Trojan.Win32.Ransom_d30cb3cb6e

Auslogics (fs) (not malicious) (VIPRE), Program.Unwanted.539 (DrWeb), Trojan.Win32.Ransom.FD, GenericEmailWorm.YR (Lavasoft MAS) Behaviour: Ransom, Trojan, Worm, EmailWorm The description has been au...
Blog rating:2 out of5 with1 ratings

Trojan.Win32.Ransom_d30cb3cb6e

by malwarelabrobot on February 17th, 2018 in Malware Descriptions.

Auslogics (fs) (not malicious) (VIPRE), Program.Unwanted.539 (DrWeb), Trojan.Win32.Ransom.FD, GenericEmailWorm.YR (Lavasoft MAS)
Behaviour: Ransom, Trojan, Worm, EmailWorm


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: d30cb3cb6ebe0703e5a1e4bca1b161dc
SHA1: 1d88086230c6b2d73eeea22eaa2c1e5939b4b0b6
SHA256: 49d157280a89ab33f054f8842d81c31b32c406194e4426e0d04165212907b4d6
SSDeep: 98304:QU9rGenoQMF1cK5V2vpTeid6gST79rM2IYayTYndY1mSSn/en3wN:NienohF1RgCgST1VVTYnamN/S3o
Size: 4927128 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-08-16 14:05:35
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
EmailWorm Worm can send e-mails.


Process activity

The Trojan creates the following process(es):

%original file name%.exe:3624

The Trojan injects its code into the following process(es):

DiskDefrag.exe:3708

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process DiskDefrag.exe:3708 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ProductHelper.dll (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vclimg160.bpl (356 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefragHelper.dll (364 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\VolumesHelper.dll (266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vcl160.bpl (291 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsVCL.bpl (291 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ReportHelper.dll (118 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Localizer.dll (139 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\rtl160.bpl (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\SettingsHelper.dll (282 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsRTL.bpl (48 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.Site.dll (48 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\DiskDefrag.madExcept (0 bytes)

The process %original file name%.exe:3624 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ProductHelper.dll (3120 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.Routine.dll (8048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vclimg160.bpl (10533 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefragHelper.dll (6328 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\GASender.exe (800 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\GoogleAnalyticsHelper.dll (9862 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.dll (8221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\VolumesHelper.dll (4304 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefrag.exe (19010 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vcl160.bpl (41046 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsVCL.bpl (95865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ReportHelper.dll (3304 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Lang\ENU.lng (4820 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Localizer.dll (3160 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\rtl160.bpl (59275 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Data\main.ini (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\SettingsHelper.dll (3824 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsRTL.bpl (18179 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.Site.dll (21767 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\__tmp_rar_sfx_access_check_8563799 (0 bytes)

Registry activity

The process DiskDefrag.exe:3708 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Auslogics\DiskDefrag Portable\6.x\Settings]
"General.Language" = "enu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 15 01 98 52 3F A7 D3 01"
"{920E6DB1-9907-4370-B3A0-BAFC03D81399} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 15 01 98 52 3F A7 D3 01"
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 15 01 98 52 3F A7 D3 01"
"{16F3DD56-1AF5-4347-846D-7C10C4192619} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 15 01 98 52 3F A7 D3 01"
"{99FD978C-D287-4F50-827F-B2C658EDA8E7} {0C6C4200-C589-11D0-999A-00C04FD655E1} 0xFFFF" = "01 00 00 00 00 00 00 00 B5 9F 95 52 3F A7 D3 01"

[HKLM\SOFTWARE\Auslogics\DiskDefrag Portable\6.x\Settings]
"General.LastRun.DiskDefrag.exe" = "31 95 F4 04 78 11 E5 40"

The process %original file name%.exe:3624 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

Dropped PE files

MD5 File path
ba5e9007e89c348539ab11eb721780f3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsRTL.bpl
17e9b6ecfa1364e7a2c99447793c226e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsVCL.bpl
f3901832c1e978752c47550d836b2887 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.Routine.dll
ccf93228970a32bcb350d56bb60cc492 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.Site.dll
5e13e4414c895a8e77a169ec72f2ad63 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.dll
4d19daf9e7ffe961b7e8d18378c6751e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefrag.exe
16ca13ffddb3aa46f4cc3371f72568c3 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefragHelper.dll
a2cbac9c0e541e27a264a693a9a65ffd c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\GASender.exe
18121d7b114e8744d09f09dd6b572094 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\GoogleAnalyticsHelper.dll
75360472e5b3f1d5a0efcc21471a4115 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Localizer.dll
ac49082fd6db32fa5ade294201f1e0d1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ProductHelper.dll
c9c2514ca3931109f9e2ebcc4ff3753f c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ReportHelper.dll
6ebae93ee20b70ddf6e0f309cf1341c7 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\SettingsHelper.dll
f69ab598909288ab0c6bf2898960082e c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\VolumesHelper.dll
c9f034b3edde49ddb8007ca34d7917f5 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\rtl160.bpl
1199c8076c0adca6ced80704afc870c4 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vcl160.bpl
9b8dc851e7ef7eb2580673795e8994b1 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vclimg160.bpl

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Auslogics
Product Name: Disk Defrag Portable
Product Version: 6.x
Legal Copyright: Copyright (c) 2008-2015 Auslogics Labs Pty Ltd
Legal Trademarks: Copyright (c) 2008-2015 Auslogics Labs Pty Ltd
Original Filename: ausdiskdefragportable.exe
Internal Name: diskfefrag portable
File Version: 6.1.2.0
File Description: Disk Defrag Portable
Comments: Disk Defrag Portable
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 67196 67584 4.54827 5c4d5ace2672731f58b9d31b4d21f13f
.rdata 73728 6101 6144 3.82125 019ad0f666e2ac17292e5d20e1bdf6c3
.data 81920 49140 512 2.45613 2821477811bfd11f4acd2c1da2aba6da
.CRT 131072 16 512 0.147711 324bcdad78da9eab2e1651550291e550
.rsrc 135168 40960 40448 3.59557 37af5852e342ea923f4c07e4176b45fb

