Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I can't upload files, and download speed is too slow [RESOLVED]

Started by dimitris , Feb 18 2008 06:59 AM

This topic is locked

#1
dimitris

Posted 18 February 2008 - 06:59 AM

Member

Member
31 posts

Computer runs slow too. I ve run AVG Anti-Spyware, SUPERAntiSpyware, PandaActivescan, and I have Avast antivirus. Nothing wrong was found. I restarted and run Hijackthis and I also got the unistall list. Could you please check my logs?
Thank you in advance

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:52 2008-02-18

+ Scan result:

Nothing found.

::Report end

SUPERAntiSpyware Scan Log
Generated 02/18/2008 at 01:07 PM

Application Version : 3.6.1000

Core Rules Database Version : 3401
Trace Rules Database Version: 1393

Scan type : Complete Scan
Total Scan Time : 01:51:07

Memory items scanned : 317
Memory threats detected : 0
Registry items scanned : 4898
Registry threats detected : 0
File items scanned : 22889
File threats detected : 0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:38, on 2008-02-18
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\internat.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://topsearch4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.economist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://topsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.20.20:3128;https=192.168.20.20:3128;ftp=192.168.20.20:3128;socks=19
2.168.20.20:777
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...es/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82E69FF6-289D-4CC8-9A76-B79AD2DCCC3C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6001DD4-2C72-47A6-B4FC-A89E5DB4E03B}: NameServer = 194.219.227.2,193.92.110.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Υπηρεσία διαχείρισης λογικών δίσκων (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Print Spooler Service (uda3yloeo) - Unknown owner - C:\WINDOWS\system32\j.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6811 bytes

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player
avast! Antivirus
AVG Anti-Spyware 7.5
CleanUp!
DivX Content Uploader
DivX Web Player
FileMaker Pro 5.0
HijackThis 2.0.2
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 3
Logitech QuickCam Software
Logitech® Camera Driver
Microsoft Office 2000 Premium
Microsoft Windows Critical Update Notification
mIRC
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NetMod Configuration Manager
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Panda ActiveScan
SonicStage 3.4
Spy Sweeper
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
UDisk 1.40
UFDisk Format Tool Uninstaller
USB Storage Driver
VideoLAN VLC media player 0.8.6c
Windows Installer 3.1 (KB893803)
Windows Media Player system update (9 Series)
WinZip
Xircom CardBus Modem 56WG
Άμεση επιδιόρθωση για Windows 2000 - KB842773
Άμεση επιδιόρθωση για Windows 2000 - KB890046
Άμεση επιδιόρθωση για Windows 2000 - KB893756
Άμεση επιδιόρθωση για Windows 2000 - KB896358
Άμεση επιδιόρθωση για Windows 2000 - KB896422
Άμεση επιδιόρθωση για Windows 2000 - KB896423
Άμεση επιδιόρθωση για Windows 2000 - KB896424
Άμεση επιδιόρθωση για Windows 2000 - KB899587
Άμεση επιδιόρθωση για Windows 2000 - KB899589
Άμεση επιδιόρθωση για Windows 2000 - KB900725
Άμεση επιδιόρθωση για Windows 2000 - KB901017
Άμεση επιδιόρθωση για Windows 2000 - KB901214
Άμεση επιδιόρθωση για Windows 2000 - KB905414
Άμεση επιδιόρθωση για Windows 2000 - KB905495
Άμεση επιδιόρθωση για Windows 2000 - KB905749
Άμεση επιδιόρθωση για Windows 2000 - KB908519
Άμεση επιδιόρθωση για Windows 2000 - KB908523
Άμεση επιδιόρθωση για Windows 2000 - KB908531
Άμεση επιδιόρθωση για Windows 2000 - KB911280
Άμεση επιδιόρθωση για Windows 2000 - KB911567
Άμεση επιδιόρθωση για Windows 2000 - KB912919
Άμεση επιδιόρθωση για Windows 2000 - KB913580
Άμεση επιδιόρθωση για Windows 2000 - KB914388
Άμεση επιδιόρθωση για Windows 2000 - KB914389
Άμεση επιδιόρθωση για Windows 2000 - KB916281
Άμεση επιδιόρθωση για Windows 2000 - KB917008
Άμεση επιδιόρθωση για Windows 2000 - KB917159
Άμεση επιδιόρθωση για Windows 2000 - KB917422
Άμεση επιδιόρθωση για Windows 2000 - KB917537
Άμεση επιδιόρθωση για Windows 2000 - KB917736
Άμεση επιδιόρθωση για Windows 2000 - KB917953
Άμεση επιδιόρθωση για Windows 2000 - KB918118
Άμεση επιδιόρθωση για Windows 2000 - KB918899
Άμεση επιδιόρθωση για Windows 2000 - KB920213
Άμεση επιδιόρθωση για Windows 2000 - KB920670
Άμεση επιδιόρθωση για Windows 2000 - KB920683
Άμεση επιδιόρθωση για Windows 2000 - KB920685
Άμεση επιδιόρθωση για Windows 2000 - KB920958
Άμεση επιδιόρθωση για Windows 2000 - KB921398
Άμεση επιδιόρθωση για Windows 2000 - KB921503
Άμεση επιδιόρθωση για Windows 2000 - KB921883
Άμεση επιδιόρθωση για Windows 2000 - KB922582
Άμεση επιδιόρθωση για Windows 2000 - KB922616
Άμεση επιδιόρθωση για Windows 2000 - KB922760
Άμεση επιδιόρθωση για Windows 2000 - KB923191
Άμεση επιδιόρθωση για Windows 2000 - KB923414
Άμεση επιδιόρθωση για Windows 2000 - KB923694
Άμεση επιδιόρθωση για Windows 2000 - KB923810
Άμεση επιδιόρθωση για Windows 2000 - KB923980
Άμεση επιδιόρθωση για Windows 2000 - KB924191
Άμεση επιδιόρθωση για Windows 2000 - KB924270
Άμεση επιδιόρθωση για Windows 2000 - KB924667
Άμεση επιδιόρθωση για Windows 2000 - KB925454
Άμεση επιδιόρθωση για Windows 2000 - KB925486
Άμεση επιδιόρθωση για Windows 2000 - KB925902
Άμεση επιδιόρθωση για Windows 2000 - KB926122
Άμεση επιδιόρθωση για Windows 2000 - KB926436
Άμεση επιδιόρθωση για Windows 2000 - KB927891
Άμεση επιδιόρθωση για Windows 2000 - KB928090
Άμεση επιδιόρθωση για Windows 2000 - KB928843
Άμεση επιδιόρθωση για Windows 2000 - KB929969
Άμεση επιδιόρθωση για Windows 2000 - KB930178
Άμεση επιδιόρθωση για Windows 2000 - KB931768
Άμεση επιδιόρθωση για Windows 2000 - KB931784
Άμεση επιδιόρθωση για Windows 2000 - KB932168
Άμεση επιδιόρθωση για Windows 2000 - KB933566
Άμεση επιδιόρθωση για Windows 2000 - KB933729
Άμεση επιδιόρθωση για Windows 2000 - KB935839
Άμεση επιδιόρθωση για Windows 2000 - KB935840
Άμεση επιδιόρθωση για Windows 2000 - KB936021
Άμεση επιδιόρθωση για Windows 2000 - KB937143
Άμεση επιδιόρθωση για Windows 2000 - KB937894
Άμεση επιδιόρθωση για Windows 2000 - KB938127
Άμεση επιδιόρθωση για Windows 2000 - KB938827
Άμεση επιδιόρθωση για Windows 2000 - KB938829
Άμεση επιδιόρθωση για Windows 2000 - KB939653
Άμεση επιδιόρθωση για Windows 2000 - KB941202
Άμεση επιδιόρθωση για Windows 2000 - KB941644
Άμεση επιδιόρθωση για Windows 2000 - KB942615
Άμεση επιδιόρθωση για Windows 2000 - KB943055
Άμεση επιδιόρθωση για Windows 2000 - KB943485
Άμεση επιδιόρθωση για Windows 2000 - KB944533
Ενημερωμένη έκδοση ασφαλείας for DirectX 9 (KB941568)
Ενημερωμένη έκδοση ασφαλείας για Windows 2000 (KB923689)
Ενημερωμένη έκδοση ασφαλείας για Windows 2000 (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB911564)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 6.4 (KB925398)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 9 (KB936782)
Επείγουσα επιδιόρθωση για το Windows Media Player [Ανατρέξτε στο Q828026 για περισσότερες πληροφορίες]
Συνάθροιση ενημερώσεων 1 για το Windows 2000 SP4

