Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmanager.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmer.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sol.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cprocess.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iknowps.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regalyzer.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TOTALCMD.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Power Remover.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinXPtweaks.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Integrator.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\O.A.S-AV RC04.EXE] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV.EXE] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysmechanic.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb6.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\process.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVBKiller.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Tweak-x2002.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peid.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\instal.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DTaskManager.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killvb.scr] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killvb.bat] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamtray.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgamsvr.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwb.dat] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\7zfm.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RTPSvc.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killvb.cmd] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killvb.vbs] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killvb.com] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\promo.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\X-ClamWin.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Starter.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Startup Manager.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OpenedFilesView.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Advanced Regedit.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegSeeker.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccApp.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcb.exe] 'debugger' = '%WINDIR%\syskeys.com'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delphi32.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\strun.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SystemRestore.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Simple Machine Protect.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kill.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winzip.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winrar.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Classes\txtfile\shell\open\command] '' = '"%WINDIR%\ime\bt.x.exe" "%1" %*'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Avguard.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-RTP.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killvb.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\viremoval.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PCMAV-CLN.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Classes\regfile\shell\open\command] '' = '"%WINDIR%\ime\bt.x.exe" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\cmdfile\shell\open\command] '' = '"%WINDIR%\Systems.com" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\scrfile\shell\open\command] '' = '"%WINDIR%\Systems.com" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\lnkfile\shell\open\command] '' = '"<SYSTEM32>\4st4rg4tE.exe" "%1" %*'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '<SYSTEM32>\shell.scr'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'rundll32' = '%WINDIR%\Systems.com'
- [<HKLM>\SOFTWARE\Classes\rarfile\shell\open\command] '' = '"%WINDIR%\Systems.com" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\inffile\shell\open\command] '' = '"<SYSTEM32>\4st4rg4tE.exe" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\VBSFile\Shell\Open\Command] '' = '"<SYSTEM32>\load .exe" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\inifile\shell\open\command] '' = '"<SYSTEM32>\load .exe" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\piffile\shell\open\command] '' = '"<SYSTEM32>\shell.scr" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\batfile\shell\open\command] '' = '"<SYSTEM32>\foto. .exe" "%1" %*'
- [<HKLM>\SOFTWARE\Classes\comfile\shell\open\command] '' = '"<SYSTEM32>\4st4rg4tE.exe" "%1" %*'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DiskCleaner.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMLauncher.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessManager.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\command.com] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TUNEUP.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NVC.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.exe] 'debugger' = 'notepad'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SYSTUNER.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANSAV32.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvccf.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcoas.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcod.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintoolspro.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nipsvc.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Niu.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\URemovalCRC32.exe] 'debugger' = '%WINDIR%\Resources\themes\BT.X.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CClaw.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Njeeves.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nip.exe] 'debugger' = '%WINDIR%\ime\bt.x.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\desktop.ini .exe
- <Drive name for removable media>:\Documents. .exe
- <Drive name for removable media>:\DCIM..exe
- <Drive name for removable media>:\Autorun.inf
- hidden files
- file extensions
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- System Restore (SR)
- avgcc.exe
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'DisallowRun' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFind' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoRun' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- %WINDIR%\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_b50667e9\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\win.ini .exe
- %WINDIR%\vbaddin.ini .exe
- %WINDIR%\vb.ini .exe
- %WINDIR%\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\Desktop.ini .exe
- %WINDIR%\desktop.ini .exe
- %WINDIR%\control.ini .exe
- C:\RECYCLER\S-1-5-21-2052111302-484763869-725345543-1003\desktop.ini .exe
- %WINDIR%\system.ini .exe
- %WINDIR%\ODBCINST.INI .exe
- %WINDIR%\msdfmap.ini .exe