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_3624:

.text
.rdata
.data
@.rsrc
WSSSSh
^SShq
SSSh$&A
SSh,'A
%.*s(%d)%s
rtmp%d
<head><meta http-equiv="content-type" content="text/html; charset=
shlwapi.dll
%s %s
%s %s %s
GETPASSWORD1
%s%s%d
Software\Microsoft\Windows\CurrentVersion
%s.%d.tmp
-el -s2 "-d%s" "-p%s" "-sp%s"
__tmp_rar_sfx_access_check_%u
sfxcmd
COMCTL32.DLL
riched20.dll
riched32.dll
COMCTL32.dll
GetProcessHeap
GetCPInfo
KERNEL32.dll
USER32.dll
GDI32.dll
COMDLG32.dll
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
ADVAPI32.dll
SHFileOperationA
ShellExecuteExA
SHELL32.dll
ole32.dll
OLEAUT32.dll
WINRAR.SFX
d:\Projects\WinRAR\SFX\build\sfxrar32\Release\sfxrar.pdb
Extracting %s
c:\%original file name%.exe
<assemblyIdentity version="6.0.0.0" processorArchitecture="*" name="DiskDefrag" type="win32"/>
<description>Disk Defrag Portable</description>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0"
language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" />
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2011/WindowsSettings">
Shell.Explorer
Enter password
&Enter password for the encrypted file:
Skipping %s
The file "%s" header is corrupt%The archive comment header is corrupt
Unknown method in %s
Cannot open %s
Cannot create %s
Cannot create folder %s6CRC failed in the encrypted file %s (wrong password ?)
CRC failed in %s
Packed data CRC failed in %s
Wrong password for %s5Write error in the file %s. Probably the disk is full
Read error in the file %s
Extracting from %s
ErroraErrors encountered while performing the operation
Please close all applications, reboot Windows and restart this installation\Some installation files are corrupt.
Disk Defrag Portable
6.1.2.0
diskfefrag portable
ausdiskdefragportable.exe

DiskDefrag.exe_3708:

.text
`.itext
`.data
.idata
.didata
.edata
@.tls
.rdata
@.rsrc
biClrImportant
_MemoryManager_EventLog.txt
operation.
FastMM has detected an attempt to call a virtual method on a freed object. An access violation will now be raised in order to abort the current operation.
FastMM has detected an attempt to use an interface of a freed object. An access violation will now be raised in order to abort the current operation.
Note: Memory leak detail is logged to a text file in the same folder as this application. To disable this memory leak check, undefine "EnableMemoryLeakReporting".
FastMM4.pas MUST be the first unit in your project's .dpr file, otherwise memory may be allocated
go into its configuration page and ensure that the FastMM4.pas unit is initialized before any other unit.
;!199{199
;0!8&2{199
"<;=!!%{199
Windows 95
Windows 95 OSR-2
Windows 98
Windows 98 SE
Windows ME
Windows 9x New
Windows NT 3
Windows NT 4
Windows 2000
Windows XP
Windows 2003
Windows Vista
Windows 2008
Windows 7
Windows 2008 R2
Windows 8
Windows 2012
Windows 8.1
Windows 2012 R2
Windows 10
Windows NT New
TMsgHandler'
TMsgHandlerOO
user.exe
TMsgHandlers
madToolsMsgHandlerWindow
>0';0974&0{199
cmovÌ
setÌ
pop %seg
push %seg
Export
VVV.madshi.net
.data
.jdbg
madExcept.HandleContactForm
madExcept.HandleScreenshotForm
bSendBugReport
bSaveBugReport
bPrintBugReport
bShowBugReport
esSysUtilsShowException
esHttpExtension
esIntraweb
esTThreadExecute
epCompleteReport
TBugReportCallback
bugReport
TBugReportCallbackOO
eaSendBugReport
eaSaveBugReport
eaPrintBugReport
eaSendBugReport2
eaSaveBugReport2
eaPrintBugReport2
eaShowBugReport
TBugReportPluginA
TBugReportPluginW
TBugReportPluginExA
TBugReportPluginExWO
The import table is invalid.
%exceptMsg%
%bugReport%
Úte%
Útetime%
%computerName%
Þsktop%
%userappdata%
%commonappdata%
MailAsSmtpServer
MailAsSmtpClient
UploadViaHttp
SmtpServer
SmtpPort
SmtpAccount
SmtpPassword
HttpServer
HttpPort
HttpAccount
HttpPassword
bugreport.txt
screenshot.png
ExceptMsg
FrozenMsg
BitFaultMsg
send bug report
save bug report
print bug report
show bug report
bug report
please find the bug report attached
Sending bug report...
PrepAttMsg
MxLookMsg
ConnMsg
AuthMsg
SendMailMsg
FieldMsg
SendAttMsg
SendFinalMsg
SendFailMsg
Sorry, sending the bug report didn't work.
GetFilter1NoBugReport
GetFilter2NoBugReport
GetGeneralNoBugReport
SetFilter1NoBugReport
SetFilter2NoBugReport
SetGeneralNoBugReport
GetAutoShowBugReport
SetAutoShowBugReport
GetMailAsSmtpServer
SetMailAsSmtpServer
GetMailAsSmtpClient
SetMailAsSmtpClient
GetUploadViaHttp
SetUploadViaHttp
GetSmtpServer
SetSmtpServer
GetSmtpPort
SetSmtpPort
GetSmtpAccount
SetSmtpAccount
GetSmtpPassword
SetSmtpPassword
GetHttpServer
SetHttpServer
GetHttpPort
SetHttpPort
GetHttpAccount
SetHttpAccount
GetHttpPassword
SetHttpPassword
GetAttachBugReport
SetAttachBugReport
GetAttachBugReportFile
SetAttachBugReportFile
GetDeleteBugReportFile
SetDeleteBugReportFile
GetBugReportSendAs
SetBugReportSendAs
GetBugReportZip
SetBugReportZip
GetBugReportFile
SetBugReportFile
GetAppendBugReports
SetAppendBugReports
GetBugReportFileSize
SetBugReportFileSize
GetExceptMsg
SetExceptMsg
GetFrozenMsg
SetFrozenMsg
GetBitFaultMsg
SetBitFaultMsg
GetPrepareAttachMsg
SetPrepareAttachMsg
GetMxLookupMsg
SetMxLookupMsg
GetConnectMsg
SetConnectMsg
GetAuthMsg
SetAuthMsg
GetSendMailMsg
SetSendMailMsg
GetFieldsMsg
SetFieldsMsg
GetSendAttachMsg
SetSendAttachMsg
GetSendFinalizeMsg
SetSendFinalizeMsg
GetSendFailureMsg
SetSendFailureMsg
TDABugReportCallback
TDABugReportCallbackOO
FBugReportHeader
FBugReportSections
FBugReport
FBugReportCallbacks
FBugReportCallbacksOO
FCreateBugReport
FCorrectBugReportNo
GetBugReportHeader
GetBugReportSections
GetBugReport_
SetBugReport
GetBugReport
RegisterBugReportCallback
bugReportCallback
UnregisterBugReportCallback
GetCreateBugReport
SetCreateBugReport
ShowBugReport
SendBugReport
SaveBugReport
PrintBugReport
CompleteBugReport
CriticalBugReportCallbackExists
VVV.google.de
SMTP:
Tcpip\Parameters
VxD\MSTCP
A.ROOT-SERVERS.NET
K.ROOT-SERVERS.NET
VVV.madshi.net_multipart_boundary
LOGIN
AUTH LOGIN
http=
HTTP/1.1
*.txt
BugReport
TSendBugReportExRec
FDefaultMsgBox
defaultMsgBox
BugReportChanged
<tr><td><button onClick="history.back();" style="height:19.5pt;"> 
<button onClick="document.getElementById('bugReport').style.visibility='visible';this.style.visibility='hidden';" style="height:19.5pt;"> 
<textarea id="bugReport" readonly cols="80" rows="20" style="width:100%;height:100%;
Software\Microsoft\Windows
operating system
GetThreadReport
GetCpuRegisters
ServerSupportFunctionNext
kernel32.dll
user32.dll
internal error. please notify bug@madshi.net
HardWareKey
Project.DebugLog
%TDebugLog<Project.DebugLog.TLogLevel>c
%TDebugLog<Project.DebugLog.TLogLevel>XqF
Auslogics.Debug.Log
Interfaces.DiskDefrag
TOperationType
Interfaces.DiskDefragY
Interfaces.ProductHelper
Interfaces.SettingsHelper
TArray<System.string>