#2
Rorschach112

Posted 26 February 2008 - 07:01 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
dimitris

Posted 27 February 2008 - 03:37 PM

Member

Topic Starter
Member
31 posts

Hello I m Dimitris, and thank you very much!

Here are the reports:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 27, 2008 11:21:03 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/02/2008
Kaspersky Anti-Virus database records: 584058
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 24830
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 01:34:29

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\dimitris\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\dimitris\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\dimitris\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\dimitris\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\debug\ipsecpa.log Object is locked skipped
C:\WINDOWS\debug\oakley.log Object is locked skipped
C:\WINDOWS\debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\WINDOWS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM.ALT Object is locked skipped
C:\WINDOWS\SYSTEM32\Perflib_Perfdata_230.dat Object is locked skipped
C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Deckard's System Scanner v20071014.68
Run by dimitris on 2008-02-27 23:24:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as dimitris.exe) --------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-27 23:27:19
Platform: Windows 2000 Service Pack 4 (5.00.2195)
MSIE: Internet Explorer (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\csrss.exe
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\SYSTEM32\regsvc.exe
C:\WINDOWS\SYSTEM32\wbem\winmgmt.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sony\SonicStage\SSAAD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SYSTEM32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SYSTEM32\internat.exe
C:\Documents and Settings\dimitris\Επιφάνεια εργασίας\dss.exe
C:\Program Files\Trend Micro\HijackThis\dimitris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://topsearch4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.economist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://topsearch4u.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=192.168.20.20:3128;https=192.168.20.20:3128;ftp=192.168.20.20:3128;socks=19
2.168.20.20:777
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] "C:\Program Files\Logitech\Video\CameraAssistant.exe"
O4 - HKLM\..\Run: [LogitechVideo[inspector]] "C:\Program Files\Logitech\Video\InstallHelper.exe" /inspect
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} () - http://download.micr...42/wmsp9dmo.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} () - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} () - http://download.micr...78f/wvc1dmo.cab
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} () - http://download.micr...C4D/mp43dmo.CAB
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://codecs.micros...386/wmv9dmo.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} () - http://download.micr...01F/wmvadvd.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.liv...es/MSNPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us...nfo/webscan.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan....bs/nanoinst.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () - http://v4.windowsupd...8447.4213078704
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} (Office Update Installation Engine) - http://office.micros...ntent/opuc4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ent/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{82E69FF6-289D-4CC8-9A76-B79AD2DCCC3C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D6001DD4-2C72-47A6-B4FC-A89E5DB4E03B}: NameServer = 194.219.227.2,193.92.110.1
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Υπηρεσία διαχείρισης λογικών δίσκων (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\SYSTEM32\dmadmin.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Print Spooler Service (uda3yloeo) - Unknown owner - C:\WINDOWS\system32\j.exe /service

--
End of file - 10170 bytes

-- Files created between 2008-01-27 and 2008-02-27 -----------------------------

2008-02-27 17:53:05 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_230.dat
2008-02-26 01:04:18 0 d-------- C:\Documents and Settings\dimitris\Application Data\Thunderbird
2008-02-26 01:03:47 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-02-25 23:50:51 0 d-------- C:\Documents and Settings\dimitris\Application Data\OfficeUpdate12
2008-02-25 23:47:43 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_344.dat
2008-02-23 01:08:16 0 d-------- C:\Program Files\Panda Security
2008-02-19 19:47:05 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_234.dat
2008-02-19 15:31:33 0 d-------- C:\Documents and Settings\dimitris\Application Data\Talkback
2008-02-19 13:47:16 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_228.dat
2008-02-18 20:30:12 0 d-------- C:\WINDOWS\BDOSCAN8
2008-02-18 14:21:10 917436 ---h----- C:\WINDOWS\ShellIconCache
2008-02-18 10:59:49 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_224.dat
2008-02-17 21:27:19 0 d-------- C:\ComboFix[1]
2008-02-17 19:48:32 164 --a------ C:\install.dat
2008-02-16 16:26:36 0 d-------- C:\Documents and Settings\dimitris\.housecall6.6
2008-02-16 14:18:44 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-02-04 19:56:07 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-04 19:56:07 0 d-------- C:\Documents and Settings\dimitris\Application Data\SUPERAntiSpyware.com
2008-02-04 19:55:42 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-04 00:37:32 0 d-------- C:\Documents and Settings\dimitris\Application Data\Grisoft
2008-02-04 00:17:47 0 d-------- C:\Program Files\Trend Micro
2008-02-03 23:14:20 16384 --a-----t C:\WINDOWS\system32\Perflib_Perfdata_220.dat
2008-02-03 15:32:23 0 d-------- C:\Documents and Settings\dimitris\Application Data\mIRC
2008-02-03 15:32:22 0 d-------- C:\Program Files\mIRC
2008-02-03 13:51:03 5707 --a------ C:\WINDOWS\mozver.dat
2008-02-03 12:16:21 335 --a------ C:\WINDOWS\nsreg.dat
2008-02-03 12:16:08 0 d-------- C:\Documents and Settings\dimitris\Application Data\Mozilla
2008-02-02 01:45:07 0 d-------- C:\Program Files\Alwil Software

-- Find3M Report ---------------------------------------------------------------

2008-02-20 10:06:58 0 dra------ C:\Program Files\Common Files
2008-02-03 13:51:16 0 d-a------ C:\Documents and Settings\dimitris\Application Data\Adobe
2008-02-01 22:28:06 0 d-a------ C:\Program Files\SpywareBlaster
2008-02-01 22:15:46 0 d-------- C:\Program Files\QuickTime
2008-01-31 21:38:51 0 d-a------ C:\Program Files\Common Files\Real
2008-01-31 21:37:33 0 d-a------ C:\Documents and Settings\dimitris\Application Data\Real
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-05 20:08:32 0 d-------- C:\Documents and Settings\dimitris\Application Data\LimeWire
2007-12-20 23:11:52 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe" [03-07-16 12:00 C:\WINDOWS\SYSTEM32\systray.exe]
"Synchronization Manager"="mobsync.exe" [03-07-16 12:00 C:\WINDOWS\SYSTEM32\mobsync.exe]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [06-01-07 01:36 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 00:11 ]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [05-12-09 15:32 ]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [06-01-05 07:58 ]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [06-01-05 08:15 ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [07-12-04 15:00 ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [07-06-11 11:25 ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [03-07-16 12:00 C:\WINDOWS\SYSTEM32\internat.exe]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"internat.exe"=internat.exe

C:\Documents and Settings\All Users\Start Menu\¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 14:05:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

-- End of Deckard's System Scanner: finished at 2008-02-27 23:31:45 ------------

I only got a main.txt from dss, an extra.txt never opened! I don't know why...

