Model 15 Stepping 13 GenuineIntel AAMMII - 2000818 C:\WINDOWS C:\WINDOWS\system32 \Device\HarddiskVolume1 en-us;English (United States) en-us;English (United States) (GMT+07:00) Bangkok, Hanoi, Jakarta 1,015 MB 546 MB 2,048 MB 2,008 MB 40 MB C:\pagefile.sys WORKGROUP \\V-THANH 5 Hotfix(s) Installed. [01]: File 1 [02]: Q147222 [03]: IDNMitigationAPIs [04]: NLSDownlevelMapping [05]: KB915865 - Update 1 NIC(s) Installed. [01]: Realtek RTL8139 Family PCI Fast Ethernet NIC Connection Name: Local Area Connection DHCP Enabled: No IP address(es) [01]: 192.168.1.2 scanning jobs ... GetFirstJob: FindFirstFile(C:\WINDOWS\Tasks\*.job) error DeleteEvilJobs: GetFirstJob returns no Job scanning processes ... InterateAllProcesses: OpenProcess ([System Process], 0) InterateAllProcesses: GetModuleFileNameEx (System, 4) er DetectCure: Scan file: C:\WINDOWS\System32\smss.exe fopen_ex: Trying to open file C:\WINDOWS\System32\smss.e fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\System32\smss.ex

NetWork Card(s):

19:56:3:707 19:56:3:707 2 19:56:3:707 19:56:3:707 19:56:3:707 19:56:3:707 error 87 19:56:3:707 ror 299 19:56:3:707 19:56:3:707 xe 19:56:3:723 19:56:3:723

472 472 472 472 472 472 472 472 472 472 472

e 19:56:3:723 19:56:3:723 19:56:3:723 xe 19:56:3:723 19:56:3:723 19:56:3:723 19:56:3:723 e 19:56:3:723 19:56:3:723 19:56:3:723 exe 19:56:3:739 19:56:3:739 xe 19:56:3:739 19:56:3:739 19:56:3:739 exe 19:56:3:739 19:56:3:739 19:56:3:739 19:56:3:739 xe 19:56:3:739 19:56:3:739 19:56:3:739 on.exe 19:56:3:739 19:56:3:754 n.exe 19:56:3:754 19:56:3:754 xe 19:56:3:754 on.exe 19:56:3:754 19:56:3:770 n.exe 19:56:3:770 19:56:3:770 19:56:3:770 es.exe 19:56:3:786 19:56:3:786 s.exe 19:56:3:786 19:56:3:786 xe 19:56:3:786 es.exe 19:56:3:786 19:56:3:817 s.exe 19:56:3:817

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\System32\smss.exe fopen_ex: Trying to open file C:\WINDOWS\System32\smss.e fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\System32\smss.ex

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\csrss.exe fopen_ex: Trying to open file C:\WINDOWS\system32\csrss. fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\csrss.e DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\csrss.exe fopen_ex: Trying to open file C:\WINDOWS\system32\csrss. fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\csrss.e

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\winlogon.exe fopen_ex: Trying to open file C:\WINDOWS\system32\winlog fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\winlogo DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\winlogon.e fopen_ex: Trying to open file C:\WINDOWS\system32\winlog fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\winlogo DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\services.exe fopen_ex: Trying to open file C:\WINDOWS\system32\servic fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\service DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\services.e fopen_ex: Trying to open file C:\WINDOWS\system32\servic fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\service DetectCure: md5 clean

19:56:3:817 19:56:3:817 exe 19:56:3:832 19:56:3:832 xe 19:56:3:832 19:56:3:832 19:56:3:832 exe 19:56:3:832 19:56:3:832 19:56:3:832 xe 19:56:3:832 19:56:3:832 19:56:3:832 t.exe 19:56:3:848 19:56:3:848 .exe 19:56:3:848 19:56:3:848 e 19:56:3:848 t.exe 19:56:3:848 19:56:3:848 19:56:3:848 19:56:3:848 .exe 19:56:3:848 19:56:3:848 19:56:3:848 t.exe 19:56:3:848 19:56:3:848 .exe 19:56:3:848 19:56:3:848 e 19:56:3:848 t.exe 19:56:3:848 19:56:3:848 19:56:3:848 19:56:3:848 .exe 19:56:3:848 19:56:3:848 19:56:3:848 t.exe 19:56:3:848 19:56:3:848 .exe 19:56:3:848

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

DetectCure: Scan file: C:\WINDOWS\system32\lsass.exe fopen_ex: Trying to open file C:\WINDOWS\system32\lsass. fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\lsass.e DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\lsass.exe fopen_ex: Trying to open file C:\WINDOWS\system32\lsass. fopen_ex: File opened ok KidoMd5Detect: MaskSize > FileSize on mask 29, continue fclose_ex: Try to close file C:\WINDOWS\system32\lsass.e DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\svchost.exe fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\svchost DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\svchost.ex fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\svchost

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\svchost.exe fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\svchost DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\svchost.ex fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\svchost

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\svchost.exe fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\svchost DetectCure: generic clean

19:56:3:848 e 19:56:3:848 t.exe 19:56:3:848 19:56:3:848 19:56:3:848 19:56:3:848 .exe 19:56:3:848 19:56:3:848 19:56:3:848 t.exe 19:56:3:848 19:56:3:848 .exe 19:56:3:848 19:56:3:848 e 19:56:3:848 t.exe 19:56:3:848 19:56:3:848 19:56:3:848 19:56:3:848 .exe 19:56:3:848 19:56:3:848 19:56:3:848 v.exe 19:56:3:864 19:56:3:864 .exe 19:56:3:864 19:56:3:864 e 19:56:3:864 v.exe 19:56:3:864 19:56:3:864 .exe 19:56:3:864

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

KidoMd5Detect: Scan file: C:\WINDOWS\system32\svchost.ex fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\svchost

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\svchost.exe fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\svchost DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\svchost.ex fopen_ex: Trying to open file C:\WINDOWS\system32\svchos fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\svchost

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\spoolsv.exe fopen_ex: Trying to open file C:\WINDOWS\system32\spools fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\spoolsv DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\spoolsv.ex fopen_ex: Trying to open file C:\WINDOWS\system32\spools fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\spoolsv DetectCure: md5 clean

19:56:3:864 472 DetectCure: Scan file: c:\program files\idt\v114_ecs_d_6 207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe 19:56:3:864 472 fopen_ex: Trying to open file c:\program files\idt\v114_ ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe 19:56:3:879 472 fopen_ex: File opened ok 19:56:3:895 472 fclose_ex: Try to close file c:\program files\idt\v114_e cs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe 19:56:3:895 472 DetectCure: generic clean 19:56:3:895 472 KidoMd5Detect: Scan file: c:\program files\idt\v114_ecs_ d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe 19:56:3:895 472 fopen_ex: Trying to open file c:\program files\idt\v114_ ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe 19:56:3:895 472 fopen_ex: File opened ok 19:56:3:942 472 fclose_ex: Try to close file c:\program files\idt\v114_e cs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe

19:56:3:942 19:56:3:942 19:56:3:942 19:56:3:942 19:56:3:957 19:56:3:957 19:56:3:957 19:56:3:957 19:56:3:957 19:56:4:20 19:56:4:20 19:56:4:20 19:56:4:20 e 19:56:4:36 19:56:4:36 19:56:4:36 19:56:4:36 19:56:4:36 e 19:56:4:36 19:56:4:51 19:56:4:51 19:56:4:51 19:56:4:51 19:56:4:51 19:56:4:67 19:56:4:67 19:56:4:67 19:56:4:67 19:56:4:67 19:56:4:67 19:56:4:208 19:56:4:208 19:56:4:208 19:56:4:208 .exe 19:56:4:223 19:56:4:223 exe 19:56:4:223 19:56:4:223 19:56:4:223 .exe 19:56:4:239 19:56:4:239 19:56:4:239 19:56:4:239 exe 19:56:4:239 19:56:4:239 19:56:4:239 t.exe 19:56:4:239 19:56:4:239

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\Explorer.EXE fopen_ex: Trying to open file C:\WINDOWS\Explorer.EXE fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\Explorer.EXE DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\Explorer.EXE fopen_ex: Trying to open file C:\WINDOWS\Explorer.EXE fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\Explorer.EXE DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\System32\alg.exe fopen_ex: Trying to open file C:\WINDOWS\System32\alg.ex fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\System32\alg.exe DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\System32\alg.exe fopen_ex: Trying to open file C:\WINDOWS\System32\alg.ex fopen_ex: File opened ok KidoMd5Detect: MaskSize > FileSize on mask 29, continue fclose_ex: Try to close file C:\WINDOWS\System32\alg.exe DetectCure: md5 clean DetectCure: Scan file: D:\netcafe 7\NET24HS.EXE fopen_ex: Trying to open file D:\netcafe 7\NET24HS.EXE fopen_ex: File opened ok fclose_ex: Try to close file D:\netcafe 7\NET24HS.EXE DetectCure: generic clean KidoMd5Detect: Scan file: D:\netcafe 7\NET24HS.EXE fopen_ex: Trying to open file D:\netcafe 7\NET24HS.EXE fopen_ex: File opened ok fclose_ex: Try to close file D:\netcafe 7\NET24HS.EXE DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\ctfmon.exe fopen_ex: Trying to open file C:\WINDOWS\system32\ctfmon fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\ctfmon. DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\ctfmon.exe fopen_ex: Trying to open file C:\WINDOWS\system32\ctfmon fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\ctfmon.