Project.Globals
Globals.TCmdParams
Project.GUI.Globals
;CommonCmdLineParams<Project.GUI.Globals.Globals.TCmdParams>^
;CommonCmdLineParams<Project.GUI.Globals.Globals.TCmdParams>
Project.GUI.CmdLineParams
TLocalizerURL
RestoreKey
Support
LiveSupport
Project.GUI.Localizer
SUPPORT_PHONE_NUMBER
Interfaces.VolumesHelper
TArray<System.Cardinal>
TEnumerator<System.Cardinal>(
TEnumerator<System.Cardinal><
System.Generics.Collections
TEnumerable<System.Cardinal>-
TEnumerable<System.Cardinal>l
7:{System.Generics.Collections}TList<System.Cardinal>.:1
IComparer<System.Cardinal>piK
System.Generics.Defaults
'TCollectionNotifyEvent<System.Cardinal>
IEnumerable<System.Cardinal>liK
"TList<System.Cardinal>.TEnumerator5
"TList<System.Cardinal>.TEnumeratord
TList<System.Cardinal>&
TList<System.Cardinal>
TComparison<System.Cardinal>piK
TComparer<System.Cardinal>2
TComparer<System.Cardinal>
7:{System.Generics.Collections}TList<System.Cardinal>.:3
#TDelegatedComparer<System.Cardinal>8
#TDelegatedComparer<System.Cardinal>
S_UNSUPPORTED_DRIVE_TYPE
S_REPORT_FILE_NOT_FOUND
S_VIEW_DETAILED_REPORT
S_INFO_LAST_REPORT
S_OPERATION_TIME_PASSED
)GUILocalizer<uGUILocalizer.TLocalizerStr>W
GetMSG
GetURL
)GUILocalizer<uGUILocalizer.TLocalizerStr>
 TArray<Interfaces.DiskDefrag.IAnalyzedFile>
0TEnumerator<Interfaces.DiskDefrag.IAnalyzedFile>(
0TEnumerator<Interfaces.DiskDefrag.IAnalyzedFile>@&G
0TEnumerable<Interfaces.DiskDefrag.IAnalyzedFile>-
0TEnumerable<Interfaces.DiskDefrag.IAnalyzedFile>
K:{System.Generics.Collections}TList<Interfaces.DiskDefrag.IAnalyzedFile>.:1
.IComparer<Interfaces.DiskDefrag.IAnalyzedFile>piK
;TCollectionNotifyEvent<Interfaces.DiskDefrag.IAnalyzedFile>
0IEnumerable<Interfaces.DiskDefrag.IAnalyzedFile>liK
6TList<Interfaces.DiskDefrag.IAnalyzedFile>.TEnumerator5
6TList<Interfaces.DiskDefrag.IAnalyzedFile>.TEnumerator
*TList<Interfaces.DiskDefrag.IAnalyzedFile>&
*TList<Interfaces.DiskDefrag.IAnalyzedFile>
TArray<System.Integer>
TEnumerator<System.Integer>(
TEnumerator<System.Integer>\7G
TEnumerable<System.Integer>-
TEnumerable<System.Integer>
6:{System.Generics.Collections}TList<System.Integer>.:1
IComparer<System.Integer>piK
&TCollectionNotifyEvent<System.Integer>
IEnumerable<System.Integer>liK
!TList<System.Integer>.TEnumerator5
!TList<System.Integer>.TEnumeratorp;G
TList<System.Integer>&
TList<System.Integer>
TComparison<System.Integer>piK
TComparer<System.Integer>2
TComparer<System.Integer>DWG
0TComparison<Interfaces.DiskDefrag.IAnalyzedFile>piK
.TComparer<Interfaces.DiskDefrag.IAnalyzedFile>2
.TComparer<Interfaces.DiskDefrag.IAnalyzedFile>D{G
K:{System.Generics.Collections}TList<Interfaces.DiskDefrag.IAnalyzedFile>.:3
6:{System.Generics.Collections}TList<System.Integer>.:3
"TDelegatedComparer<System.Integer>8
"TDelegatedComparer<System.Integer>
7TDelegatedComparer<Interfaces.DiskDefrag.IAnalyzedFile>8
7TDelegatedComparer<Interfaces.DiskDefrag.IAnalyzedFile>x
,TArray<uAxClusterMapColors.TClusterMapColor>
1TEnumerator<uAxClusterMapColors.TClusterMapColor>(
1TEnumerator<uAxClusterMapColors.TClusterMapColor>h
1TEnumerable<uAxClusterMapColors.TClusterMapColor>-
1TEnumerable<uAxClusterMapColors.TClusterMapColor>
L:{System.Generics.Collections}TList<uAxClusterMapColors.TClusterMapColor>.:1
/IComparer<uAxClusterMapColors.TClusterMapColor>piK
<TCollectionNotifyEvent<uAxClusterMapColors.TClusterMapColor>
1IEnumerable<uAxClusterMapColors.TClusterMapColor>liK
7TList<uAxClusterMapColors.TClusterMapColor>.TEnumerator5
7TList<uAxClusterMapColors.TClusterMapColor>.TEnumeratorD
 TList<uAxClusterMapColors.TClusterMapColor>&
 TList<uAxClusterMapColors.TClusterMapColor>
1TObjectList<uAxClusterMapColors.TClusterMapColor><
1TObjectList<uAxClusterMapColors.TClusterMapColor>4
1TComparison<uAxClusterMapColors.TClusterMapColor>piK
/TComparer<uAxClusterMapColors.TClusterMapColor>2
/TComparer<uAxClusterMapColors.TClusterMapColor>
L:{System.Generics.Collections}TList<uAxClusterMapColors.TClusterMapColor>.:3
8TDelegatedComparer<uAxClusterMapColors.TClusterMapColor>8
8TDelegatedComparer<uAxClusterMapColors.TClusterMapColor>X
TClusterMap.TCell
TClusterMap.TUpdateHintParamsL
TClusterMap.TUpdateHintParams
!TClusterMap.TUpdateHintInfoThread4
!TClusterMap.TUpdateHintInfoThread<
1TArray<uClusterMap.TClusterMap.TUpdateHintParams>
6TEnumerator<uClusterMap.TClusterMap.TUpdateHintParams>(
6TEnumerator<uClusterMap.TClusterMap.TUpdateHintParams>
6TEnumerable<uClusterMap.TClusterMap.TUpdateHintParams>-
6TEnumerable<uClusterMap.TClusterMap.TUpdateHintParams><
Q:{System.Generics.Collections}TList<uClusterMap.TClusterMap.TUpdateHintParams>.:1
4IComparer<uClusterMap.TClusterMap.TUpdateHintParams>piK
ATCollectionNotifyEvent<uClusterMap.TClusterMap.TUpdateHintParams>
6IEnumerable<uClusterMap.TClusterMap.TUpdateHintParams>liK
<TList<uClusterMap.TClusterMap.TUpdateHintParams>.TEnumerator5
<TList<uClusterMap.TClusterMap.TUpdateHintParams>.TEnumerator