#4
Rorschach112

Posted 27 February 2008 - 04:22 PM

Ralphie

Retired Staff
47,710 posts

Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum.

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

#5
dimitris

Posted 27 February 2008 - 07:14 PM

Member

Topic Starter
Member
31 posts

here s the sdfix report:

SDFix: Version 1.148

Run by dimitris on Πεμ 2008-02-28 at 2:20

Microsoft Windows 2000 [Έκδοση 5.00.2195]
Running From: C:\SDFix

Checking Services :

Name:
uda3yloeo

Path:
C:\WINDOWS\system32\j.exe /service

uda3yloeo - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\ATIIPRXX.EXE - Deleted
C:\WINDOWS\system32\12F.tmp - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 02:37:10
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3"=str(7):"1\0"
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3 ?\x38c\3\x39c\3\xbd\3\x394\3\xb5\3\x38c\3"=str(7):"1\0"
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S?"=str(7):"1\0"
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Display\Fonts]
"\x9c\3\x389\3\x38a\3\x391\3\xad\3\x392\3 ?\xb3\3\x391\3\xb1\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x393\3\xb5\3\x389\3\x391\3\xad\3\x392\3 ?(?V?G?A? ?r?e?s?)?"="smalle.fon"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\\x2022\3\x390\3\x389\3\x393\3\x38a\3\x39c\3\x390\3\xb7\3\x393\3\xb7\3 ]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Counter List"=str(7):"\\x395\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\x3c2(_Total)\% \x3c7\x3c1\x3cc\x3bd\x3bf\x3c5 \x3b5\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\0\\x39c\x3bd\x3ae\x3bc\x3b7\\x3a3\x3b5\x3bb\x3af\x3b4\x3b5\x3c2/\x3b4\x3b5\x3c5\x3c4\x3b5\x3c1\x3cc\x3bb\x3b5\x3c0\x3c4\x3bf\0\\x3a6\x3c5\x3c3\x3b9\x3ba\x3cc\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c2(_Total)\\x39c\x3ad\x3c3\x3bf\x3c2 \x3cc\x3c1\x3bf\x3c2 \x3bc\x3ae\x3ba\x3bf\x3c5\x3c2 \x3bf\x3c5\x3c1\x3ac\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c5\0"
"Sample Interval"=hex:02,00,04,00,03,00,00,00,0f,00,00,00,01,00,00,00
"Comment"="\x391\x3c5\x3c4\x3cc \x3c4\x3bf \x3b4\x3b5\x3af\x3b3\x3bc\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3bf\x3c5 \x3ba\x3b1\x3c4\x3b1\x3b3\x3c1\x3b1\x3c6\x3ae\x3c2 \x3c0\x3b1\x3c1\x3ad\x3c7\x3b5\x3b9 \x3bc\x3b9\x3b1 \x3b5\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7 \x3c4\x3c9\x3bd \x3b5\x3c0\x3b9\x3b4\x3cc\x3c3\x3b5\x3c9\x3bd \x3c4\x3bf\x3c5 \x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2."
"Log File Max Size"=dword:ffffffff
"Log File Base Name"="\x395\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7_\x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2"
"Log File Serial Number"=dword:00000001
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"EOF Command File"=""
"Start"=hex:01,00,01,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f
"Stop"=hex:01,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00
"Restart"=hex:00,00,00,00
"Last Modified"=hex:01,00,05,00,00,00,00,00,40,51,e2,f5,5b,1c,c7,01
"ExecuteOnly"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3"=str(7):"1\0"
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3 ?\x38c\3\x39c\3\xbd\3\x394\3\xb5\3\x38c\3"=str(7):"1\0"
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S?"=str(7):"1\0"
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\Display\Fonts]
"\x9c\3\x389\3\x38a\3\x391\3\xad\3\x392\3 ?\xb3\3\x391\3\xb1\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x393\3\xb5\3\x389\3\x391\3\xad\3\x392\3 ?(?V?G?A? ?r?e?s?)?"="smalle.fon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\\x2022\3\x390\3\x389\3\x393\3\x38a\3\x39c\3\x390\3\xb7\3\x393\3\xb7\3 ]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Counter List"=str(7):"\\x395\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\x3c2(_Total)\% \x3c7\x3c1\x3cc\x3bd\x3bf\x3c5 \x3b5\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\0\\x39c\x3bd\x3ae\x3bc\x3b7\\x3a3\x3b5\x3bb\x3af\x3b4\x3b5\x3c2/\x3b4\x3b5\x3c5\x3c4\x3b5\x3c1\x3cc\x3bb\x3b5\x3c0\x3c4\x3bf\0\\x3a6\x3c5\x3c3\x3b9\x3ba\x3cc\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c2(_Total)\\x39c\x3ad\x3c3\x3bf\x3c2 \x3cc\x3c1\x3bf\x3c2 \x3bc\x3ae\x3ba\x3bf\x3c5\x3c2 \x3bf\x3c5\x3c1\x3ac\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c5\0"
"Sample Interval"=hex:02,00,04,00,03,00,00,00,0f,00,00,00,01,00,00,00
"Comment"="\x391\x3c5\x3c4\x3cc \x3c4\x3bf \x3b4\x3b5\x3af\x3b3\x3bc\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3bf\x3c5 \x3ba\x3b1\x3c4\x3b1\x3b3\x3c1\x3b1\x3c6\x3ae\x3c2 \x3c0\x3b1\x3c1\x3ad\x3c7\x3b5\x3b9 \x3bc\x3b9\x3b1 \x3b5\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7 \x3c4\x3c9\x3bd \x3b5\x3c0\x3b9\x3b4\x3cc\x3c3\x3b5\x3c9\x3bd \x3c4\x3bf\x3c5 \x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2."
"Log File Max Size"=dword:ffffffff
"Log File Base Name"="\x395\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7_\x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2"
"Log File Serial Number"=dword:00000001
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"EOF Command File"=""
"Start"=hex:01,00,01,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f
"Stop"=hex:01,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00
"Restart"=hex:00,00,00,00
"Last Modified"=hex:01,00,05,00,00,00,00,00,40,51,e2,f5,5b,1c,c7,01
"ExecuteOnly"=dword:00000001