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\System32\svchost.exe fopen_ex: Trying to open file C:\WINDOWS\System32\svchos fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\System32\svchost

.exe 19:56:4:239 19:56:4:239 e 19:56:4:239 t.exe 19:56:4:239 19:56:4:239 19:56:4:239 19:56:4:239 .exe 19:56:4:239

472 472 472 472 472 472 472 472

DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\System32\svchost.ex fopen_ex: Trying to open file C:\WINDOWS\System32\svchos fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\System32\svchost

DetectCure: md5 clean DetectCure: Scan file: C:\Program Files\Mozilla Firefox\ fopen_ex: Trying to open file C:\Program Files\Mozilla F fopen_ex: File opened ok fclose_ex: Try to close file C:\Program Files\Mozilla Fi DetectCure: generic clean KidoMd5Detect: Scan file: C:\Program Files\Mozilla Firef fopen_ex: Trying to open file C:\Program Files\Mozilla F fopen_ex: File opened ok KidoMd5Detect: Null pHash on mask 0 fclose_ex: Try to close file C:\Program Files\Mozilla Fi DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\utilman.exe fopen_ex: Trying to open file C:\WINDOWS\system32\utilma fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\utilman DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\utilman.ex fopen_ex: Trying to open file C:\WINDOWS\system32\utilma fopen_ex: File opened ok KidoMd5Detect: MaskSize > FileSize on mask 29, continue fclose_ex: Try to close file C:\WINDOWS\system32\utilman DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\osk.exe fopen_ex: Trying to open file C:\WINDOWS\system32\osk.ex fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\osk.exe DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\osk.exe fopen_ex: Trying to open file C:\WINDOWS\system32\osk.ex fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\osk.exe DetectCure: md5 clean

19:56:4:239 472 firefox.exe 19:56:4:239 472 irefox\firefox.exe 19:56:4:239 472 19:56:4:239 472 refox\firefox.exe 19:56:4:239 472 19:56:4:239 472 ox\firefox.exe 19:56:4:239 472 irefox\firefox.exe 19:56:4:239 472 19:56:4:286 472 19:56:4:286 472 refox\firefox.exe 19:56:4:286 472 19:56:4:286 19:56:4:286 n.exe 19:56:4:301 19:56:4:301 .exe 19:56:4:301 19:56:4:301 e 19:56:4:301 n.exe 19:56:4:301 19:56:4:301 19:56:4:301 .exe 19:56:4:301 19:56:4:301 19:56:4:301 e 19:56:4:317 19:56:4:317 19:56:4:317 19:56:4:317 19:56:4:317 e 19:56:4:317 19:56:4:333 19:56:4:333 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

19:56:4:333 19:56:4:333 X.EXE 19:56:4:348 19:56:4:348 .EXE 19:56:4:348 19:56:4:348 E 19:56:4:348 X.EXE 19:56:4:348 19:56:4:348 19:56:4:348 19:56:4:348 .EXE 19:56:4:348

472 472 472 472 472 472 472 472 472 472 472 472

DetectCure: Scan file: C:\WINDOWS\system32\MSSWCHX.EXE fopen_ex: Trying to open file C:\WINDOWS\system32\MSSWCH fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\MSSWCHX DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\MSSWCHX.EX fopen_ex: Trying to open file C:\WINDOWS\system32\MSSWCH fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\MSSWCHX

DetectCure: md5 clean

19:56:4:348 472 DetectCure: Scan file: C:\Program Files\Internet Downloa d Manager\IEMonitor.exe 19:56:4:348 472 fopen_ex: Trying to open file C:\Program Files\Internet Download Manager\IEMonitor.exe 19:56:4:348 472 fopen_ex: File opened ok 19:56:4:348 472 fclose_ex: Try to close file C:\Program Files\Internet D ownload Manager\IEMonitor.exe 19:56:4:348 472 DetectCure: generic clean 19:56:4:348 472 KidoMd5Detect: Scan file: C:\Program Files\Internet Down load Manager\IEMonitor.exe 19:56:4:348 472 fopen_ex: Trying to open file C:\Program Files\Internet Download Manager\IEMonitor.exe 19:56:4:348 472 fopen_ex: File opened ok 19:56:4:379 472 fclose_ex: Try to close file C:\Program Files\Internet D ownload Manager\IEMonitor.exe 19:56:4:379 472 DetectCure: md5 clean 19:56:4:379 472 DetectCure: Scan file: C:\Documents and Settings\Adminis trator\Start Menu\Programs\Startup\Fix Generic Host.exe 19:56:4:379 472 fopen_ex: Trying to open file C:\Documents and Settings\ Administrator\Start Menu\Programs\Startup\Fix Generic Host.exe 19:56:4:379 472 fopen_ex: File opened ok 19:56:4:379 472 fclose_ex: Try to close file C:\Documents and Settings\A dministrator\Start Menu\Programs\Startup\Fix Generic Host.exe 19:56:4:379 472 DetectCure: generic clean 19:56:4:379 472 KidoMd5Detect: Scan file: C:\Documents and Settings\Admi nistrator\Start Menu\Programs\Startup\Fix Generic Host.exe 19:56:4:379 472 fopen_ex: Trying to open file C:\Documents and Settings\ Administrator\Start Menu\Programs\Startup\Fix Generic Host.exe 19:56:4:379 472 fopen_ex: File opened ok 19:56:4:379 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:4:379 472 fclose_ex: Try to close file C:\Documents and Settings\A dministrator\Start Menu\Programs\Startup\Fix Generic Host.exe 19:56:4:379 472 DetectCure: md5 clean 19:56:4:379 472 DetectCure: Scan file: C:\Program Files\Internet Downloa d Manager\IDMan.exe 19:56:4:379 472 fopen_ex: Trying to open file C:\Program Files\Internet Download Manager\IDMan.exe 19:56:4:379 472 fopen_ex: File opened ok 19:56:4:395 472 fclose_ex: Try to close file C:\Program Files\Internet D

ownload Manager\IDMan.exe 19:56:4:395 472 DetectCure: generic clean 19:56:4:395 472 KidoMd5Detect: Scan file: C:\Program Files\Internet Down load Manager\IDMan.exe 19:56:4:395 472 fopen_ex: Trying to open file C:\Program Files\Internet Download Manager\IDMan.exe 19:56:4:395 472 fopen_ex: File opened ok 19:56:4:614 472 fclose_ex: Try to close file C:\Program Files\Internet D ownload Manager\IDMan.exe 19:56:4:614 472 DetectCure: md5 clean 19:56:4:614 19:56:4:629 e 19:56:4:629 19:56:4:629 19:56:4:629 19:56:4:629 19:56:4:629 e 19:56:4:629 19:56:4:645 19:56:4:645 19:56:4:645 .exe 19:56:4:645 miprvse.exe 19:56:4:645 19:56:4:661 iprvse.exe 19:56:4:661 19:56:4:661 vse.exe 19:56:4:661 miprvse.exe 19:56:4:661 19:56:4:676 iprvse.exe 19:56:4:676 19:56:4:676 .exe 19:56:4:676 miprvse.exe 19:56:4:676 19:56:4:692 iprvse.exe 19:56:4:692 19:56:4:692 vse.exe 19:56:4:692 miprvse.exe 19:56:4:692 19:56:4:692 iprvse.exe 19:56:4:692 19:56:4:692 19:56:4:692 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 DetectCure: Scan file: C:\WINDOWS\system32\cmd.exe fopen_ex: Trying to open file C:\WINDOWS\system32\cmd.ex fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\cmd.exe DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\cmd.exe fopen_ex: Trying to open file C:\WINDOWS\system32\cmd.ex fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\cmd.exe DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\wbem\wmiprvse fopen_ex: Trying to open file C:\WINDOWS\system32\wbem\w fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\wbem\wm DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\wbem\wmipr fopen_ex: Trying to open file C:\WINDOWS\system32\wbem\w fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\wbem\wm DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\wbem\wmiprvse fopen_ex: Trying to open file C:\WINDOWS\system32\wbem\w fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\wbem\wm DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\wbem\wmipr fopen_ex: Trying to open file C:\WINDOWS\system32\wbem\w fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\wbem\wm DetectCure: md5 clean scanning threads ...