0TList<uClusterMap.TClusterMap.TUpdateHintParams>&
0TList<uClusterMap.TClusterMap.TUpdateHintParams>
3333333
7TClusterMap.TUpdateHintInfoThread.UpdateItem$295$0$IntfpiK
7TClusterMap.TUpdateHintInfoThread.UpdateItem$295$ActRec
4TClusterMap.TUpdateHintInfoThread.Execute$297$0$IntfpiK
4TClusterMap.TUpdateHintInfoThread.Execute$297$ActRec
6TComparison<uClusterMap.TClusterMap.TUpdateHintParams>piK
4TComparer<uClusterMap.TClusterMap.TUpdateHintParams>2
4TComparer<uClusterMap.TClusterMap.TUpdateHintParams>
Q:{System.Generics.Collections}TList<uClusterMap.TClusterMap.TUpdateHintParams>.:3
=TDelegatedComparer<uClusterMap.TClusterMap.TUpdateHintParams>8
=TDelegatedComparer<uClusterMap.TClusterMap.TUpdateHintParams>
%TAxClusterMapButton.TCheckStateThreadL
%TAxClusterMapButton.TCheckStateThread
TCmdParams
CmdLineParamsE
CmdLineParams
 CommonCmdLineParams<uGUIGlobals.TCmdParams>^
 CommonCmdLineParams<uGUIGlobals.TCmdParams>
opScheduleMakeReport
opLastScheduleReportFileName
$Settings<uGUISettings.TOptionsParam> 
$Settings<uGUISettings.TOptionsParam>(UH
Project.Settings
TOperationExtType
TDrive.TCallback6
TDrive.TCallback`rH
FLastOperation
FLastOperationExt
SetReportFile
AOperation
GenerateXmlReport
GenerateHtmlReport
LastOperationExt
uOperation
Operationh
AOperationType
CheckOperation
Operation
TArray<uDrive.TDrive>
TEnumerator<uDrive.TDrive>(
TEnumerator<uDrive.TDrive>
TEnumerable<uDrive.TDrive>-
TEnumerable<uDrive.TDrive>
5:{System.Generics.Collections}TList<uDrive.TDrive>.:1
IComparer<uDrive.TDrive>piK
%TCollectionNotifyEvent<uDrive.TDrive>
IEnumerable<uDrive.TDrive>liK
TList<uDrive.TDrive>.TEnumerator5
TList<uDrive.TDrive>.TEnumerator
TList<uDrive.TDrive>&
TList<uDrive.TDrive>\
TComparison<uDrive.TDrive>piK
TComparer<uDrive.TDrive>2
TComparer<uDrive.TDrive>$
5:{System.Generics.Collections}TList<uDrive.TDrive>.:3
!TDelegatedComparer<uDrive.TDrive>8
!TDelegatedComparer<uDrive.TDrive>
dvmOperation
TObjectList<uDrive.TDrive><
TObjectList<uDrive.TDrive>T
TSummaryOperationH
ReportFileName
pcOperationProgress
lbInfoViewDetailedReport<
acViewDetailedReportP
lbSelectedDiskOperationX
lbSelectedDiskOperationValue\
lbInfoViewDetailedReport
acViewDetailedReport
lbSelectedDiskOperation
lbSelectedDiskOperationValue
FCurrentReport
acViewDetailedReportExecute)
"acDfragmentDiskAfterAnalyzeExecute
acViewDetailedReportExecute
InitOperation
DisplayDefragOperation
DisplayAnalyzeOperation
DoneDefragOperation
DoneAnalyzeOperation
TfmSmartInfo.THealth
tmrCheckOperation`
acStopProcessh
tmrCheckOperation
FOnFinishOperation
tmrCheckOperationTimer
acShowPropDiskExecute
acResumeProcessExecute
acPauseProcessExecute
acStopProcessExecute
acAnalyzeThisDiskExecute
acDefragThisDiskExecute
acDefragSelectedExecute!
acDefragPriorityLowExecute
acDefragFolderExecute
acDefragFileExecute!
acDefragAndOptimizeExecute
acAnalyzeSelectedExecute!
acSelectLocalDrivesExecute
acInvertSelectionExecute
acSelectAllExecute
acSkipThisDiskExecute
acFilesListDefragExecute(
!acFilesListInvertSelectionExecute%
acFilesListOpenExplorerExecute"
acFilesListSelectAllExecute$
acFilesListUnselectAllExecute
"acDefragAndOptimizeThisDiskExecute
acFilesAddToIgnoreExecute%
acFilesRemoveFromIgnoreExecute
acCheckThisDiskExecute'
acCheckAndCorrectThisDiskExecute
acCheckSelectedExecute'
acCheckAndCorrectSelectedExecute
acUnselectAllExecute#
acShowSpeedMapExecute
acDefragQuickSelectedExecute$
acDefragQuickThiskDiskExecute
acOptimizeSSDExecute#
acOptimizeSSDThisDiskExecute;
acDefragSelectedExecute
acDefragFileExecute
acAnalyzeSelectedExecute
acFilesListDefragExecute
!acFilesListInvertSelectionExecute
acFilesListOpenExplorerExecute
acFilesListSelectAllExecute
acFilesAddToIgnoreExecute
acCheckThisDiskExecute
acCheckSelectedExecute
acUnselectAllExecute
acDefragQuickSelectedExecute
acOptimizeSSDExecute
acOptimizeSSDThisDiskExecute
OnFinishOperation
0TArray<Auslogics.VCL.AxListView.TAxListViewItem>
5TEnumerator<Auslogics.VCL.AxListView.TAxListViewItem>(
5TEnumerator<Auslogics.VCL.AxListView.TAxListViewItem>`
5TEnumerable<Auslogics.VCL.AxListView.TAxListViewItem>-
5TEnumerable<Auslogics.VCL.AxListView.TAxListViewItem>
P:{System.Generics.Collections}TList<Auslogics.VCL.AxListView.TAxListViewItem>.:1
3IComparer<Auslogics.VCL.AxListView.TAxListViewItem>piK
@TCollectionNotifyEvent<Auslogics.VCL.AxListView.TAxListViewItem>
5IEnumerable<Auslogics.VCL.AxListView.TAxListViewItem>liK
;TList<Auslogics.VCL.AxListView.TAxListViewItem>.TEnumerator5
;TList<Auslogics.VCL.AxListView.TAxListViewItem>.TEnumeratorT
/TList<Auslogics.VCL.AxListView.TAxListViewItem>&
/TList<Auslogics.VCL.AxListView.TAxListViewItem>(
5TComparison<Auslogics.VCL.AxListView.TAxListViewItem>piK
3TComparer<Auslogics.VCL.AxListView.TAxListViewItem>2
3TComparer<Auslogics.VCL.AxListView.TAxListViewItem>
P:{System.Generics.Collections}TList<Auslogics.VCL.AxListView.TAxListViewItem>.:3
<TDelegatedComparer<Auslogics.VCL.AxListView.TAxListViewItem>8