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\xa0\3\x391\3\x38f\3\xb5\3\x390\3\x389\3\xbb\3\xb5\3\xb3\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"=",,,,,,,,,,,,,"
"\x9a\3\x389\3\xbd\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"="C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,"
"\x2020\3\x393\3\x390\3\x391\3\x38f\3 ?3?\x201d\3"="C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,"
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?1?"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,"
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?2?"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,"
"\x201d\3\xb5\3\x389\3\xbd\3\x39c\3\x393\3\xb1\3\x395\3\x391\3\x38f\3\x392\3"="C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,"
"\xa0\3\x391\3\x38f\3\xb7\3\xb3\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\x38f\3 ?\x38c\3\x38f\3\xbd\3\x394\3\xad\3\xbb\3\x38f\3"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"
"\xa3\3\x39d\3\xbd\3\x388\3\xb5\3\x393\3\xb7\3"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,"
"\x9c\3\xb5\3\xb3\3\xad\3\x388\3\x395\3\xbd\3\x393\3\xb7\3"="C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,"
"\xa0\3\xb1\3\x391\3\xb1\3\xbb\3\xbb\3\xb1\3\xb3\3\xad\3\x392\3"="C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,"
"\x9c\3\x390\3\x391\3\x38f\3\x39d\3\x394\3\xb6\3\x389\3\xbd\3\x38f\3 ?3?\x201d\3"="C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"\x2018\3\x391\3\xbd\3\xb7\3\x394\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"\x2018\3\x391\3\xbd\3\xb7\3\x394\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"\x2018\3\x391\3\xbd\3\xb7\3\x394\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\x2018\3\x391\3\x397\3\xb5\3\x2015\3\xb1\3 ]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"display"="\x3a0\x3c1\x3bf\x3c3\x3c9\x3c1\x3b9\x3bd\x3ac \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7\x3c2 \x3c4\x3c9\x3bd Windows 98"
"description"="\x38c\x3c4\x3b1\x3bd \x3b7 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7 \x3c4\x3c9\x3bd Windows \x3b4\x3b5\x3bd \x3bf\x3bb\x3bf\x3ba\x3bb\x3b7\x3c1\x3c9\x3b8\x3b5\x3af \x3bc\x3b5 \x3b5\x3c0\x3b9\x3c4\x3c5\x3c7\x3af\x3b1, \x3b5\x3af\x3bd\x3b1\x3b9 \x3c0\x3b9\x3b8\x3b1\x3bd\x3cc \x3bd\x3b1 \x3b1\x3c6\x3ae\x3c3\x3b5\x3b9 \x3ba\x3ac\x3c0\x3bf\x3b9\x3b1 \x3c0\x3c1\x3bf\x3c3\x3c9\x3c1\x3b9\x3bd\x3ac \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3c3\x3c4\x3bf \x3b4\x3af\x3c3\x3ba\x3bf \x3c3\x3b1\x3c2. \x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3bc\x3b5\x3c4\x3ac \x3c4\x3b7\x3bd \x3bf\x3bb\x3bf\x3ba\x3bb\x3ae\x3c1\x3c9\x3c3\x3b7 \x3c4\x3b7\x3c2 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7\x3c2 \x3b4\x3b5\x3bd \x3c7\x3c1\x3b5\x3b9\x3ac\x3b6\x3bf\x3bd\x3c4\x3b1\x3b9 \x3ba\x3b1\x3b9 \x3c0\x3c1\x3ad\x3c0\x3b5\x3b9 \x3bd\x3b1 \x3b4\x3b9\x3b1\x3b3\x3c1\x3b1\x3c6\x3bf\x3cd\x3bd."
"folder"=""
"flags"=dword:0000007e
"filelist"="WININST?.400"
"FailIfProcessRunning"="W98SETUP.BIN"
"StateFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\x201d\3\x389\3\xb1\3\xb3\3\x391\3\xb1\3\x396\3\xae\3 ]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"display"="\x3a3\x3c4\x3bf\x3b9\x3c7\x3b5\x3af\x3b1 \x3b1\x3c0\x3b5\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7\x3c2 \x3c4\x3c9\x3bd Windows 98"
"description"="\x38c\x3c4\x3b1\x3bd \x3b5\x3b3\x3ba\x3b1\x3c4\x3b1\x3c3\x3c4\x3ae\x3c3\x3b1\x3c4\x3b5 \x3c4\x3b1 Windows 98, \x3b7 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7 \x3b1\x3c0\x3bf\x3b8\x3ae\x3ba\x3b5\x3c5\x3c3\x3b5 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3bc\x3b5 \x3c0\x3bb\x3b7\x3c1\x3bf\x3c6\x3bf\x3c1\x3af\x3b5\x3c2 \x3b3\x3b9\x3b1 \x3c4\x3b7\x3bd \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3b7 \x3ad\x3ba\x3b4\x3bf\x3c3\x3b7 \x3c4\x3c9\x3bd Windows. \x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3ba\x3b1\x3c4\x3b1\x3bb\x3b1\x3bc\x3b2\x3ac\x3bd\x3bf\x3c5\x3bd \x3bc\x3b5\x3b3\x3ac\x3bb\x3bf \x3c7\x3ce\x3c1\x3bf \x3c3\x3c4\x3bf \x3b4\x3af\x3c3\x3ba\x3bf. \x391\x3bd \x3b5\x3af\x3c3\x3c4\x3b5 \x3b2\x3ad\x3b2\x3b1\x3b9\x3bf\x3b9 \x3cc\x3c4\x3b9 \x3b4\x3b5\x3bd \x3b8\x3ad\x3bb\x3b5\x3c4\x3b5 \x3bd\x3b1 \x3b5\x3c0\x3b9\x3c3\x3c4\x3c1\x3ad\x3c8\x3b5\x3c4\x3b5 \x3c3\x3c4\x3b7\x3bd \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3b7 \x3ad\x3ba\x3b4\x3bf\x3c3\x3b7 \x3c4\x3c9\x3bd Windows, \x3c0\x3c1\x3ad\x3c0\x3b5\x3b9 \x3bd\x3b1 \x3c4\x3b1 \x3b4\x3b9\x3b1\x3b3\x3c1\x3ac\x3c8\x3b5\x3c4\x3b5."
"folder"=""
"flags"=dword:0000003e
"filelist"="WINUNDO.DAT|WINUNDO.INI|WINLFN.INI|W95UNDO.DAT|W95UNDO.INI|W98UNDO.DAT|W98U
NDO.INI"
"CleanupString"="rundll32.exe setupapi.dll,InstallHinfSection DiskCleanup.Uninstall 0 setupc.inf"
"StateFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\xa0\3\xb1\3\xbb\3\x389\3\xac\3 ]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"display"="\x3a0\x3b1\x3bb\x3b9\x3ac \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3c4\x3b7\x3c2 \x395\x3be\x3ad\x3c4\x3b1\x3c3\x3b7\x3c2 \x394\x3af\x3c3\x3ba\x3c9\x3bd"