19:56:4:692 dCount 3 19:56:4:692 19:56:4:708 19:56:4:708 19:56:4:708 adCount 11 19:56:4:708 19:56:4:723 19:56:4:723 19:56:4:739 19:56:4:739 19:56:4:739 19:56:4:739 19:56:4:739 19:56:4:739 19:56:4:739 19:56:4:739 19:56:4:739 hreadCount 19 19:56:4:739 19:56:4:739 19:56:4:739 19:56:4:786 19:56:4:786 19:56:4:833 19:56:4:833 19:56:4:848 19:56:4:848 19:56:4:848 19:56:4:848 19:56:4:880 19:56:4:880 19:56:4:911 19:56:4:926 19:56:4:926 19:56:4:926 19:56:4:942 19:56:4:942 19:56:4:958 hreadCount 17 19:56:4:958 19:56:4:958 19:56:4:958 19:56:4:958 19:56:4:958 19:56:5:5 19:56:5:5 19:56:5:5 19:56:5:5 19:56:5:20 19:56:5:20 19:56:5:20 19:56:5:36 19:56:5:36 19:56:5:36 19:56:5:51 19:56:5:51 19:56:5:51 adCount 20

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

KillThreads: Scan process PID: 520 Name "smss.exe" Threa ScanThread: Thread 524 base addr: 4858A4C8 ScanThread: Thread 528 base addr: 485893B2 ScanThread: Thread 532 base addr: 1681 KillThreads: Scan process PID: 568 Name "csrss.exe" Thre ScanThread: Thread 576 base addr: 75B67D63 ScanThread: Thread 580 base addr: 75B6BEBD ScanThread: Thread 584 base addr: 75B44616 ScanThread: Thread 588 base addr: 75B43B3A ScanThread: Thread 600 base addr: 75B44616 ScanThread: Thread 604 base addr: 75B67CDF ScanThread: Thread 608 base addr: 75B67CDF ScanThread: Thread 656 base addr: 75B67CDF ScanThread: Thread 704 base addr: 75B44616 ScanThread: Thread 1916 base addr: 75B67FD4 ScanThread: Thread 1832 base addr: 75B61E82 KillThreads: Scan process PID: 592 Name "winlogon.exe" T ScanThread: Thread 596 base addr: 103E5E1 ScanThread: Thread 616 base addr: 483F ScanThread: Thread 624 base addr: 7C927EBB ScanThread: Thread 628 base addr: 7C910230 ScanThread: Thread 632 base addr: 77E76C7D ScanThread: Thread 644 base addr: 7C929B6F ScanThread: Thread 716 base addr: 76C6C80B ScanThread: Thread 720 base addr: 76C6C54E ScanThread: Thread 724 base addr: 76C6C54E ScanThread: Thread 1004 base addr: 1039E58 ScanThread: Thread 1032 base addr: 76602D3C ScanThread: Thread 1220 base addr: 77E76C7D ScanThread: Thread 1376 base addr: 769C8761 ScanThread: Thread 1380 base addr: 769D3C11 ScanThread: Thread 1384 base addr: 769D3C11 ScanThread: Thread 1472 base addr: 72D230E8 ScanThread: Thread 1484 base addr: 76B44DCA ScanThread: Thread 1812 base addr: 77E76C7D ScanThread: Thread 1488 base addr: 77E76C7D KillThreads: Scan process PID: 636 Name "services.exe" T ScanThread: Thread 660 base addr: 7C927EBB ScanThread: Thread 664 base addr: 7C91059A ScanThread: Thread 668 base addr: 7C929B6F ScanThread: Thread 764 base addr: 7C910230 ScanThread: Thread 780 base addr: 7C8106E9 ScanThread: Thread 788 base addr: 776C3AB8 ScanThread: Thread 820 base addr: 100A6CA ScanThread: Thread 844 base addr: 9CD1 ScanThread: Thread 952 base addr: 7DBA35A1 ScanThread: Thread 956 base addr: 7DBA5D5B ScanThread: Thread 496 base addr: 769C8761 ScanThread: Thread 1928 base addr: 7C8106E9 ScanThread: Thread 1496 base addr: 5F773E24 ScanThread: Thread 1740 base addr: 5F771D97 ScanThread: Thread 1716 base addr: 7C8106E9 ScanThread: Thread 1604 base addr: 7C8106E9 ScanThread: Thread 1736 base addr: 77E76C7D KillThreads: Scan process PID: 648 Name "lsass.exe" Thre

19:56:5:51 19:56:5:98 19:56:5:98 19:56:5:98 19:56:5:98 19:56:5:98 19:56:5:114 19:56:5:114 19:56:5:114 19:56:5:114 19:56:5:114 19:56:5:114 19:56:5:145 19:56:5:176 19:56:5:176 19:56:5:176 19:56:5:176 19:56:5:176 19:56:5:176 19:56:5:176 19:56:5:192 readCount 16 19:56:5:192 19:56:5:192 19:56:5:192 19:56:5:192 19:56:5:208 19:56:5:208 19:56:5:208 19:56:5:208 19:56:5:208 19:56:5:208 19:56:5:223 19:56:5:223 19:56:5:223 19:56:5:223 19:56:5:239 19:56:5:239 19:56:5:239 readCount 10 19:56:5:239 19:56:5:239 19:56:5:239 19:56:5:239 19:56:5:239 19:56:5:255 19:56:5:255 19:56:5:255 19:56:5:255 19:56:5:255 19:56:5:270 readCount 6 19:56:5:270 19:56:5:270 19:56:5:270 19:56:5:270 19:56:5:286 19:56:5:286 19:56:5:286 hreadCount 15

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

ScanThread: Thread 672 base addr: 75753EDB ScanThread: Thread 676 base addr: 7C927EBB ScanThread: Thread 680 base addr: 7C910230 ScanThread: Thread 684 base addr: 7C929B6F ScanThread: Thread 688 base addr: EBD2 ScanThread: Thread 700 base addr: 7C91059A ScanThread: Thread 740 base addr: 154B9 ScanThread: Thread 752 base addr: 75738D13 ScanThread: Thread 756 base addr: 77E76C7D ScanThread: Thread 792 base addr: 51FB ScanThread: Thread 1556 base addr: 75738D13 ScanThread: Thread 1632 base addr: 77DF3519 ScanThread: Thread 1724 base addr: 77C3A341 ScanThread: Thread 1728 base addr: 77C3A341 ScanThread: Thread 1732 base addr: 77C3A341 ScanThread: Thread 816 base addr: 77E76C7D ScanThread: Thread 1340 base addr: 769C8761 ScanThread: Thread 164 base addr: 75E9 ScanThread: Thread 1144 base addr: 77E76C7D ScanThread: Thread 392 base addr: 75738D13 KillThreads: Scan process PID: 800 Name "svchost.exe" Th ScanThread: Thread 804 base addr: 1002509 ScanThread: Thread 828 base addr: 7C927EBB ScanThread: Thread 836 base addr: 7C929B6F ScanThread: Thread 1848 base addr: 7610FF2F ScanThread: Thread 1872 base addr: 1816 ScanThread: Thread 1876 base addr: 180B ScanThread: Thread 1880 base addr: 760FEA3C ScanThread: Thread 1884 base addr: 760FE934 ScanThread: Thread 1888 base addr: 760FA7CE ScanThread: Thread 1892 base addr: 769C8761 ScanThread: Thread 1900 base addr: 7C8106E9 ScanThread: Thread 1040 base addr: 7C910230 ScanThread: Thread 456 base addr: 7C8106E9 ScanThread: Thread 396 base addr: 7C8106E9 ScanThread: Thread 1640 base addr: 77E76C7D ScanThread: Thread 728 base addr: 7C8106E9 KillThreads: Scan process PID: 856 Name "svchost.exe" Th ScanThread: Thread 860 base addr: 1002509 ScanThread: Thread 864 base addr: 77DF3519 ScanThread: Thread 868 base addr: 7C927EBB ScanThread: Thread 872 base addr: 7C910230 ScanThread: Thread 876 base addr: 7C929B6F ScanThread: Thread 900 base addr: 7C8106E9 ScanThread: Thread 904 base addr: 77E76C7D ScanThread: Thread 920 base addr: 15423 ScanThread: Thread 184 base addr: 7C8106E9 ScanThread: Thread 1452 base addr: 77E76C7D KillThreads: Scan process PID: 992 Name "svchost.exe" Th ScanThread: Thread 996 base addr: 1002509 ScanThread: Thread 1016 base addr: 76775597 ScanThread: Thread 1020 base addr: 767744BB ScanThread: Thread 1628 base addr: 7C8106E9 ScanThread: Thread 464 base addr: 7C8106E9 ScanThread: Thread 408 base addr: 7C8106E9 KillThreads: Scan process PID: 1076 Name "svchost.exe" T

19:56:5:286 19:56:5:286 19:56:5:286 19:56:5:301 19:56:5:317 19:56:5:317 19:56:5:317 19:56:5:317 19:56:5:333 19:56:5:333 19:56:5:333 19:56:5:333 19:56:5:333 19:56:5:348 19:56:5:348 19:56:5:348 hreadCount 11 19:56:5:348 19:56:5:348 19:56:5:348 19:56:5:348 19:56:5:348 19:56:5:348 19:56:5:348 19:56:5:364 19:56:5:395 19:56:5:395 19:56:5:395 19:56:5:411 readCount 9 19:56:5:411 19:56:5:442 19:56:5:442 19:56:5:442 19:56:5:505 19:56:5:505 19:56:5:505 19:56:5:505 19:56:5:520 19:56:5:520 ThreadCount 15 19:56:5:520 19:56:5:567 19:56:5:583 19:56:5:598 19:56:5:598 19:56:5:598 19:56:5:614 19:56:5:614 19:56:5:614 19:56:5:614 19:56:5:614 19:56:5:614 19:56:5:661 19:56:5:661 19:56:5:661 19:56:5:661 Count 5 19:56:5:661 19:56:5:661