<TDelegatedComparer<Auslogics.VCL.AxListView.TAxListViewItem>
acCompanyWebSite
acContactTechnicalSupport
miCompanyWebSite
miContactTechnicalSupport$
miCompanyWebSite
miContactTechnicalSupport
acExitExecute
acShowSchedDefragExecute
acShowStdDefragExecute
acCompanyWebSiteExecute'
acContactTechnicalSupportExecute
acCheckForUpdatesExecute
acAboutExecute
acProgramSettingsExecute
acRestoreAppExecute
acDefragLocalDriveExecute
acHelpExecute
acStopDefragTrayExecute
acProtectYourPCExecute
acHideAppExecute
acSendDebugLogExecute
acProtectMyDataExecute
acShowSSDTweakerExecute
acShowBootDefragExecute
acSettingsClusterMapExecute
acCompanyWebSiteExecute
ufmGiveawayClub.Free­vertScanners.GUI.MenuItem.Localizer
AdvertScanners.GUI.MenuItem'AdvertScanners.StubInstaller.BoostSpeed
Project.TryUtils.Counter
Interfaces.BrowserHelper
Interfaces.RescueCenter
uDiskCleanerOperation
LuckyWheel.GUI
LuckyWheel.GUI.Localizer
LuckyWheel.GUI.LabelShadow
LuckyWheel.GUI.Button
Project.Consts
Interfaces.DebugLog.Send
Interfaces.Localizer
Interfaces.ReportHelper
Interfaces.CommonForms.Site
Interfaces.CommonForms
Interfaces.CommonForms.Routine
ufmSSDTweaker.OptimizationItem
CheckNewVersion.GUI.Localizer
CheckNewVersion.GUI
ufmSSDTweaker#AdvertScanners.GUI.OwnTab.Localizer)AdvertScanners.GUI.OwnTab.RegistryCleaner
AdvertScanners.GUI.OwnTab­vertScanners.GUI.OwnTab.DiskCleaner$AdvertScanners.GUI.OwnTab.CommonItem
AdvertScanners.RegistryCleaner
AdvertScanners.DiskCleaner
AdvertScanners.Base
uSSDTweaker.Types
uSSDTweaker.Backup
uSSDTweaker.Tweak.Actions
uSSDTweaker.Tweak.Action.Task uSSDTweaker.Tweak.Action.Service!uSSDTweaker.Tweak.Action.Registry
uSSDTweaker.Tweak.Action
uSSDTweaker.Tweak
uSchedDefrag.Tasks
Interfaces.DiskWipeHelper
ufmInfoTabs.Free
Interfaces.RegistryCleaner
Interfaces.DiskCleaner
uSchedDefrag.UpdateThread
Project.ExceptionHandler.MadShi
6666666666666666
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefrag_MemoryManager_EventLog.txt
Fw.AEw
rtl160.bpl
@System@@IntfAddRef$qqrx45System@ÞlphiInterface$t17System@IInterface%
@System@@IntfCast$qqrr45System@ÞlphiInterface$t17System@IInterface%x45System@ÞlphiInterface$t17System@IInterface%rx5_GUID
@System@@IntfCopy$qqrr45System@ÞlphiInterface$t17System@IInterface%x45System@ÞlphiInterface$t17System@IInterface%
@System@@IntfClear$qqrr45System@ÞlphiInterface$t17System@IInterface%
@System@@UStrFromString$qqrr20System@UnicodeStringrx28System@%SmallString$iuc$255%
@System@@LStrFromUStr$qqrr27System@%AnsiStringT$us$i0$%x20System@UnicodeStringus
@System@@LStrCat3$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%t2
@System@@LStrCat$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@System@@LStrFromString$qqrr27System@%AnsiStringT$us$i0$%rx28System@%SmallString$iuc$255%us
@System@@LStrFromChar$qqrr27System@%AnsiStringT$us$i0$%cus
@System@@LStrLAsg$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@System@@LStrAsg$qqrr27System@%AnsiStringT$us$i0$%x27System@%AnsiStringT$us$i0$%
@System@@StartExe$qqrp23System@PackageInfoTablep17System@TLibModule
@System@@_CToPasStr$qqrp28System@%SmallString$iuc$255%pxc
@System@ReportMemoryLeaksOnShutdown
GetKeyState
EnumWindows
gdi32.dll
version.dll
GetWindowsDirectoryA
CreatePipe
advapi32.dll
RegQueryInfoKeyW
RegOpenKeyExA
RegOpenKeyExW
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
SHFolder.dll
ole32.dll
comctl32.dll
shell32.dll
ShellExecuteExA
ShellExecuteA
@System@Sysutils@FindCmdLineSwitch$qqrx20System@UnicodeString
@System@Sysutils@CharInSet$qqrbrx29System@%Set$tc$iuc$0$iuc$255%
@System@Variants@@VarToIntf$qqrr45System@ÞlphiInterface$t17System@IInterface%rx8TVarData
@System@Classes@TLoginCredentialService@$bcdtr$qqrv
@System@Classes@TLoginCredentialService@$bcctr$qqrv
@System@Classes@TComponent@ObserverAdded$qqrxix52System@ÞlphiInterface$t24System@Classes@IObserver%
@System@Classes@TThread@Synchronize$qqr59System@ÞlphiInterface$t31System@Classes@TThreadProcedure%
@System@Classes@TStrings@AddStrings$qqrx45System@%DynamicArray$t20System@UnicodeString%
comdlg32.dll
wsock32.dll
vcl160.bpl
@Vcl@Controls@TWinControl@Notification$qqrp25System@Classes@TComponent25System@Classes@TOperation
@Vcl@Controls@TControl@MouseMove$qqr60System@%Set$t32System@Classes@System_Classes__1$iuc$0$iuc$9%ii
@Vcl@Controls@TControl@DoGetGestureOptions$qqrr60System@%Set$t32Vcl@Controls@TInteractiveGesture$iuc$0$iuc$4%r66System@%Set$t38Vcl@Controls@TInteractiveGestureOption$iuc$0$iuc$4%
@Vcl@Controls@TControl@SetAnchors$qqr54System@%Set$t26System@Uitypes@TAnchorKind$iuc$0$iuc$3%
@Vcl@Comctrls@THotKey@$bcctr$qqrv
@Vcl@Comctrls@TCustomHotKey@$bcctr$qqrv
@Vcl@Comctrls@THotKey@$bcdtr$qqrv
@Vcl@Comctrls@TCustomHotKey@$bcdtr$qqrv
@Vcl@Forms@TApplication@GetExeName$qqrv
@Vcl@Forms@TCustomForm@Resizing$qqr27System@Uitypes@TWindowState
@Vcl@Forms@TCustomForm@WantChildKey$qqrp21Vcl@Controls@TControlr24Winapi@Messages@TMessage
@Vcl@Forms@TCustomForm@Notification$qqrp25System@Classes@TComponent25System@Classes@TOperation