"description"="\x38c\x3c4\x3b1\x3bd \x3b7 \x395\x3be\x3ad\x3c4\x3b1\x3c3\x3b7 \x394\x3af\x3c3\x3ba\x3c9\x3bd \x3b5\x3bb\x3ad\x3b3\x3c7\x3b5\x3b9 \x3c4\x3b7\x3bd \x3bc\x3bf\x3bd\x3ac\x3b4\x3b1 \x3b4\x3af\x3c3\x3ba\x3bf\x3c5 \x3b3\x3b9\x3b1 \x3c3\x3c6\x3ac\x3bb\x3bc\x3b1\x3c4\x3b1, \x3b5\x3af\x3bd\x3b1\x3b9 \x3c0\x3b9\x3b8\x3b1\x3bd\x3cc \x3bd\x3b1 \x3b1\x3c0\x3bf\x3b8\x3b7\x3ba\x3b5\x3cd\x3c3\x3b5\x3b9 \x3b1\x3c0\x3bf\x3ba\x3bf\x3bc\x3bc\x3ad\x3bd\x3b1 \x3c4\x3bc\x3ae\x3bc\x3b1\x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3c9\x3bd \x3c9\x3c2 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3c3\x3c4\x3bf \x3c1\x3b9\x3b6\x3b9\x3ba\x3cc \x3ba\x3b1\x3c4\x3ac\x3bb\x3bf\x3b3\x3bf \x3c4\x3b7\x3c2 \x3bc\x3bf\x3bd\x3ac\x3b4\x3b1\x3c2. \x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3b4\x3b5\x3bd \x3c7\x3c1\x3b5\x3b9\x3ac\x3b6\x3bf\x3bd\x3c4\x3b1\x3b9 \x3ba\x3b1\x3b9 \x3bc\x3c0\x3bf\x3c1\x3bf\x3cd\x3bd \x3bd\x3b1 \x3b4\x3b9\x3b1\x3b3\x3c1\x3b1\x3c6\x3bf\x3cd\x3bd."
"folder"=""
"flags"=dword:00000020
"filelist"="*.CHK"
"StateFlags0000"=dword:00000002
"StateFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Screen Savers\\x201d\3\xb5\3\x38a\3\xb1\3\xb5\3\x394\3\x2015\3\xb1\3 ]
"KindOfLens"="Spiral"
"SpiralSize"=hex:90,01,00,00
"SpiralSpeed"=hex:04,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Screen Savers\\x2022\3\x390\3\x389\3\x393\3\x394\3\xae\3\x38c\3\xb7\3]
"KindOfLens"="Dent"
"DentParameter"="0.75"
"DentSize"=hex:2c,01,00,00
"DentSpeed"=hex:03,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\DIMITRIS_Administrator\\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ]
"Logon"=dword:00000001
"Logoff"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\DIMITRIS_dimitris\\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ]
"Logon"=dword:00000001
"Logoff"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\DIMITRIS_phantom\\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ]
"Logon"=dword:00000001
"Logoff"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\xa6\3\xb1\3\x38e\3]
"ChangeID"=dword:244b9f5d
"Status"=dword:00000080
"Name"="\x3a6\x3b1\x3be"
"Share Name"=""
"Print Processor"="WinPrint"
"Datatype"="RAW"
"Parameters"=""
"ObjectGUID"=""
"DsKeyUpdate"=dword:00000003
"Description"=""
"Printer Driver"="Windows NT Fax Driver"
"Default DevMode"=hex:a6,03,b1,03,be,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"Priority"=dword:00000001
"Default Priority"=dword:00000000
"StartTime"=dword:00000000
"UntilTime"=dword:00000000
"Separator File"=""
"Location"=""
"Attributes"=dword:00000200
"txTimeout"=dword:0000afc8
"dnsTimeout"=dword:00003a98
"Security"=hex:01,00,04,80,e4,00,00,00,f4,00,00,00,00,00,00,00,14,00,00,00,02,..
"SpoolDirectory"=""
"Port"="MSFAX:"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\xa6\3\xb1\3\x38e\3\DsDriver]
"printBinNames"=str(7):"\x3a0\x3c1\x3bf\x3b5\x3c0\x3b9\x3bb\x3bf\x3b3\x3ae\0"
"printColor"=hex:00
"printMaxXExtent"=dword:00000045
"printMaxYExtent"=dword:00000000
"printMinXExtent"=dword:00000045
"printMinYExtent"=dword:00000000
"printMediaSupported"=str(7):"Letter\0Letter Small\0Legal\0Statement\0Executive\0A4\0A4 Small\0A5\0B5 (JIS)\0\x3a7\x3b1\x3c1\x3c4\x3bf\x3c6\x3cd\x3bb\x3b1\x3ba\x3b1\x3c2\0\x395\x3ba\x3c4\x3cd\x3c0\x3c9\x3c3\x3b7 \x3c4\x3ad\x3c4\x3b1\x3c1\x3c4\x3bf\x3c5 \x3c3\x3c7\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2\0\x3a3\x3b7\x3bc\x3b5\x3af\x3c9\x3c3\x3b7\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #9\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #10\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #11\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #12\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #14\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 DL\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 C5\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 C6\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 C65\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 B5\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 B6\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 Monarch\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 6 3/4\0\x3a3\x3c5\x3bd\x3b5\x3c7\x3ad\x3c2 \x3c7\x3b1\x3c1\x3c4\x3af Std \x393\x3b5\x3c1\x3bc\x3b1\x3bd\x3af\x3b1\x3c2\0\x3a3\x3c5\x3bd\x3b5\x3c7\x3ad\x3c2 \x3c7\x3b1\x3c1\x3c4\x3af Legal \x393\x3b5\x3c1\x3bc\x3b1\x3bd\x3af\x3b1\x3c2\0Postcard \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2\0Reserved48\0Reserved49\0Letter.Transverse\0A4.Transverse\0Letter Plus\0A4 plus\0A5.Transverse\0B5 (JIS) Transverse\0A5.Extra\0B5 (ISO) Extra\0\x394\x3b9\x3c0\x3bb\x3ae Postcard \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2\0A6\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2 Kaku #3\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2 Chou #3\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2 Chou #4\0A5 Rotated\0\x3a4\x3b1\x3c7.\x3ba\x3ac\x3c1\x3c4\x3b1 \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x