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

ScanThread: Thread 1080 base addr: 1002509 ScanThread: Thread 1084 base addr: 77DF3519 ScanThread: Thread 1096 base addr: 74C41AC0 ScanThread: Thread 1592 base addr: 5A6E587C ScanThread: Thread 1596 base addr: 5A6E587C ScanThread: Thread 1600 base addr: 7C8106E9 ScanThread: Thread 1968 base addr: 77DF3519 ScanThread: Thread 2016 base addr: 7C927EBB ScanThread: Thread 2020 base addr: 7C910230 ScanThread: Thread 2024 base addr: 7C929B6F ScanThread: Thread 2028 base addr: 36C4 ScanThread: Thread 2032 base addr: 765E721F ScanThread: Thread 1656 base addr: 7C910230 ScanThread: Thread 1176 base addr: 7C8106E9 ScanThread: Thread 1908 base addr: 77E76C7D KillThreads: Scan process PID: 1256 Name "spoolsv.exe" T ScanThread: Thread 1260 base addr: 100461B ScanThread: Thread 1264 base addr: 77DF3519 ScanThread: Thread 1268 base addr: 4F4C ScanThread: Thread 1280 base addr: 1003DAA ScanThread: Thread 1984 base addr: 5B37 ScanThread: Thread 124 base addr: 100429C ScanThread: Thread 224 base addr: 723F172D ScanThread: Thread 240 base addr: 75BB29BB ScanThread: Thread 244 base addr: 75BB5C26 ScanThread: Thread 328 base addr: 77E76C7D ScanThread: Thread 1692 base addr: 77E76C7D KillThreads: Scan process PID: 1288 Name "STacSV.exe" Th ScanThread: Thread 1292 base addr: 41605A ScanThread: Thread 1476 base addr: 72D230E8 ScanThread: Thread 1516 base addr: 77DF3519 ScanThread: Thread 1528 base addr: 774FE43B ScanThread: Thread 1536 base addr: 409E00 ScanThread: Thread 1540 base addr: 40CB30 ScanThread: Thread 1544 base addr: 40D000 ScanThread: Thread 1548 base addr: 10005E6A ScanThread: Thread 128 base addr: 7C8106E9 KillThreads: Scan process PID: 1348 Name "Explorer.EXE" ScanThread: Thread 1352 base addr: 101A55F ScanThread: Thread 1400 base addr: 77F76ED3 ScanThread: Thread 1404 base addr: 7C927EBB ScanThread: Thread 1412 base addr: 7C929B6F ScanThread: Thread 1436 base addr: 77F76ED3 ScanThread: Thread 1688 base addr: 762835DF ScanThread: Thread 1696 base addr: 72D230E8 ScanThread: Thread 1212 base addr: 769C8761 ScanThread: Thread 1428 base addr: 76B44DCA ScanThread: Thread 884 base addr: 13CCF ScanThread: Thread 1672 base addr: 7C910230 ScanThread: Thread 1272 base addr: 75FA5339 ScanThread: Thread 1092 base addr: 774FE43B ScanThread: Thread 1772 base addr: 77C3A341 ScanThread: Thread 1184 base addr: 7C910230 KillThreads: Scan process PID: 232 Name "alg.exe" Thread ScanThread: Thread 236 base addr: 1005BC6 ScanThread: Thread 252 base addr: 77DF3519

19:56:5:677 19:56:5:677 19:56:5:677 19:56:5:677 readCount 15 19:56:5:677 19:56:5:802 19:56:5:848 19:56:5:911 19:56:5:911 19:56:5:911 19:56:5:927 19:56:5:942 19:56:5:958 19:56:5:958 19:56:5:958 19:56:5:958 19:56:5:958 19:56:6:52 19:56:6:67 19:56:6:83 eadCount 1 19:56:6:83 19:56:6:83 hreadCount 59 19:56:6:83 19:56:6:83 19:56:6:83 19:56:6:99 19:56:6:99 19:56:6:99 19:56:6:99 19:56:6:114 19:56:6:114 19:56:6:114 19:56:6:114 19:56:6:114 19:56:6:114 19:56:6:114 19:56:6:114 19:56:6:130 19:56:6:145 19:56:6:145 19:56:6:145 19:56:6:145 19:56:6:145 19:56:6:177 19:56:6:177 19:56:6:192 19:56:6:208 19:56:6:239 19:56:6:239 19:56:6:255 19:56:6:270 19:56:6:286 19:56:6:286 19:56:6:286 19:56:6:286 19:56:6:286 19:56:6:286

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

ScanThread: Thread 264 base addr: 7C8106E9 ScanThread: Thread 276 base addr: 7C927EBB ScanThread: Thread 320 base addr: 7C910230 KillThreads: Scan process PID: 148 Name "NET24HS.EXE" Th ScanThread: Thread 172 base addr: 40888C ScanThread: Thread 960 base addr: 76663AAF ScanThread: Thread 1980 base addr: 1B004723 ScanThread: Thread 388 base addr: 1B004723 ScanThread: Thread 1992 base addr: 1B004723 ScanThread: Thread 936 base addr: 5B891259 ScanThread: Thread 2004 base addr: 771CACBF ScanThread: Thread 980 base addr: 7C927EBB ScanThread: Thread 1072 base addr: 72D230E8 ScanThread: Thread 1104 base addr: C084C94 ScanThread: Thread 268 base addr: 76B44DCA ScanThread: Thread 1868 base addr: CE9E ScanThread: Thread 1664 base addr: 7E84A6B2 ScanThread: Thread 1056 base addr: 71A5D33A ScanThread: Thread 1512 base addr: 7E84A6B2 KillThreads: Scan process PID: 972 Name "CTFMON.EXE" Thr ScanThread: Thread 1792 base addr: 402E35 KillThreads: Scan process PID: 1060 Name "svchost.exe" T ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread 1100 base addr: 1002509 880 base addr: 77DF3519 260 base addr: 7C927EBB 1768 base addr: 1470D 1048 base addr: 77DF3519 1064 base addr: 144F8 508 base addr: 7730B1B3 1532 base addr: 7730A8FA 1200 base addr: 7730A5F7 1172 base addr: 7C8106E9 1180 base addr: 15420 852 base addr: 77DF3519 1000 base addr: 5F771C49 1088 base addr: 5F771C49 1500 base addr: 5F743C44 1616 base addr: 73405A2B 2012 base addr: 73405A2B 1356 base addr: 77DF3519 1120 base addr: 75887BB8 160 base addr: 7C8106E9 152 base addr: 57CDE236 1764 base addr: 720019F8 120 base addr: 57D46DD4 572 base addr: 57D29BC0 940 base addr: 57D91F91 1236 base addr: 57D63F47 776 base addr: 76EBE104 256 base addr: 72AEDD34 364 base addr: 7225C362 1780 base addr: 77E76C7D 944 base addr: 77E76C7D 1460 base addr: 736F 612 base addr: 7C8106E9 1168 base addr: 77E76C7D 1216 base addr: 7C91059A

19:56:6:286 19:56:6:302 19:56:6:317 19:56:6:349 19:56:6:349 19:56:6:364 19:56:6:364 19:56:6:364 19:56:6:364 19:56:6:364 19:56:6:380 19:56:6:427 19:56:6:427 19:56:6:427 19:56:6:427 19:56:6:427 19:56:6:442 19:56:6:442 19:56:6:442 19:56:6:442 19:56:6:442 19:56:6:442 19:56:6:458 19:56:6:458 19:56:6:474 readCount 44 19:56:6:474 19:56:6:536 19:56:6:802 19:56:6:864 19:56:6:864 19:56:6:864 19:56:6:864 19:56:6:864 19:56:6:880 19:56:6:880 19:56:6:880 19:56:6:880 19:56:6:880 19:56:6:880 19:56:6:880 19:56:6:989 19:56:7:5 19:56:7:5 19:56:7:5 19:56:7:21 19:56:7:21 19:56:7:21 19:56:7:21 19:56:7:21 19:56:7:21 19:56:7:21 19:56:7:21 19:56:7:114 19:56:7:286 19:56:7:286 19:56:7:286 19:56:7:302 19:56:7:302 19:56:7:302

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

ScanThread: Thread 1252 base addr: 728150CC ScanThread: Thread 1560 base addr: 726C613A ScanThread: Thread 1324 base addr: 7DB72C4F ScanThread: Thread 928 base addr: 7C910230 ScanThread: Thread 1896 base addr: 7C8106E9 ScanThread: Thread 1976 base addr: 77E76C7D ScanThread: Thread 1844 base addr: 7C8106E9 ScanThread: Thread 1580 base addr: 7C910230 ScanThread: Thread 272 base addr: 7C910230 ScanThread: Thread 1804 base addr: 7529ED0F ScanThread: Thread 188 base addr: 762CF0A3 ScanThread: Thread 1112 base addr: 7529E418 ScanThread: Thread 1988 base addr: 15422 ScanThread: Thread 824 base addr: 762CF0A3 ScanThread: Thread 1196 base addr: 15418 ScanThread: Thread 1432 base addr: 774FE43B ScanThread: Thread 440 base addr: 1541A ScanThread: Thread 404 base addr: 762CF0A3 ScanThread: Thread 416 base addr: 77E76C7D ScanThread: Thread 1748 base addr: 77DF845A ScanThread: Thread 372 base addr: 774FE43B ScanThread: Thread 1840 base addr: 74F0742E ScanThread: Thread 1492 base addr: 74F0742E ScanThread: Thread 708 base addr: 769C8761 KillThreads: Scan process PID: 640 Name "firefox.exe" Th ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread Thread 1052 base addr: 401840 1504 base addr: 10253278 1816 base addr: 78132C50 1276 base addr: 78132C50 1920 base addr: 78132C50 1924 base addr: 78132C50 1232 base addr: 78132C50 1224 base addr: 78132C50 1036 base addr: 78132C50 180 base addr: 78132C50 1364 base addr: 76B5AEAF 736 base addr: 78132C50 484 base addr: 78132C50 308 base addr: 1211A 1996 base addr: 4650626 912 base addr: 4650626 1248 base addr: 7C927EBB 748 base addr: 7C91059A 1132 base addr: 7C929B6F 1300 base addr: 771CACBF 964 base addr: 774FE43B 1644 base addr: 71A5D33A 1800 base addr: 72D230E8 1652 base addr: 76B44DCA 888 base addr: 12174 460 base addr: 77C3A341 1520 base addr: 7486EA64 1624 base addr: 4B69D0BE 1408 base addr: 13BFF 412 base addr: 78132C50 384 base addr: 78132C50 1392 base addr: 78132C50 1852 base addr: 7C910230 1188 base addr: 77C3A341