- %WINDIR%\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5917eb5b\__AssemblyInfo__.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1031.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1030.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1029.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1036.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1035.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1032.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_TransactionBridgePerfCounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_SMSvcHostPerfCounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelServicePerfCounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1028.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1025.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\PerfCounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1046.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1045.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1044.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1055.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1053.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1049.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1040.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1038.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1037.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1043.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1042.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\locdata.1041.ini .exe
- %WINDIR%\Fonts\desktop.ini .exe
- %WINDIR%\Driver Cache\i386\mxdwdui.ini .exe
- %WINDIR%\Downloaded Program Files\desktop.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\corperfmonsymbols.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_perf2.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\aspnet_perf.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c34133cb\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_cd264933\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_27b9fd4f\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_f236c56a\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_353815cd\__AssemblyInfo__.ini .exe
- %WINDIR%\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_7cac80ba\__AssemblyInfo__.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_dataperfcounters_shared12_neutral.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_DataPerfCounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_DataOracleClientPerfCounters_shared12_neutral.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelOperationPerfCounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\_ServiceModelEndpointPerfCounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\_Networkingperfcounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\_Networkingperfcounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v1.1.4322\_dataperfcounters.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\corperfmonsymbols.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_state_perf.ini .exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\aspnet_perf2.ini .exe
- C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\History\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Administrative Tools\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\System Tools\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Entertainment\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\desktop.ini .exe
- C:\Documents and Settings\Default User\Application Data\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Games\desktop.ini .exe
- C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini .exe
- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini .exe
- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\desktop.ini .exe
- C:\Documents and Settings\LocalService\ntuser.ini .exe
- C:\Documents and Settings\Default User\SendTo\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\desktop.ini .exe
- C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\desktop.ini .exe
- C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini .exe
- C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini .exe
- C:\Documents and Settings\Default User\Start Menu\desktop.ini .exe
- C:\DCIM..exe
- C:\Autorun.inf
- %WINDIR%\Systems.com
- %ALLUSERSPROFILE%\Application Data\desktop.ini .exe
- C:\boot.ini .exe
- C:\Documents. .exe
- <SYSTEM32>\foto. .exe
- <SYSTEM32>\4st4rg4tE.exe
- %WINDIR%\st4rg4tE.exe
- <SYSTEM32>\shell.scr
- <SYSTEM32>\load .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\desktop.ini .exe
- %ALLUSERSPROFILE%\Documents\My Videos\Desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Communications\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\Accessibility\desktop.ini .exe
- %ALLUSERSPROFILE%\Start Menu\Programs\Accessories\desktop.ini .exe
- %ALLUSERSPROFILE%\Documents\My Music\Desktop.ini .exe
- %ALLUSERSPROFILE%\Documents\desktop.ini .exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Network\Connections\Pbk\sharedaccess.ini .exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Sample Pictures\desktop.ini .exe
- %ALLUSERSPROFILE%\Documents\My Pictures\Desktop.ini .exe
- %ALLUSERSPROFILE%\Documents\My Music\Sample Music\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini .exe
- %HOMEPATH%\My Documents\desktop.ini .exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\desktop.ini .exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\desktop.ini .exe
- %HOMEPATH%\Recent\Desktop.ini .exe
- %HOMEPATH%\My Documents\My Pictures\Desktop.ini .exe
- %HOMEPATH%\My Documents\My Music\Desktop.ini .exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\desktop.ini .exe
- %HOMEPATH%\Local Settings\History\History.IE5\desktop.ini .exe
- %HOMEPATH%\Local Settings\History\desktop.ini .exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\desktop.ini .exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\desktop.ini .exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
- %PROGRAM_FILES%\FireFox\crashreporter-override.ini .exe
- %PROGRAM_FILES%\FireFox\application.ini .exe
- C:\Far2\Plugins\7-Zip\7zToFar.ini .exe
- %PROGRAM_FILES%\FireFox\updater.ini .exe
- %PROGRAM_FILES%\FireFox\platform.ini .exe
- %PROGRAM_FILES%\FireFox\crashreporter.ini .exe
- %HOMEPATH%\Start Menu\Programs\desktop.ini .exe
- %HOMEPATH%\Start Menu\desktop.ini .exe
- %HOMEPATH%\SendTo\desktop.ini .exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Entertainment\desktop.ini .exe
- %HOMEPATH%\Start Menu\Programs\Accessories\Accessibility\desktop.ini .exe
- %HOMEPATH%\Start Menu\Programs\Accessories\desktop.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\desktop.ini .exe
- C:\Documents and Settings\NetworkService\ntuser.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BGGTYMH1\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MOE00UY1\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LBMMC3H3\desktop.ini .exe
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CJCTQ25G\desktop.ini .exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\compatibility.ini .exe
- %APPDATA%\Mozilla\Firefox\profiles.ini .exe
- %APPDATA%\Microsoft\Internet Explorer\Quick Launch\desktop.ini .exe
- %HOMEPATH%\Local Settings\desktop.ini .exe
- %HOMEPATH%\Favorites\Desktop.ini .exe
- %APPDATA%\Mozilla\Firefox\Profiles\cwdgt0y8.default\extensions.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\desktop.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\desktop.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\desktop.ini .exe
- %APPDATA%\desktop.ini .exe
- %HOMEPATH%\ntuser.ini .exe
- C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\desktop.ini .exe
- C:\DCIM..exe
- C:\Autorun.inf
- <Drive name for removable media>:\DCIM..exe
- <Drive name for removable media>:\Autorun.inf
- <SYSTEM32>\load .exe
- <SYSTEM32>\4st4rg4tE.exe
- %WINDIR%\st4rg4tE.exe
- <SYSTEM32>\shell.scr
- ClassName: '' WindowName: 'Process'
- ClassName: '' WindowName: 'Anti Virus'
- ClassName: '' WindowName: 'system'
- ClassName: '' WindowName: 'Run As'
- ClassName: '' WindowName: 'Open With'
- ClassName: '' WindowName: 'kill'
- ClassName: '' WindowName: 'system32'
- ClassName: '' WindowName: 'Folder Options'
- ClassName: '' WindowName: 'Yayat Anti Virus'
- ClassName: '' WindowName: 'PCMAV Advanced Options'
- ClassName: '' WindowName: 'ime'
- ClassName: '' WindowName: 'Local Settings'
- ClassName: '' WindowName: 'Registry Editor'