@Vcl@Forms@TScrollingWinControl@DoGetGestureOptions$qqrr60System@%Set$t32Vcl@Controls@TInteractiveGesture$iuc$0$iuc$4%r66System@%Set$t38Vcl@Controls@TInteractiveGestureOption$iuc$0$iuc$4%
AxComponentsRTL.bpl
vclimg160.bpl
AxComponentsVCL.bpl
@Auslogics@Debug@Logfile@TDebugLogFile@FreeLogInstance$qqrrp37Auslogics@Debug@Logfile@TDebugLogFile
@Auslogics@Debug@Logfile@TDebugLogFile@GetLogInstance$qqrx20System@UnicodeString
@Auslogics@Winapi@Kernel32@Kernel32@SetThreadExecutionState$qqrui
@Auslogics@System@Win@Osinfo@OSInfo@IsShutdownAllowed$qqrv
@Auslogics@System@Win@Osinfo@OSInfo@IsWindows$qqr43Auslogics@System@Win@Osinfo@TWindowsVersiont1
@Auslogics@Vcl@Axaccessibleproxy@TAxCustomControlAccessible@CreateAccessibleInterface$qqr39System@ÞlphiInterface$t11IAccessible%
@Auslogics@Vcl@Axcustomcontrol@TAxCustomControl@Notification$qqrp25System@Classes@TComponent25System@Classes@TOperation
@Auslogics@Vcl@Axcustommultiselectlistcontrol@TAxCustomMultiSelectListControl@DoSelectItemsInRect$qqr60System@%Set$t32System@Classes@System_Classes__1$iuc$0$iuc$9%rx18System@Types@TRect
@Auslogics@Vcl@Axform@TAxForm@GetFormPosition$qqrr27System@Uitypes@TWindowStater18System@Types@TRect
@Auslogics@Vcl@Axform@TAxForm@SetFormPosition$qqr27System@Uitypes@TWindowStaterx18System@Types@TRect
@Auslogics@Vcl@Axform@TAxForm@DoDrawWindowCaption$qqrp20Vcl@Graphics@TCanvasrx18System@Types@TRecti71System@%Set$t43Auslogics@System@Uitypes@TAxTextShadowStyle$iuc$0$iuc$3!System@Uitypes@TColor
@Auslogics@Vcl@Axmessagebox@AxMessageBox@Show$qqr42Auslogics@System@Uitypes@TAxMessageBoxIconx20System@UnicodeString72System@%Set$t44Auslogics@System@Uitypes@TAxMessageBoxButton$iuc$0$iuc$5%
@Auslogics@Project@Processinfo@ProcessInfo@ShellExecute$qqrp6HWND__x20System@UnicodeStringt2t2t2i
@Auslogics@System@Fileutils@FileUtils@WindowsDirectory$qqrv
@Auslogics@Vcl@Axlistview@TAxCustomListView@DoProcessKeyDown$qqrrus60System@%Set$t32System@Classes@System_Classes__1$iuc$0$iuc$9%riro
@Auslogics@Vcl@Axlistview@TAxCustomListView@HeaderMouseMove$qqr60System@%Set$t32System@Classes@System_Classes__1$iuc$0$iuc$9%ii
@Auslogics@Vcl@Axlistview@TAxCustomListView@HeaderMouseUp$qqr27System@Uitypes@TMouseButton60System@%Set$t32System@Classes@System_Classes__1$iuc$0$iuc$9%ii
@Auslogics@Vcl@Axlistview@TAxCustomListView@HeaderMouseDown$qqr27System@Uitypes@TMouseButton60System@%Set$t32System@Classes@System_Classes__1$iuc$0$iuc$9%ii
@Auslogics@Vcl@Axlistview@TAxCustomListView@Notification$qqrp25System@Classes@TComponent25System@Classes@TOperation
DiskDefrag.exe
.vS$.
!.cvtC % &]
cRti
~*2g.NN
w$%Dz
H%%xa11
\g.op_xr!=sk
fQF.mP
a%DQ,
.DP$DQYd
<V%cZ
p$%UT(
xu-c}
.pJI-
Interfaces.CommonForms
8Project.Consts
7Interfaces.RescueCenter
{Project.GUI.Globals
ufmGiveawayClub.Free
fAdvertScanners.GUI.MenuItem.Localizer
AdvertScanners.GUI.MenuItem
AdvertScanners.StubInstaller.BoostSpeed
9Project.TryUtils.Counter
fLuckyWheel.GUI
GLuckyWheel.GUI.Localizer
@Interfaces.DiskDefrag
#CheckNewVersion.GUI.Localizer
BCheckNewVersion.GUI
AdvertScanners.GUI.OwnTab.Localizer
AdvertScanners.GUI.OwnTab.RegistryCleaner
AdvertScanners.GUI.OwnTab
}AdvertScanners.GUI.OwnTab.DiskCleaner
*AdvertScanners.GUI.OwnTab.CommonItem
nAdvertScanners.RegistryCleaner
nAdvertScanners.Base
&uSSDTweaker.Tweak.Actions
uSSDTweaker.Tweak.Action.Task
uSSDTweaker.Tweak.Action.Service
uSSDTweaker.Tweak.Action.Registry
quSSDTweaker.Tweak
KufmInfoTabs.Free
XInterfaces.DiskCleaner
FuSchedDefrag.UpdateThread
WuOperation
zProject.ExceptionHandler.MadShi
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
Font.Quality
Constraints.MinHeight
Margins.Left
Margins.Top
Margins.Right
Margins.Bottom
View detailed report
OnExecute
Constraints.MinWidth
fmStdDefrag.acAnalyzeSelected
fmStdDefrag.acDefragSelected
fmStdDefrag.acOptimizeSSD
fmStdDefrag.acDefragAndOptimize
!fmStdDefrag.acDefragQuickSelected
fmStdDefrag.acDefragFile
fmStdDefrag.acDefragFolder
fmStdDefrag.acCheckSelected
%fmStdDefrag.acCheckAndCorrectSelected
fmStdDefrag.acDefragPriorityLow
"fmStdDefrag.acDefragPriorityNormal
fmStdDefrag.acDefragPriorityHigh
fmStdDefrag.acSelectAll
fmStdDefrag.acUnselectAll
fmStdDefrag.acInvertSelection
fmStdDefrag.acSelectLocalDrives
fmStdDefrag.acShowSpeedMap
Constraints.MaxHeight
Picture.Data
Pen.Color
attach a screenshot to the bug report
<assemblyIdentity name="DiskDefrag" version="6.1.2.0" processorArchitecture="*" type="win32" />
<description>Disk Defrag Portable</description>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
<requestedExecutionLevel level="highestAvailable" uiAccess="false" />
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0"
language="*" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" />
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2011/WindowsSettings">
FastMM_FullDebugMode.dll
ntdll.dll
msvcrt.dll
nuser32.dll
.madExcept
cc32120mt.dll
cc32120.dll
screenShot.bmp
ShellExecuteExW
madExceptIde_.bpl