19:56:7:302 472 19:56:7:302 472 19:56:7:317 472 19:56:7:317 472 19:56:7:333 472 19:56:7:349 472 19:56:7:349 472 19:56:7:349 472 19:56:7:349 472 19:56:7:349 472 19:56:7:474 472 readCount 1 19:56:7:474 472 19:56:7:474 472 dCount 2 19:56:7:474 472 19:56:7:489 472 19:56:7:489 472 readCount 1 19:56:7:489 472 19:56:7:489 472 ThreadCount 1 19:56:7:489 472 19:56:7:505 472 st.exe" ThreadCount 1 19:56:7:505 472 19:56:7:505 472 adCount 6 19:56:7:505 472 19:56:7:661 472 19:56:7:661 472 19:56:7:661 472 19:56:7:677 472 19:56:7:677 472 19:56:7:677 472 dCount 1 19:56:7:677 472 19:56:7:708 472 ount 1 19:56:7:708 472 19:56:7:708 472 hreadCount 10 19:56:7:708 472 19:56:7:724 472 19:56:7:724 472 19:56:7:739 472 19:56:7:739 472 19:56:7:739 472 19:56:7:739 472 19:56:7:739 472 19:56:7:833 472 19:56:7:833 472 19:56:7:833 472 ThreadCount 6 19:56:7:833 472 19:56:7:833 472 19:56:7:833 472 19:56:7:849 472 19:56:7:849 472 19:56:7:849 472

ScanThread: Thread 336 base addr: 77C3A341 ScanThread: Thread 1440 base addr: 4B71ED55 ScanThread: Thread 1756 base addr: 77C3A341 ScanThread: Thread 1368 base addr: 7484C56E ScanThread: Thread 984 base addr: 73F1B2A1 ScanThread: Thread 2008 base addr: 73F1B2A1 ScanThread: Thread 488 base addr: 774FE43B ScanThread: Thread 536 base addr: 77C3A341 ScanThread: Thread 1464 base addr: 77C3A341 ScanThread: Thread 368 base addr: 7D85B526 KillThreads: Scan process PID: 112 Name "utilman.exe" Th ScanThread: Thread 200 base addr: 10051A7 KillThreads: Scan process PID: 1448 Name "osk.exe" Threa ScanThread: Thread 1308 base addr: 101A9F1 ScanThread: Thread 968 base addr: 1015E7C KillThreads: Scan process PID: 832 Name "MSSWCHX.EXE" Th ScanThread: Thread 1552 base addr: 100160D KillThreads: Scan process PID: 1024 Name "IEMonitor.exe" ScanThread: Thread 540 base addr: 40D89A KillThreads: Scan process PID: 1712 Name "Fix Generic Ho ScanThread: Thread 1752 base addr: 40132C KillThreads: Scan process PID: 840 Name "IDMan.exe" Thre ScanThread: Thread 204 base addr: 55DBF9 ScanThread: Thread 1416 base addr: 77DF845A ScanThread: Thread 552 base addr: 467650 ScanThread: Thread 932 base addr: 7C8106E9 ScanThread: Thread 560 base addr: 12173 ScanThread: Thread 1296 base addr: 71A5D33A KillThreads: Scan process PID: 1156 Name "cmd.exe" Threa ScanThread: Thread 1684 base addr: 4AD05046 KillThreads: Scan process PID: 652 Name "KK.exe" ThreadC KillThreads: Current thread, skipping... KillThreads: Scan process PID: 812 Name "WMIPRVSE.EXE" T ScanThread: Thread 176 base addr: 1024636 ScanThread: Thread 1160 base addr: 5F771C49 ScanThread: Thread 548 base addr: 7C8106E9 ScanThread: Thread 2040 base addr: 774FE43B ScanThread: Thread 1808 base addr: 100CE42 ScanThread: Thread 2000 base addr: 7C8106E9 ScanThread: Thread 192 base addr: 7C8106E9 ScanThread: Thread 1228 base addr: 46B6FDB9 ScanThread: Thread 1680 base addr: 77E3E955 ScanThread: Thread 1136 base addr: 77DF845A KillThreads: Scan process PID: 1128 Name "WMIPRVSE.EXE" ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: ScanThread: Thread Thread Thread Thread Thread Thread 436 base addr: 1024636 1932 base addr: 5F771C49 228 base addr: 7C8106E9 1192 base addr: 774FE43B 1444 base addr: 100CE42 156 base addr: 7C8106E9

19:56:7:864 19:56:7:864 19:56:8:5 19:56:8:5 19:56:8:5 19:56:8:5 19:56:8:5 19:56:8:5 19:56:8:5 19:56:8:5 19:56:8:21 19:56:8:21 19:56:8:21 19:56:8:21 2 19:56:8:21 2\config 19:56:8:21 ff 19:56:8:21 \userdiff 19:56:8:52 19:56:8:52 userdiff 19:56:8:52 19:56:8:52 rdiff 19:56:8:52 \userdiff 19:56:8:52 19:56:8:83 19:56:8:83 19:56:8:83 userdiff 19:56:8:83

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

scanning AntiSplice: AntiSplice: AntiSplice: AntiSplice: AntiSplice: scanning AntiSplice: scanning AntiSplice:

modules in svchost.exe... process svchost.exe with PID 800 process svchost.exe with PID 856 process svchost.exe with PID 992 process svchost.exe with PID 1076 process svchost.exe with PID 1060 modules in services.exe... Scan process services.exe with PID 636 modules in explorer.exe... Scan process Explorer.EXE with PID 1348 Scan Scan Scan Scan Scan

scanning C:\WINDOWS\system32 ... ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 DetectCure: Scan file: C:\WINDOWS\system32\config\userdi fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\use fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean

19:56:8:83 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system .LOG 19:56:8:83 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \system.LOG 19:56:8:83 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:8:83 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\system.LOG 19:56:8:83 472 fopen_ex: FAT32 file system detected 19:56:8:536 472 fopen_ex: File opened ok 19:56:8:552 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ system.LOG 19:56:8:552 472 DetectCure: generic clean 19:56:8:552 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys tem.LOG 19:56:8:552 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \system.LOG 19:56:8:552 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:8:552 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\system.LOG 19:56:8:552 472 fopen_ex: FAT32 file system detected 19:56:8:662 472 fopen_ex: File opened ok 19:56:8:677 472 KidoMd5Detect: Null pHash on mask 0 19:56:8:677 472 KidoMd5Detect: Null pHash on mask 1 19:56:8:677 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue

19:56:8:677 system.LOG 19:56:8:677

472 472

fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: md5 clean

19:56:8:677 472 DetectCure: Scan file: C:\WINDOWS\system32\config\softwa re.LOG 19:56:8:677 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \software.LOG 19:56:8:677 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:8:677 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\software.LOG 19:56:8:677 472 fopen_ex: FAT32 file system detected 19:56:8:740 472 fopen_ex: File opened ok 19:56:8:755 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ software.LOG 19:56:8:755 472 DetectCure: generic clean 19:56:8:755 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sof tware.LOG 19:56:8:755 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \software.LOG 19:56:8:755 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:8:755 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\software.LOG 19:56:8:755 472 fopen_ex: FAT32 file system detected 19:56:8:833 472 fopen_ex: File opened ok 19:56:8:927 472 KidoMd5Detect: Null pHash on mask 0 19:56:8:927 472 KidoMd5Detect: Null pHash on mask 1 19:56:8:927 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:8:927 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ software.LOG 19:56:8:927 472 DetectCure: md5 clean 19:56:8:927 472 DetectCure: Scan file: C:\WINDOWS\system32\config\defaul t.LOG 19:56:8:927 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \default.LOG 19:56:8:927 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:8:927 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\default.LOG 19:56:8:927 472 fopen_ex: FAT32 file system detected 19:56:8:974 472 fopen_ex: File opened ok 19:56:8:990 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ default.LOG 19:56:8:990 472 DetectCure: generic clean 19:56:8:990 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\def ault.LOG 19:56:8:990 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \default.LOG 19:56:8:990 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:8:990 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\default.LOG 19:56:8:990 472 fopen_ex: FAT32 file system detected 19:56:9:52 472 fopen_ex: File opened ok 19:56:9:52 472 KidoMd5Detect: Null pHash on mask 0 19:56:9:52 472 KidoMd5Detect: Null pHash on mask 1 19:56:9:52 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:9:52 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ default.LOG 19:56:9:52 472 DetectCure: md5 clean