#6
dimitris

Posted 27 February 2008 - 07:18 PM

Member

Topic Starter
Member
31 posts

#7
dimitris

Posted 27 February 2008 - 07:19 PM

Member

Topic Starter
Member
31 posts

Hi again, here s the sdfix report:

SDFix: Version 1.148

Run by dimitris on Πεμ 2008-02-28 at 2:20

Microsoft Windows 2000 [Έκδοση 5.00.2195]
Running From: C:\SDFix

Checking Services :

Name:
uda3yloeo

Path:
C:\WINDOWS\system32\j.exe /service

uda3yloeo - Deleted

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\ATIIPRXX.EXE - Deleted
C:\WINDOWS\system32\12F.tmp - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 02:37:10
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3"=str(7):"1\0"
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3 ?\x38c\3\x39c\3\xbd\3\x394\3\xb5\3\x38c\3"=str(7):"1\0"
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S?"=str(7):"1\0"
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Display\Fonts]
"\x9c\3\x389\3\x38a\3\x391\3\xad\3\x392\3 ?\xb3\3\x391\3\xb1\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x393\3\xb5\3\x389\3\x391\3\xad\3\x392\3 ?(?V?G?A? ?r?e?s?)?"="smalle.fon"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\\x2022\3\x390\3\x389\3\x393\3\x38a\3\x39c\3\x390\3\xb7\3\x393\3\xb7\3 ]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Counter List"=str(7):"\\x395\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\x3c2(_Total)\% \x3c7\x3c1\x3cc\x3bd\x3bf\x3c5 \x3b5\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\0\\x39c\x3bd\x3ae\x3bc\x3b7\\x3a3\x3b5\x3bb\x3af\x3b4\x3b5\x3c2/\x3b4\x3b5\x3c5\x3c4\x3b5\x3c1\x3cc\x3bb\x3b5\x3c0\x3c4\x3bf\0\\x3a6\x3c5\x3c3\x3b9\x3ba\x3cc\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c2(_Total)\\x39c\x3ad\x3c3\x3bf\x3c2 \x3cc\x3c1\x3bf\x3c2 \x3bc\x3ae\x3ba\x3bf\x3c5\x3c2 \x3bf\x3c5\x3c1\x3ac\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c5\0"
"Sample Interval"=hex:02,00,04,00,03,00,00,00,0f,00,00,00,01,00,00,00
"Comment"="\x391\x3c5\x3c4\x3cc \x3c4\x3bf \x3b4\x3b5\x3af\x3b3\x3bc\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3bf\x3c5 \x3ba\x3b1\x3c4\x3b1\x3b3\x3c1\x3b1\x3c6\x3ae\x3c2 \x3c0\x3b1\x3c1\x3ad\x3c7\x3b5\x3b9 \x3bc\x3b9\x3b1 \x3b5\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7 \x3c4\x3c9\x3bd \x3b5\x3c0\x3b9\x3b4\x3cc\x3c3\x3b5\x3c9\x3bd \x3c4\x3bf\x3c5 \x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2."
"Log File Max Size"=dword:ffffffff
"Log File Base Name"="\x395\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7_\x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2"
"Log File Serial Number"=dword:00000001
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"EOF Command File"=""
"Start"=hex:01,00,01,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f
"Stop"=hex:01,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00
"Restart"=hex:00,00,00,00
"Last Modified"=hex:01,00,05,00,00,00,00,00,40,51,e2,f5,5b,1c,c7,01
"ExecuteOnly"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3"=str(7):"1\0"
"\x98\3\x39d\3\x391\3\xb1\3 ?\x395\3\x390\3\xb5\3\x391\3\x39d\3\x388\3\x391\3\x399\3\xbd\3 ?\x38c\3\x39c\3\xbd\3\x394\3\xb5\3\x38c\3"=str(7):"1\0"
"\x2018\3\x393\3\x39d\3\xb3\3\x397\3\x391\3\x38f\3\xbd\3\x38f\3\x392\3 ?\x390\3\x391\3\x38f\3\x393\3\xb1\3\x391\3\x38c\3\x38f\3\xb3\3\xad\3\xb1\3\x392\3 ?R?A?S?"=str(7):"1\0"
"\x2018\3\x390\3\xb5\3\x395\3\x388\3\xb5\3\x2015\3\xb1\3\x392\3 ?\x390\3\xb1\3\x391\3\xac\3\xbb\3\xbb\3\xb7\3\xbb\3\xb7\3"=str(7):"1\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\Display\Fonts]
"\x9c\3\x389\3\x38a\3\x391\3\xad\3\x392\3 ?\xb3\3\x391\3\xb1\3\x38c\3\x38c\3\xb1\3\x394\3\x38f\3\x393\3\xb5\3\x389\3\x391\3\xad\3\x392\3 ?(?V?G?A? ?r?e?s?)?"="smalle.fon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SysmonLog\Log Queries\\x2022\3\x390\3\x389\3\x393\3\x38a\3\x39c\3\x390\3\xb7\3\x393\3\xb7\3 ]
"Current State"=dword:00000000
"Log Type"=dword:00000000
"Counter List"=str(7):"\\x395\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\x3c2(_Total)\% \x3c7\x3c1\x3cc\x3bd\x3bf\x3c5 \x3b5\x3c0\x3b5\x3be\x3b5\x3c1\x3b3\x3b1\x3c3\x3c4\x3ae\0\\x39c\x3bd\x3ae\x3bc\x3b7\\x3a3\x3b5\x3bb\x3af\x3b4\x3b5\x3c2/\x3b4\x3b5\x3c5\x3c4\x3b5\x3c1\x3cc\x3bb\x3b5\x3c0\x3c4\x3bf\0\\x3a6\x3c5\x3c3\x3b9\x3ba\x3cc\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c2(_Total)\\x39c\x3ad\x3c3\x3bf\x3c2 \x3cc\x3c1\x3bf\x3c2 \x3bc\x3ae\x3ba\x3bf\x3c5\x3c2 \x3bf\x3c5\x3c1\x3ac\x3c2 \x3b4\x3af\x3c3\x3ba\x3bf\x3c5\0"
"Sample Interval"=hex:02,00,04,00,03,00,00,00,0f,00,00,00,01,00,00,00
"Comment"="\x391\x3c5\x3c4\x3cc \x3c4\x3bf \x3b4\x3b5\x3af\x3b3\x3bc\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3bf\x3c5 \x3ba\x3b1\x3c4\x3b1\x3b3\x3c1\x3b1\x3c6\x3ae\x3c2 \x3c0\x3b1\x3c1\x3ad\x3c7\x3b5\x3b9 \x3bc\x3b9\x3b1 \x3b5\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7 \x3c4\x3c9\x3bd \x3b5\x3c0\x3b9\x3b4\x3cc\x3c3\x3b5\x3c9\x3bd \x3c4\x3bf\x3c5 \x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2."
"Log File Max Size"=dword:ffffffff
"Log File Base Name"="\x395\x3c0\x3b9\x3c3\x3ba\x3cc\x3c0\x3b7\x3c3\x3b7_\x3c3\x3c5\x3c3\x3c4\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2"
"Log File Serial Number"=dword:00000001
"Log File Auto Format"=dword:ffffffff
"Log File Type"=dword:00000002
"EOF Command File"=""
"Start"=hex:01,00,01,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,7f
"Stop"=hex:01,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00
"Restart"=hex:00,00,00,00
"Last Modified"=hex:01,00,05,00,00,00,00,00,40,51,e2,f5,5b,1c,c7,01
"ExecuteOnly"=dword:00000001