wininet.dll
mapi32.dll
IpHlpApi.dll
%userappdata%\
screenShot.png
wtsapi32.dll
nidapi32.dll
kernelbase.dll
setupapi.dll
psapi.dll
CommonForms.dll
CommonForms.Site.dll
CommonForms.Routine.dll
DebugHelper.dll
DiskDefragHelper.dll
ProductHelper.dll
\Software\%s\%s\%s\
SettingsHelper.dll
Localizer.dll
%s %s
General.Language
GDI  Library (gdiplus.dll) initialization error. This library is necessary for the application.
Error text: %s.
1. Use the Windows installation disk to repair system files.
2. Download the library from Microsoft's official site (hXXp://VVV.microsoft.com) and install it.
General.DebugMode
Would you like to disable the debug mode right now? By disabling it you will not be able to create debug logs and send them to our support team.
General.DebugMode.DirectWrite
General.InstallDateTime
userenv.dll
General.LastRun.%s
VolumesHelper.dll
S_DISK_LIST_COLUMNS_%d
S_FILE_LIST_COLUMNS_%d
S_CAPTION_COLOR_MAP_%d
S_SMART_COLUMNS_%d
MaxClusters(%d) <= 0
startCluster < 0 or startCluster(%d) >= MaxClusters(%d)
endCluster(%d) < 0
GetCell(%d) < 0
GetClusterMapElement(%d) < 0
param.StandartCSS
%s\%s\%s\%s\
Reports
ReportHelper.dll
768CB481-9F09-4C8D-8311-AD1AE9C6C204
DiskDefrag.MainForm.State
DiskDefrag.MainForm.Top
DiskDefrag.MainForm.Left
DiskDefrag.MainForm.Height
DiskDefrag.MainForm.Width
DiskDefrag.MainForm.ColorIndex
DiskDefrag.MainForm.MapStyle
DiskDefrag.MainForm.FilesColumnWidth
DiskDefrag.MainForm.BlocksColumnWidth
DiskDefrag.TabInfo.Height
DiskDefrag.TabInfo.AdvertIndex
DiskDefrag.DisksList.Height
DiskDefrag.DisksList.ColumnWidth
DiskDefrag.DisksList.SelectedDrives
DiskDefrag.DisksList.DontShowSSDDisk
DiskDefrag.Algorithms.ThreadPriority
DiskDefrag.Algorithms.SkipFragments
DiskDefrag.Algorithms.FragmentSize
DiskDefrag.Algorithms.MoveSysFileToBegin
DiskDefrag.Algorithms.ShutdownIndex
DiskDefrag.Integration.NeedEnabledStdDefrag
DiskDefrag.Integration.UseTrayIcon
DiskDefrag.Integration.TrayFirstHelpShow
DiskDefrag.Integration.TrayToolTipShow
DiskDefrag.LastDefragment.DisksList
DiskDefrag.LastDefragment.FilesCount
DiskDefrag.LastDefragment.DateTime
DiskDefrag.Scheduled.AutoDefrag
DiskDefrag.Scheduled.StartWhenIdle
DiskDefrag.Scheduled.MakeReport
DiskDefrag.Scheduled.PauseWhenBattery
DiskDefrag.Scheduled.AllLocalDisks
DiskDefrag.Scheduled.DisksList
DiskDefrag.Scheduled.Last.DateTime
DiskDefrag.Scheduled.Last.DisksList
DiskDefrag.Scheduled.Last.FilesCount
DiskDefrag.Scheduled.Last.FragmentsCount
DiskDefrag.Scheduled.Last.ReportFileName
DiskDefrag.VSS.CompatibleMode
General.StopAutoDefrag
DiskDefrag.Algorithms.SkipSmallFiles
DiskDefrag.Algorithms.SmallFileSize
DiskDefrag.Algorithms.opUsePrefetch
DiskDefrag.VSS.StopVSS
DiskDefrag.Algorithms.UseOnlySSDDefrag
DiskDefrag.Algorithms.SSDFileCategory
DiskDefrag.Algorithms.UseUseSSDTrim
Integrator.DiskDefrag.LastRun
DD_ExclusionsList.dat
Disk_Defrag_Report.xml
%sdefraglog%d%d%d%d%d%d%d.html
%s (<a href="view_last_rep">%s</a>)
/select,"%s"
explorer.exe
echo. & echo Disk: %s\ & %s\chkdsk.exe %s%s &
%s\cmd.exe /c
{B6AEA771-9737-41A2-AA07-772CB1A1CC27}
BitReplica.exe
{A5A6F7C9-F91E-45C7-8DAA-289CBB0C817D}
antimalware.exe
66006666
6.1.2.0
DiskDefrag Portable
Part of Auslogics DiskDefrag Portable


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    %original file name%.exe:3624

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ProductHelper.dll (98 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vclimg160.bpl (356 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefragHelper.dll (364 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\VolumesHelper.dll (266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\vcl160.bpl (291 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsVCL.bpl (291 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\ReportHelper.dll (118 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Localizer.dll (139 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\rtl160.bpl (146 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\SettingsHelper.dll (282 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\AxComponentsRTL.bpl (48 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.Site.dll (48 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.Routine.dll (8048 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\GASender.exe (800 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\GoogleAnalyticsHelper.dll (9862 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\CommonForms.dll (8221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\DiskDefrag.exe (19010 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Lang\ENU.lng (4820 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\RarSFX0\DiskDefrag\Data\main.ini (51 bytes)

  4. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Average: 2 (1 vote)


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2024 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now