19:56:9:52 ff.LOG 19:56:9:52 \userdiff.LOG 19:56:9:68 19:56:9:68 userdiff.LOG 19:56:9:68 19:56:9:68 rdiff.LOG 19:56:9:68 \userdiff.LOG 19:56:9:68 19:56:9:68 19:56:9:68 19:56:9:68 19:56:9:68 userdiff.LOG 19:56:9:68 19:56:9:68 y.LOG 19:56:9:68 \TempKey.LOG 19:56:9:68 19:56:9:68 TempKey.LOG 19:56:9:68 19:56:9:68 pKey.LOG 19:56:9:68 \TempKey.LOG 19:56:9:68 19:56:9:68 19:56:9:68 19:56:9:68 19:56:9:68 TempKey.LOG 19:56:9:68 19:56:9:68 .sav 19:56:9:68 \system.sav 19:56:9:146 19:56:9:146 system.sav 19:56:9:146 19:56:9:146 tem.sav 19:56:9:146 \system.sav 19:56:9:146 19:56:9:193 19:56:9:193 19:56:9:193 system.sav 19:56:9:193 19:56:9:193

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

DetectCure: Scan file: C:\WINDOWS\system32\config\userdi fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\use fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\config\TempKe fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\Tem fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 MaskSize > FileSize on mask 29, continue to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\config\system fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\config\softwa

re.sav 19:56:9:193 \software.sav 19:56:9:224 19:56:9:224 software.sav 19:56:9:224 19:56:9:224 tware.sav 19:56:9:224 \software.sav 19:56:9:224 19:56:9:271 19:56:9:271 19:56:9:271 software.sav 19:56:9:271 19:56:9:271 t.sav 19:56:9:271 \default.sav 19:56:9:302 19:56:9:302 default.sav 19:56:9:302 19:56:9:302 ault.sav 19:56:9:302 \default.sav 19:56:9:302 19:56:9:302 19:56:9:302 19:56:9:302 default.sav 19:56:9:302

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sof fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\config\defaul fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\def fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean

19:56:9:302 472 DetectCure: Scan file: C:\WINDOWS\system32\config\SECURI TY 19:56:9:302 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \SECURITY 19:56:9:302 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:9:302 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SECURITY 19:56:9:302 472 fopen_ex: FAT32 file system detected 19:56:9:349 472 fopen_ex: File opened ok 19:56:9:365 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ SECURITY 19:56:9:365 472 DetectCure: generic clean 19:56:9:365 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\SEC URITY 19:56:9:365 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \SECURITY 19:56:9:365 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:9:365 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SECURITY 19:56:9:365 472 fopen_ex: FAT32 file system detected 19:56:9:412 472 fopen_ex: File opened ok 19:56:9:787 472 KidoMd5Detect: Null pHash on mask 0 19:56:9:787 472 KidoMd5Detect: Null pHash on mask 1

19:56:9:787 SECURITY 19:56:9:787

472 472

fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: md5 clean

19:56:9:787 472 DetectCure: Scan file: C:\WINDOWS\system32\config\SAM 19:56:9:787 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \SAM 19:56:9:787 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:9:787 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SAM 19:56:9:787 472 fopen_ex: FAT32 file system detected 19:56:9:927 472 fopen_ex: File opened ok 19:56:9:943 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ SAM 19:56:9:943 472 DetectCure: generic clean 19:56:9:943 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\SAM 19:56:9:943 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \SAM 19:56:9:943 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:9:943 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SAM 19:56:9:943 472 fopen_ex: FAT32 file system detected 19:56:10:6 472 fopen_ex: File opened ok 19:56:10:724 472 KidoMd5Detect: Null pHash on mask 0 19:56:10:724 472 KidoMd5Detect: Null pHash on mask 1 19:56:10:724 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ SAM 19:56:10:724 472 DetectCure: md5 clean 19:56:10:724 472 DetectCure: Scan file: C:\WINDOWS\system32\config\SECURI TY.LOG 19:56:10:724 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \SECURITY.LOG 19:56:10:724 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:10:724 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SECURITY.LOG 19:56:10:724 472 fopen_ex: FAT32 file system detected 19:56:10:896 472 fopen_ex: File opened ok 19:56:10:912 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ SECURITY.LOG 19:56:10:912 472 DetectCure: generic clean 19:56:10:912 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\SEC URITY.LOG 19:56:10:912 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \SECURITY.LOG 19:56:10:912 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:10:912 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SECURITY.LOG 19:56:10:912 472 fopen_ex: FAT32 file system detected 19:56:11:53 472 fopen_ex: File opened ok 19:56:11:68 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:68 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:68 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:68 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ SECURITY.LOG 19:56:11:68 472 DetectCure: md5 clean 19:56:11:68 G 19:56:11:68 472 472 DetectCure: Scan file: C:\WINDOWS\system32\config\SAM.LO fopen_ex: Trying to open file C:\WINDOWS\system32\config

\SAM.LOG 19:56:11:68 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:11:68 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SAM.LOG 19:56:11:68 472 fopen_ex: FAT32 file system detected 19:56:11:131 472 fopen_ex: File opened ok 19:56:11:146 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ SAM.LOG 19:56:11:146 472 DetectCure: generic clean 19:56:11:146 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\SAM .LOG 19:56:11:146 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \SAM.LOG 19:56:11:146 472 fopen_ex: CreateFile(dwAccessMask) error 32 19:56:11:146 472 fopen_ex: Sharing violation. Trying to raw open file C:\ WINDOWS\system32\config\SAM.LOG 19:56:11:146 472 fopen_ex: FAT32 file system detected 19:56:11:209 472 fopen_ex: File opened ok 19:56:11:225 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:225 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:225 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:225 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ SAM.LOG 19:56:11:225 472 DetectCure: md5 clean 19:56:11:225 nt.Evt 19:56:11:225 \AppEvent.Evt 19:56:11:225 19:56:11:225 AppEvent.Evt 19:56:11:225 19:56:11:225 Event.Evt 19:56:11:225 \AppEvent.Evt 19:56:11:225 19:56:11:225 19:56:11:225 19:56:11:225 AppEvent.Evt 19:56:11:225 19:56:11:225 nt.Evt 19:56:11:225 \SecEvent.Evt 19:56:11:240 19:56:11:240 SecEvent.Evt 19:56:11:240 19:56:11:240 Event.Evt 19:56:11:240 \SecEvent.Evt 19:56:11:240 19:56:11:240 19:56:11:240 19:56:11:240 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 DetectCure: Scan file: C:\WINDOWS\system32\config\AppEve fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\App fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\config\SecEve fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\Sec fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

SecEvent.Evt 19:56:11:240 19:56:11:240 nt.Evt 19:56:11:240 \SysEvent.Evt 19:56:11:240 19:56:11:240 SysEvent.Evt 19:56:11:240 19:56:11:240 Event.Evt 19:56:11:240 \SysEvent.Evt 19:56:11:240 19:56:11:240 19:56:11:240 19:56:11:240 SysEvent.Evt 19:56:11:240 19:56:11:240 et.evt 19:56:11:240 \Internet.evt 19:56:11:256 19:56:11:256 Internet.evt 19:56:11:256 19:56:11:256 ernet.evt 19:56:11:256 \Internet.evt 19:56:11:256 19:56:11:256 19:56:11:256 19:56:11:256 Internet.evt 19:56:11:256

472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472 472

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\config\SysEve fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\Sys fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean DetectCure: Scan file: C:\WINDOWS\system32\config\Intern fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File opened ok fclose_ex: Try to close file C:\WINDOWS\system32\config\ DetectCure: generic clean KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\Int fopen_ex: Trying to open file C:\WINDOWS\system32\config fopen_ex: File KidoMd5Detect: KidoMd5Detect: fclose_ex: Try opened ok Null pHash on mask 0 Null pHash on mask 1 to close file C:\WINDOWS\system32\config\

DetectCure: md5 clean

19:56:11:256 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile 19:56:11:256 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings 19:56:11:256 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Temp 19:56:11:287 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\History 19:56:11:287 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Temporary Internet Files 19:56:11:287 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Application Data 19:56:11:287 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Application Data\Microsoft 19:56:11:287 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player 19:56:11:287 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_5 9R.wmdb

19:56:11:287 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDat abase_59R.wmdb 19:56:11:303 472 fopen_ex: File opened ok 19:56:11:303 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentData base_59R.wmdb 19:56:11:303 472 DetectCure: generic clean 19:56:11:303 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabas e_59R.wmdb 19:56:11:303 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDat abase_59R.wmdb 19:56:11:303 472 fopen_ex: File opened ok 19:56:11:350 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:350 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:350 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentData base_59R.wmdb 19:56:11:350 472 DetectCure: md5 clean 19:56:11:350 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media 19:56:11:350 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9 .0 19:56:11:350 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML 19:56:11:350 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDK NS.XML 19:56:11:365 472 fopen_ex: File opened ok 19:56:11:365 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKN S.XML 19:56:11:365 472 DetectCure: generic clean 19:56:11:365 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.X ML 19:56:11:365 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDK NS.XML 19:56:11:365 472 fopen_ex: File opened ok 19:56:11:365 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:365 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:365 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:365 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKN S.XML 19:56:11:365 472 DetectCure: md5 clean 19:56:11:365 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD 19:56:11:365 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDK NS.DTD 19:56:11:365 472 fopen_ex: File opened ok 19:56:11:365 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKN