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\xa0\3\x391\3\x38f\3\xb5\3\x390\3\x389\3\xbb\3\xb5\3\xb3\3\x38c\3\xad\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"=",,,,,,,,,,,,,"
"\x9a\3\x389\3\xbd\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\xb1\3 ?W?i?n?d?o?w?s?"="C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,"
"\x2020\3\x393\3\x390\3\x391\3\x38f\3 ?3?\x201d\3"="C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,"
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?1?"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,"
"\xa7\3\xad\3\x391\3\x389\3\xb1\3 ?2?"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,"
"\x201d\3\xb5\3\x389\3\xbd\3\x39c\3\x393\3\xb1\3\x395\3\x391\3\x38f\3\x392\3"="C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,"
"\xa0\3\x391\3\x38f\3\xb7\3\xb3\3\x38f\3\x39d\3\x38c\3\xb5\3\xbd\3\x38f\3 ?\x38c\3\x38f\3\xbd\3\x394\3\xad\3\xbb\3\x38f\3"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"
"\xa3\3\x39d\3\xbd\3\x388\3\xb5\3\x393\3\xb7\3"="C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,"
"\x9c\3\xb5\3\xb3\3\xad\3\x388\3\x395\3\xbd\3\x393\3\xb7\3"="C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,"
"\xa0\3\xb1\3\x391\3\xb1\3\xbb\3\xbb\3\xb1\3\xb3\3\xad\3\x392\3"="C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,"
"\x9c\3\x390\3\x391\3\x38f\3\x39d\3\x394\3\xb6\3\x389\3\xbd\3\x38f\3 ?3?\x201d\3"="C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\x9c\3\xb1\3\x39d\3\x391\3\xb1\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"\x2018\3\x391\3\xbd\3\xb7\3\x394\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s?"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"\x2018\3\x391\3\xbd\3\xb7\3\x394\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"\x2018\3\x391\3\xbd\3\xb7\3\x394\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"\xa4\3\x395\3\x390\3\x389\3\x38a\3\xac\3 ?W?i?n?d?o?w?s? ?(?\x390\3\x38f\3\xbb\3\x39d\3 ?\x38c\3\xb5\3\xb3\3\xac\3\xbb\3\xb1\3)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\x2018\3\x391\3\x397\3\xb5\3\x2015\3\xb1\3 ]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"display"="\x3a0\x3c1\x3bf\x3c3\x3c9\x3c1\x3b9\x3bd\x3ac \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7\x3c2 \x3c4\x3c9\x3bd Windows 98"
"description"="\x38c\x3c4\x3b1\x3bd \x3b7 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7 \x3c4\x3c9\x3bd Windows \x3b4\x3b5\x3bd \x3bf\x3bb\x3bf\x3ba\x3bb\x3b7\x3c1\x3c9\x3b8\x3b5\x3af \x3bc\x3b5 \x3b5\x3c0\x3b9\x3c4\x3c5\x3c7\x3af\x3b1, \x3b5\x3af\x3bd\x3b1\x3b9 \x3c0\x3b9\x3b8\x3b1\x3bd\x3cc \x3bd\x3b1 \x3b1\x3c6\x3ae\x3c3\x3b5\x3b9 \x3ba\x3ac\x3c0\x3bf\x3b9\x3b1 \x3c0\x3c1\x3bf\x3c3\x3c9\x3c1\x3b9\x3bd\x3ac \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3c3\x3c4\x3bf \x3b4\x3af\x3c3\x3ba\x3bf \x3c3\x3b1\x3c2. \x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3bc\x3b5\x3c4\x3ac \x3c4\x3b7\x3bd \x3bf\x3bb\x3bf\x3ba\x3bb\x3ae\x3c1\x3c9\x3c3\x3b7 \x3c4\x3b7\x3c2 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7\x3c2 \x3b4\x3b5\x3bd \x3c7\x3c1\x3b5\x3b9\x3ac\x3b6\x3bf\x3bd\x3c4\x3b1\x3b9 \x3ba\x3b1\x3b9 \x3c0\x3c1\x3ad\x3c0\x3b5\x3b9 \x3bd\x3b1 \x3b4\x3b9\x3b1\x3b3\x3c1\x3b1\x3c6\x3bf\x3cd\x3bd."
"folder"=""
"flags"=dword:0000007e
"filelist"="WININST?.400"
"FailIfProcessRunning"="W98SETUP.BIN"
"StateFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\x201d\3\x389\3\xb1\3\xb3\3\x391\3\xb1\3\x396\3\xae\3 ]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"display"="\x3a3\x3c4\x3bf\x3b9\x3c7\x3b5\x3af\x3b1 \x3b1\x3c0\x3b5\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7\x3c2 \x3c4\x3c9\x3bd Windows 98"
"description"="\x38c\x3c4\x3b1\x3bd \x3b5\x3b3\x3ba\x3b1\x3c4\x3b1\x3c3\x3c4\x3ae\x3c3\x3b1\x3c4\x3b5 \x3c4\x3b1 Windows 98, \x3b7 \x395\x3b3\x3ba\x3b1\x3c4\x3ac\x3c3\x3c4\x3b1\x3c3\x3b7 \x3b1\x3c0\x3bf\x3b8\x3ae\x3ba\x3b5\x3c5\x3c3\x3b5 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3bc\x3b5 \x3c0\x3bb\x3b7\x3c1\x3bf\x3c6\x3bf\x3c1\x3af\x3b5\x3c2 \x3b3\x3b9\x3b1 \x3c4\x3b7\x3bd \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3b7 \x3ad\x3ba\x3b4\x3bf\x3c3\x3b7 \x3c4\x3c9\x3bd Windows. \x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3ba\x3b1\x3c4\x3b1\x3bb\x3b1\x3bc\x3b2\x3ac\x3bd\x3bf\x3c5\x3bd \x3bc\x3b5\x3b3\x3ac\x3bb\x3bf \x3c7\x3ce\x3c1\x3bf \x3c3\x3c4\x3bf \x3b4\x3af\x3c3\x3ba\x3bf. \x391\x3bd \x3b5\x3af\x3c3\x3c4\x3b5 \x3b2\x3ad\x3b2\x3b1\x3b9\x3bf\x3b9 \x3cc\x3c4\x3b9 \x3b4\x3b5\x3bd \x3b8\x3ad\x3bb\x3b5\x3c4\x3b5 \x3bd\x3b1 \x3b5\x3c0\x3b9\x3c3\x3c4\x3c1\x3ad\x3c8\x3b5\x3c4\x3b5 \x3c3\x3c4\x3b7\x3bd \x3c0\x3c1\x3bf\x3b7\x3b3\x3bf\x3cd\x3bc\x3b5\x3bd\x3b7 \x3ad\x3ba\x3b4\x3bf\x3c3\x3b7 \x3c4\x3c9\x3bd Windows, \x3c0\x3c1\x3ad\x3c0\x3b5\x3b9 \x3bd\x3b1 \x3c4\x3b1 \x3b4\x3b9\x3b1\x3b3\x3c1\x3ac\x3c8\x3b5\x3c4\x3b5."
"folder"=""
"flags"=dword:0000003e
"filelist"="WINUNDO.DAT|WINUNDO.INI|WINLFN.INI|W95UNDO.DAT|W95UNDO.INI|W98UNDO.DAT|W98U
NDO.INI"
"CleanupString"="rundll32.exe setupapi.dll,InstallHinfSection DiskCleanup.Uninstall 0 setupc.inf"
"StateFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\\xa0\3\xb1\3\xbb\3\x389\3\xac\3 ]
@="{C0E13E61-0CC6-11d1-BBB6-0060978B2AE6}"
"display"="\x3a0\x3b1\x3bb\x3b9\x3ac \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3c4\x3b7\x3c2 \x395\x3be\x3ad\x3c4\x3b1\x3c3\x3b7\x3c2 \x394\x3af\x3c3\x3ba\x3c9\x3bd"