S.DTD 19:56:11:365 472 DetectCure: generic clean 19:56:11:365 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.D TD 19:56:11:365 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDK NS.DTD 19:56:11:365 472 fopen_ex: File opened ok 19:56:11:365 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:365 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:365 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:365 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:365 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:365 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:365 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKN S.DTD 19:56:11:365 472 DetectCure: md5 clean 19:56:11:365 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explor er 19:56:11:365 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.bak 19:56:11:365 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndl og.bak 19:56:11:381 472 fopen_ex: File opened ok 19:56:11:381 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlo g.bak 19:56:11:381 472 DetectCure: generic clean 19:56:11:381 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.b ak 19:56:11:381 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndl og.bak 19:56:11:381 472 fopen_ex: File opened ok 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 0, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 1, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:381 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlo g.bak 19:56:11:381 472 DetectCure: md5 clean 19:56:11:381 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.txt 19:56:11:381 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndl og.txt 19:56:11:381 472 fopen_ex: File opened ok 19:56:11:381 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlo g.txt

19:56:11:381 472 DetectCure: generic clean 19:56:11:381 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlog.t xt 19:56:11:381 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndl og.txt 19:56:11:381 472 fopen_ex: File opened ok 19:56:11:381 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:381 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:381 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:381 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\brndlo g.txt 19:56:11:381 472 DetectCure: md5 clean 19:56:11:381 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Local Settings\desktop.ini 19:56:11:381 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\desktop.ini 19:56:11:396 472 fopen_ex: File opened ok 19:56:11:396 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\desktop.ini 19:56:11:396 472 DetectCure: generic clean 19:56:11:396 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Local Settings\desktop.ini 19:56:11:396 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Local Settings\desktop.ini 19:56:11:396 472 fopen_ex: File opened ok 19:56:11:396 472 KidoMd5Detect: MaskSize > FileSize on mask 0, continue 19:56:11:396 472 KidoMd5Detect: MaskSize > FileSize on mask 1, continue 19:56:11:396 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:396 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:396 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:396 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:396 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Local Settings\desktop.ini 19:56:11:396 472 DetectCure: md5 clean 19:56:11:396 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Templates 19:56:11:396 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\wordpfct.wpd 19:56:11:396 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\wordpfct.wpd 19:56:11:443 472 fopen_ex: File opened ok 19:56:11:443 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\wordpfct.wpd 19:56:11:443 472 DetectCure: generic clean 19:56:11:443 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\wordpfct.wpd 19:56:11:443 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\wordpfct.wpd 19:56:11:443 472 fopen_ex: File opened ok 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 0, continue 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 1, continue 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue

19:56:11:443 472 KidoMd5Detect: MaskSize 19:56:11:443 472 KidoMd5Detect: MaskSize 19:56:11:443 472 KidoMd5Detect: MaskSize 19:56:11:443 472 fclose_ex: Try to close systemprofile\Templates\wordpfct.wpd 19:56:11:443 472 DetectCure: md5 clean

> FileSize on mask 30, continue > FileSize on mask 31, continue > FileSize on mask 32, continue file C:\WINDOWS\system32\config\

19:56:11:443 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\wordpfct.wpg 19:56:11:443 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\wordpfct.wpg 19:56:11:443 472 fopen_ex: File opened ok 19:56:11:443 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\wordpfct.wpg 19:56:11:443 472 DetectCure: generic clean 19:56:11:443 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\wordpfct.wpg 19:56:11:443 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\wordpfct.wpg 19:56:11:443 472 fopen_ex: File opened ok 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 0, continue 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 1, continue 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:443 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:443 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\wordpfct.wpg 19:56:11:443 472 DetectCure: md5 clean 19:56:11:443 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\presenta.shw 19:56:11:443 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\presenta.shw 19:56:11:459 472 fopen_ex: File opened ok 19:56:11:459 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\presenta.shw 19:56:11:459 472 DetectCure: generic clean 19:56:11:459 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\presenta.shw 19:56:11:459 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\presenta.shw 19:56:11:459 472 fopen_ex: File opened ok 19:56:11:459 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:459 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:459 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:459 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:459 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:459 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:459 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\presenta.shw 19:56:11:459 472 DetectCure: md5 clean 19:56:11:459 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\powerpnt.ppt 19:56:11:459 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\powerpnt.ppt 19:56:11:459 472 fopen_ex: File opened ok 19:56:11:459 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\powerpnt.ppt

19:56:11:459 472 DetectCure: generic clean 19:56:11:459 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\powerpnt.ppt 19:56:11:459 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\powerpnt.ppt 19:56:11:459 472 fopen_ex: File opened ok 19:56:11:459 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:459 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:475 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:475 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\powerpnt.ppt 19:56:11:475 472 DetectCure: md5 clean 19:56:11:475 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\quattro.wb2 19:56:11:475 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\quattro.wb2 19:56:11:475 472 fopen_ex: File opened ok 19:56:11:475 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\quattro.wb2 19:56:11:475 472 DetectCure: generic clean 19:56:11:475 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\quattro.wb2 19:56:11:475 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\quattro.wb2 19:56:11:475 472 fopen_ex: File opened ok 19:56:11:475 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:475 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:475 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:475 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\quattro.wb2 19:56:11:475 472 DetectCure: md5 clean 19:56:11:475 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\sndrec.wav 19:56:11:475 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\sndrec.wav 19:56:11:490 472 fopen_ex: File opened ok 19:56:11:490 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\sndrec.wav 19:56:11:490 472 DetectCure: generic clean 19:56:11:490 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\sndrec.wav 19:56:11:490 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\sndrec.wav 19:56:11:490 472 fopen_ex: File opened ok 19:56:11:490 472 KidoMd5Detect: MaskSize > FileSize on mask 0, continue 19:56:11:490 472 KidoMd5Detect: MaskSize > FileSize on mask 1, continue 19:56:11:490 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:490 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:490 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:490 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:490 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\sndrec.wav 19:56:11:490 472 DetectCure: md5 clean 19:56:11:490 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\winword.doc 19:56:11:490 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\winword.doc

19:56:11:490 472 fopen_ex: File opened ok 19:56:11:490 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\winword.doc 19:56:11:490 472 DetectCure: generic clean 19:56:11:490 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\winword.doc 19:56:11:490 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\winword.doc 19:56:11:490 472 fopen_ex: File opened ok 19:56:11:490 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:490 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:490 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:490 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\winword.doc 19:56:11:490 472 DetectCure: md5 clean 19:56:11:490 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\winword2.doc 19:56:11:490 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\winword2.doc 19:56:11:506 472 fopen_ex: File opened ok 19:56:11:506 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\winword2.doc 19:56:11:506 472 DetectCure: generic clean 19:56:11:506 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\winword2.doc 19:56:11:506 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\winword2.doc 19:56:11:506 472 fopen_ex: File opened ok 19:56:11:506 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:506 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:506 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:506 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\winword2.doc 19:56:11:506 472 DetectCure: md5 clean 19:56:11:506 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\amipro.sam 19:56:11:506 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\amipro.sam 19:56:11:506 472 fopen_ex: File opened ok 19:56:11:506 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\amipro.sam 19:56:11:506 472 DetectCure: generic clean 19:56:11:506 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\amipro.sam 19:56:11:506 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\amipro.sam 19:56:11:506 472 fopen_ex: File opened ok 19:56:11:506 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:506 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:506 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:506 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\amipro.sam 19:56:11:506 472 DetectCure: md5 clean 19:56:11:506 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\excel.xls 19:56:11:506 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\excel.xls

19:56:11:521 472 fopen_ex: File opened ok 19:56:11:521 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\excel.xls 19:56:11:521 472 DetectCure: generic clean 19:56:11:521 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\excel.xls 19:56:11:521 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\excel.xls 19:56:11:521 472 fopen_ex: File opened ok 19:56:11:521 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:521 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:521 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:521 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\excel.xls 19:56:11:521 472 DetectCure: md5 clean 19:56:11:521 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\excel4.xls 19:56:11:521 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\excel4.xls 19:56:11:521 472 fopen_ex: File opened ok 19:56:11:521 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\excel4.xls 19:56:11:521 472 DetectCure: generic clean 19:56:11:521 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\excel4.xls 19:56:11:521 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\excel4.xls 19:56:11:521 472 fopen_ex: File opened ok 19:56:11:521 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:521 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:521 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:521 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\excel4.xls 19:56:11:521 472 DetectCure: md5 clean 19:56:11:521 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Templates\lotus.wk4 19:56:11:521 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\lotus.wk4 19:56:11:537 472 fopen_ex: File opened ok 19:56:11:537 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\lotus.wk4 19:56:11:537 472 DetectCure: generic clean 19:56:11:537 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Templates\lotus.wk4 19:56:11:537 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Templates\lotus.wk4 19:56:11:537 472 fopen_ex: File opened ok 19:56:11:537 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:537 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:537 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:537 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Templates\lotus.wk4 19:56:11:537 472 DetectCure: md5 clean 19:56:11:537 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Start Menu 19:56:11:537 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Start Menu\Programs

19:56:11:537 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Start Menu\Programs\Accessories 19:56:11:537 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Start Menu\Programs\Accessories\Accessibility 19:56:11:537 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 19:56:11:537 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 19:56:11:537 472 fopen_ex: File opened ok 19:56:11:537 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 19:56:11:537 472 DetectCure: generic clean 19:56:11:537 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 19:56:11:537 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 19:56:11:537 472 fopen_ex: File opened ok 19:56:11:537 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:537 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:537 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:537 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk 19:56:11:537 472 DetectCure: md5 clean 19:56:11:537 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 19:56:11:537 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 19:56:11:553 472 fopen_ex: File opened ok 19:56:11:553 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 19:56:11:553 472 DetectCure: generic clean 19:56:11:553 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 19:56:11:553 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 19:56:11:553 472 fopen_ex: File opened ok 19:56:11:553 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:553 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:553 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:553 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk 19:56:11:553 472 DetectCure: md5 clean 19:56:11:553 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 19:56:11:553 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 19:56:11:553 472 fopen_ex: File opened ok 19:56:11:553 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 19:56:11:553 472 DetectCure: generic clean 19:56:11:553 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 19:56:11:553 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 19:56:11:553 472 fopen_ex: File opened ok 19:56:11:553 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:553 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:553 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue

19:56:11:553 472 KidoMd5Detect: MaskSize > FileSize on mask 30, continue 19:56:11:553 472 KidoMd5Detect: MaskSize > FileSize on mask 31, continue 19:56:11:553 472 KidoMd5Detect: MaskSize > FileSize on mask 32, continue 19:56:11:553 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini 19:56:11:553 472 DetectCure: md5 clean 19:56:11:553 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 19:56:11:553 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard. lnk 19:56:11:568 472 fopen_ex: File opened ok 19:56:11:568 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.l nk 19:56:11:568 472 DetectCure: generic clean 19:56:11:568 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk 19:56:11:568 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard. lnk 19:56:11:568 472 fopen_ex: File opened ok 19:56:11:568 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:568 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:568 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:568 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.l nk 19:56:11:568 472 DetectCure: md5 clean 19:56:11:568 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 19:56:11:568 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 19:56:11:568 472 fopen_ex: File opened ok 19:56:11:568 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 19:56:11:568 472 DetectCure: generic clean 19:56:11:568 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 19:56:11:568 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 19:56:11:568 472 fopen_ex: File opened ok 19:56:11:568 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:568 472 KidoMd5Detect: Null pHash on mask 1 19:56:11:568 472 KidoMd5Detect: MaskSize > FileSize on mask 29, continue 19:56:11:568 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\ systemprofile\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk 19:56:11:568 472 DetectCure: md5 clean 19:56:11:568 472 ProcessEnumEx: Starting enum on path: C:\WINDOWS\system3 2\config\systemprofile\Start Menu\Programs\Accessories\Entertainment 19:56:11:568 472 DetectCure: Scan file: C:\WINDOWS\system32\config\system profile\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk 19:56:11:568 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Playe r.lnk 19:56:11:584 472 fopen_ex: File opened ok 19:56:11:584 472 fclose_ex: Try to close file C:\WINDOWS\system32\config\

systemprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Player .lnk 19:56:11:584 472 DetectCure: generic clean 19:56:11:584 472 KidoMd5Detect: Scan file: C:\WINDOWS\system32\config\sys temprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.ln k 19:56:11:584 472 fopen_ex: Trying to open file C:\WINDOWS\system32\config \systemprofile\Start Menu\Programs\Accessories\Entertainment\Windows Media Playe r.lnk 19:56:11:584 472 fopen_ex: File opened ok 19:56:11:584 472 KidoMd5Detect: Null pHash on mask 0 19:56:11:584 472 KidoMd5Det


My Kind of Future - suse.com. My … · In-place upgrades (we destroy and re-deploy) Host OS Hypervisor Guest OS Guest OS Guest OS ... Container Runtime Build and Deliver Cloud Native

MONARCH NECTAR AND HOST PLANT CULTURAL GUIDE...MONARCH NECTAR AND HOST PLANT CULTURAL GUIDE BLOOM SUN, MEDIUM-DRY SITES SUN, MEDIUM-WET SITES HOST PLANTS BOTANICAL NAME COMMON NAME

BRAND MODEL NAME MANUFACTURER MODEL NAME OS REQUIRED · Terraillon Wellness Coach Supported Devices BRAND MODEL NAME MANUFACTURER MODEL NAME OS REQUIRED HTC HTC Desire 626s htc_a32eul

English-1 Start Guide.pdf · Available domain name servers (DDNS_3322, DYNDNS, NO_IP, CHANGEIP, DNSEXIT) Host name: Dynamic domain name of the host obtained from dynamic domain name

IsolationIsolation Isolation via Virtual Machines Dan Boneh Virtual Machines Virtual Machine Monitor (VMM) Guest OS 2 Apps Guest OS 1 Apps Hardware Host OS VM2 VM1 Example: NSA NetTop

 · Web viewHost Child(ren) Name, Host Mother’s Name, Host Father’s Name Name of Host Country, Host Season (Summer/Winter), Host Year Please return by email ONLY utilizing a word

The State of Linux Containers...SERVICE Userland (OS) KERNEL KERNEL Userland (OS) Userland (OS) Userland (OS) SERVICE SERVICE SERVER HOST KERNEL SERVICE SERVICE SERVICE Traditional

Chapterwebsites.delta.edu/donaldsouthwell/cst126/cst126... · traceroutedomain -name of server whois - Lookup a domain name in the internic whois database. host - Give a host name

QUALITY ASSURANCE - Northeastern University · ... [IEEE 610.12 IEEE Standard Glossary of Software Engineering Terminology]. ... The First "Computer Bug". ... Hardware Host OS OS

Name Resolution in Windows Server 2008 (R2). Name Resolution Overview NetBIOS name resolution Host name resolution Peer Name Resolution

PBO1757BE VMware Cloud Foundation Based Hybrid … · os-lnx-centos …-7-x64 os-win-2012 ... Server vRA Proxy ESXi Host ESXi Host ESXi Host ESXi Host Public Cloud Instance x

Module 4: Resolving Host Names by Using Domain Name System

EMC SRDF Host Component for z/OS - Dell · EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 EMC® SRDF® Host Component for z/OS Version 7.0 Product

Zeroshell: VPN Host-to-Lan - Libero Community · 2007-07-21 · Zeroshell: VPN Host-to-Lan The multifunctional OS created by [email protected] Securing the connection

Docker & Security - ERNW€¦ · Challenges ¬ CI/CD ¬ ... ¬ Security of the docker host OS + container OS 08.03.2016 #45. Traditional Approach

Trauma Healing Awareness Session [place, presenter name] [date/host]

IBM® TS7700 Series z/OS Host Command Line Request User's ... · This white paper describes a facility of the TS7700 that supports a new z/OS Library Request host console command

Trace Collection Guidelines...Wireshark will depend on adapter and host OS: *nix OS will use the libpcap library, included Windows OS will us winpcap, which will install during Wireshark

Host Configuration Guide - IBM€¦ · IBM Developer for z/OS Version 14.2 Host Configuration Guide IBM SC27-8577-06

VPN Tracker for Mac OS X - equinux Websitedownload.equinux.com/HowTo_CheckPoint_Rev_1.1.pdf · VPN Tracker for Mac OS X How-to: ... 192.168.1.0/24 192.168.1.10 ... „Host to Network“

Virtualizing Network I/O on End-Host OS

Intel® Scalable System Framework Reference Design · 4. Select “NETWORK & HOST NAME”. Enter “frontend.localdomain” as the host name. Select “Ethernet (enp3s0f0)” and

Oracle on z/OS and Linux on System z Tuning experiences · 2013-01-23 · STATSPACK report for DB Name DB Id Instance Inst Num Release Cluster Host RECONPRD 1403107896 RECONPRD 1

Host Legend - VMware Blogs - VMware Blogs€¦ · Host Legend: vSphere Distributed Switch APP OS APP OS. Title: VMW-vCloud-Networking-REVISED9-11 Created Date: 9/13/2012 11:35:00

SRDF Host Component for z/OS Product Guide

AMBASSADOR AND HOST MATCHING FORMS€¦  · Web viewAmbassador(s) Information Host(s) Information Name Special Needs (diet, smoker/ non-smoker, physical limitations, allergies) Name

SRDF Host Component for z/OS Product Guide...8 SRDF Host Component for z/OS 8.3 Product Guide Contents EMCSRDFR program 519 EMCSRDFR function input variables 519 EMCSRDFR function

Host and Domain Name Resolution

Name of institution Host department Course status · Partner institution(s) Name of institution Host department Course status 1. SELECT Admissions Admissions agency UCAS Entry requirements

IBM z/OS Communications Server IPv6 Support€¦ · IBM z/OS Communications Server IPv6 Support ... Addresses identifying an IPv6 host: ... Addresses identifying an IPv4 host:

Host Name Resolution. Overview Name resolution Name resolution Addressing a host Addressing a host Host names Host names Host name resolution Host name

IPv6 host-os-details-v2

C W P OS X L (10.5) - beefchunk.combeefchunk.com/.../080818-securing-mac-os-x-leopard.pdf · 1. New Security Features in OS X Leopard Whilst Leopard introduces a host of new features,

A down-to-earth look at the cloud host OS Malte SchwarzkopfSteven Hand

Full Name: Calvin Ma Yuk Hong Curriculum: LLB(BBA) Host