"description"="\x38c\x3c4\x3b1\x3bd \x3b7 \x395\x3be\x3ad\x3c4\x3b1\x3c3\x3b7 \x394\x3af\x3c3\x3ba\x3c9\x3bd \x3b5\x3bb\x3ad\x3b3\x3c7\x3b5\x3b9 \x3c4\x3b7\x3bd \x3bc\x3bf\x3bd\x3ac\x3b4\x3b1 \x3b4\x3af\x3c3\x3ba\x3bf\x3c5 \x3b3\x3b9\x3b1 \x3c3\x3c6\x3ac\x3bb\x3bc\x3b1\x3c4\x3b1, \x3b5\x3af\x3bd\x3b1\x3b9 \x3c0\x3b9\x3b8\x3b1\x3bd\x3cc \x3bd\x3b1 \x3b1\x3c0\x3bf\x3b8\x3b7\x3ba\x3b5\x3cd\x3c3\x3b5\x3b9 \x3b1\x3c0\x3bf\x3ba\x3bf\x3bc\x3bc\x3ad\x3bd\x3b1 \x3c4\x3bc\x3ae\x3bc\x3b1\x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3c9\x3bd \x3c9\x3c2 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3c3\x3c4\x3bf \x3c1\x3b9\x3b6\x3b9\x3ba\x3cc \x3ba\x3b1\x3c4\x3ac\x3bb\x3bf\x3b3\x3bf \x3c4\x3b7\x3c2 \x3bc\x3bf\x3bd\x3ac\x3b4\x3b1\x3c2. \x391\x3c5\x3c4\x3ac \x3c4\x3b1 \x3b1\x3c1\x3c7\x3b5\x3af\x3b1 \x3b4\x3b5\x3bd \x3c7\x3c1\x3b5\x3b9\x3ac\x3b6\x3bf\x3bd\x3c4\x3b1\x3b9 \x3ba\x3b1\x3b9 \x3bc\x3c0\x3bf\x3c1\x3bf\x3cd\x3bd \x3bd\x3b1 \x3b4\x3b9\x3b1\x3b3\x3c1\x3b1\x3c6\x3bf\x3cd\x3bd."
"folder"=""
"flags"=dword:00000020
"filelist"="*.CHK"
"StateFlags0000"=dword:00000002
"StateFlags"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Screen Savers\\x201d\3\xb5\3\x38a\3\xb1\3\xb5\3\x394\3\x2015\3\xb1\3 ]
"KindOfLens"="Spiral"
"SpiralSize"=hex:90,01,00,00
"SpiralSpeed"=hex:04,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Screen Savers\\x2022\3\x390\3\x389\3\x393\3\x394\3\xae\3\x38c\3\xb7\3]
"KindOfLens"="Dent"
"DentParameter"="0.75"
"DentSize"=hex:2c,01,00,00
"DentSpeed"=hex:03,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\DIMITRIS_Administrator\\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ]
"Logon"=dword:00000001
"Logoff"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\DIMITRIS_dimitris\\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ]
"Logon"=dword:00000001
"Logoff"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Syncmgr\AutoSync\DIMITRIS_phantom\\xa3\3\x39d\3\xbd\3\x384\3\xb5\3\x393\3\xb7\3 ]
"Logon"=dword:00000001
"Logoff"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\xa6\3\xb1\3\x38e\3]
"ChangeID"=dword:244b9f5d
"Status"=dword:00000080
"Name"="\x3a6\x3b1\x3be"
"Share Name"=""
"Print Processor"="WinPrint"
"Datatype"="RAW"
"Parameters"=""
"ObjectGUID"=""
"DsKeyUpdate"=dword:00000003
"Description"=""
"Printer Driver"="Windows NT Fax Driver"
"Default DevMode"=hex:a6,03,b1,03,be,03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,..
"Priority"=dword:00000001
"Default Priority"=dword:00000000
"StartTime"=dword:00000000
"UntilTime"=dword:00000000
"Separator File"=""
"Location"=""
"Attributes"=dword:00000200
"txTimeout"=dword:0000afc8
"dnsTimeout"=dword:00003a98
"Security"=hex:01,00,04,80,e4,00,00,00,f4,00,00,00,00,00,00,00,14,00,00,00,02,..
"SpoolDirectory"=""
"Port"="MSFAX:"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\xa6\3\xb1\3\x38e\3\DsDriver]
"printBinNames"=str(7):"\x3a0\x3c1\x3bf\x3b5\x3c0\x3b9\x3bb\x3bf\x3b3\x3ae\0"
"printColor"=hex:00
"printMaxXExtent"=dword:00000045
"printMaxYExtent"=dword:00000000
"printMinXExtent"=dword:00000045
"printMinYExtent"=dword:00000000
"printMediaSupported"=str(7):"Letter\0Letter Small\0Legal\0Statement\0Executive\0A4\0A4 Small\0A5\0B5 (JIS)\0\x3a7\x3b1\x3c1\x3c4\x3bf\x3c6\x3cd\x3bb\x3b1\x3ba\x3b1\x3c2\0\x395\x3ba\x3c4\x3cd\x3c0\x3c9\x3c3\x3b7 \x3c4\x3ad\x3c4\x3b1\x3c1\x3c4\x3bf\x3c5 \x3c3\x3c7\x3ae\x3bc\x3b1\x3c4\x3bf\x3c2\0\x3a3\x3b7\x3bc\x3b5\x3af\x3c9\x3c3\x3b7\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #9\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #10\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #11\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #12\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 #14\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 DL\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 C5\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 C6\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 C65\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 B5\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 B6\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 Monarch\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 6 3/4\0\x3a3\x3c5\x3bd\x3b5\x3c7\x3ad\x3c2 \x3c7\x3b1\x3c1\x3c4\x3af Std \x393\x3b5\x3c1\x3bc\x3b1\x3bd\x3af\x3b1\x3c2\0\x3a3\x3c5\x3bd\x3b5\x3c7\x3ad\x3c2 \x3c7\x3b1\x3c1\x3c4\x3af Legal \x393\x3b5\x3c1\x3bc\x3b1\x3bd\x3af\x3b1\x3c2\0Postcard \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2\0Reserved48\0Reserved49\0Letter.Transverse\0A4.Transverse\0Letter Plus\0A4 plus\0A5.Transverse\0B5 (JIS) Transverse\0A5.Extra\0B5 (ISO) Extra\0\x394\x3b9\x3c0\x3bb\x3ae Postcard \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2\0A6\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2 Kaku #3\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2 Chou #3\0\x3a6\x3ac\x3ba\x3b5\x3bb\x3bf\x3c2 \x399\x3b1\x3c0\x3c9\x3bd\x3af\x3b1\x3c2 Chou #4\0A5 Rotated\0\x3a4\x3b1\x3c7.\x3ba\x3ac\x3c1\x3c4\x3b1 \x399\x3b1\x3c0\x3c9\x3bd\x

#8
dimitris

Posted 27 February 2008 - 07:21 PM

Member

Topic Starter
Member
31 posts

#9
Rorschach112

Posted 27 February 2008 - 07:24 PM

Ralphie

Retired Staff
47,710 posts

Ok go on with the DSS step now

#10
dimitris

Posted 27 February 2008 - 07:29 PM

Member

Topic Starter
Member
31 posts

#11
dimitris

Posted 27 February 2008 - 07:35 PM

Member

Topic Starter
Member
31 posts

#12
Rorschach112

Posted 27 February 2008 - 07:35 PM

Ralphie

Retired Staff
47,710 posts

That is SDFix, I need the DSS log

Do this

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

#13
dimitris

Posted 27 February 2008 - 08:04 PM

Member

Topic Starter
Member
31 posts

#14
dimitris

Posted 28 February 2008 - 03:04 AM

Member

Topic Starter
Member
31 posts

I m so sorry for the several replies! I was trying to send just one, and didnt seem to be uploading. Really sorry!!

I tried too run "%userprofile%\desktop\dss.exe" /config but I get a mesasage saying Access too c:\Documents and Settings\dimitris\desktop was not possible. File was moved or abolished (The msg is in Greek).

Thanks