Technical Information
- %WINDIR%\Tasks\RegClean Pro_UPDATES.job
- '%PROGRAM_FILES%\RCP\RegCleanPro.exe'
- '%TEMP%\is-NJKCG.tmp\<Virus name>.tmp' /SL5="$30100,3334541,163328,<Full path to virus>"
- '<SYSTEM32>\regsvr32.exe' /s "<SYSTEM32>\jscript.dll"
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Tick_gray[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\arrow[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\award[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info_bg_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\scanprog3[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\scanprog2[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\scanprog1[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\alluser_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Select_catag_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\info_bg_right[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\currentuser_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Tick_green[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_level_6[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Home_alert[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\enterkey_left[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Footer_award[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\money_back[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\enterkey_right[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_blue_right_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_blue_left_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\optimize_registry_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\middle_nonaction_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\scanprog5[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\scanprog4[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\middle_nonaction_h[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Gradiant_box[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\info_box_red[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\middle_nonaction_d[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\info[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7D.tmp
- <APATH_DUMPS_DIR>_net\CmdDotNetDumper.log
- %HOMEPATH%\Downloads\afterinstall.asp:Zone.Identifier
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE5A.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F14C.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F060.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFB3.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %HOMEPATH%\Downloads\en:Zone.Identifier
- %TEMP%\etilqs_zMOARFD86q33JRc
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000002
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Small_level_6[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\ALERT_SQUARE[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\animatedcollapse[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\tick_list[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\info_bg_left[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Big_level_1[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Last_Scan_icon[1]
- %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\6C2TI9WJI8973BMX9J0V.temp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2D6.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F20A.tmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\FB6F.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\ss_driverUpdater[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_downloadNow[1]
- <Auxiliary element>
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Fix_errors_n_right[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Fix_errors_n_left[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Alert_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Red_strip[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\close_arrow[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\All_User[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_bgnew[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\downloadNow_btn[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\banner1[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\tickaso[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\downloadNow_btn[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\banner1[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\plus[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\errorResultWindow[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Total_errros_bg[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_fixerror_n_right[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\btn_bgnew[1]
- %TEMP%\etilqs_QokCkVw4rmkSOBy
- <SYSTEM32>\Tasks\RegClean Pro_UPDATES
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Gray_btn_Normal[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_level_1[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Small_level_6[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Heading-BG[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Com_Active[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Small_fixerror_n_left[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Startup[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Current_user[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Alldivs[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Fix_errors_h_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Fix_errors_n_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Current_user_Small_dis[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Fix_errors_d_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Small_fixerror_d_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Small_fixerror_h_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_fixerror_n_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\right_nonaction_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\left_nonaction_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Last_Scan_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Com_Active_Small_dis[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\blank[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\All_User_Small_dis[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\com_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\partition_light_line[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Heading-BG[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\startup_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Startup_Small_dis[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\right_green_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\left_green_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\plus[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\tickaso[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\INFO_alert[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\thank_award[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_bg[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\enterkey_middle[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Button_black_bg[1]
- %PROGRAM_FILES%\RCP\is-QUUE4.tmp
- %PROGRAM_FILES%\RCP\is-1Q7Q4.tmp
- %PROGRAM_FILES%\RCP\is-P1LJ6.tmp
- %PROGRAM_FILES%\RCP\is-S1189.tmp
- %PROGRAM_FILES%\RCP\is-VRUV3.tmp
- %PROGRAM_FILES%\RCP\is-Q830U.tmp
- %PROGRAM_FILES%\RCP\is-TUFQB.tmp
- %PROGRAM_FILES%\RCP\is-SICPH.tmp
- %PROGRAM_FILES%\RCP\is-DKAIP.tmp
- %PROGRAM_FILES%\RCP\is-MKNNF.tmp
- %PROGRAM_FILES%\RCP\is-PFJIJ.tmp
- %PROGRAM_FILES%\RCP\is-1BHEL.tmp
- %PROGRAM_FILES%\RCP\is-U9K1J.tmp
- %PROGRAM_FILES%\RCP\is-C3847.tmp
- %PROGRAM_FILES%\RCP\is-041IP.tmp
- %PROGRAM_FILES%\RCP\is-AN0LP.tmp
- %PROGRAM_FILES%\RCP\is-F9FDD.tmp
- %PROGRAM_FILES%\RCP\is-QF345.tmp
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Uninstall RegClean Pro.lnk
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
- %PROGRAM_FILES%\RCP\is-SCT4C.tmp
- %PROGRAM_FILES%\RCP\is-HP4GR.tmp
- %PROGRAM_FILES%\RCP\is-1NU86.tmp
- %PROGRAM_FILES%\RCP\is-R4UF9.tmp
- %PROGRAM_FILES%\RCP\is-7TEK6.tmp
- %PROGRAM_FILES%\RCP\is-9O0JD.tmp
- %PROGRAM_FILES%\RCP\is-8OCK3.tmp
- %PROGRAM_FILES%\RCP\is-UEC3R.tmp
- %PROGRAM_FILES%\RCP\is-USD9G.tmp
- %PROGRAM_FILES%\RCP\is-HFN78.tmp
- %PROGRAM_FILES%\RCP\is-4PBFL.tmp
- %PROGRAM_FILES%\RCP\is-J0CHU.tmp
- %PROGRAM_FILES%\RCP\is-SBJGQ.tmp
- %PROGRAM_FILES%\RCP\is-84OO4.tmp
- %PROGRAM_FILES%\RCP\is-FG5EE.tmp
- %TEMP%\is-RVHRM.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-RVHRM.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-NJKCG.tmp\<Virus name>.tmp
- %PROGRAM_FILES%\RCP\is-FAHP5.tmp
- %PROGRAM_FILES%\RCP\is-UU27J.tmp
- %PROGRAM_FILES%\RCP\is-ST2GR.tmp
- %PROGRAM_FILES%\RCP\is-HRFFN.tmp
- %PROGRAM_FILES%\RCP\is-JUJ9R.tmp
- %PROGRAM_FILES%\RCP\is-2T3N7.tmp
- %PROGRAM_FILES%\RCP\is-5TJEB.tmp
- %PROGRAM_FILES%\RCP\is-I8066.tmp
- %PROGRAM_FILES%\RCP\is-RR5B6.tmp
- %PROGRAM_FILES%\RCP\is-T2AET.tmp
- %PROGRAM_FILES%\RCP\is-983G3.tmp
- %PROGRAM_FILES%\RCP\is-LBJV2.tmp
- %PROGRAM_FILES%\RCP\is-9IQR7.tmp
- %PROGRAM_FILES%\RCP\is-4T4LG.tmp
- %PROGRAM_FILES%\RCP\is-RKCMH.tmp
- %PROGRAM_FILES%\RCP\is-8A9CR.tmp
- %PROGRAM_FILES%\RCP\is-926VP.tmp
- %PROGRAM_FILES%\RCP\is-NCO11.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Purchase_now_down[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Purchase_now_hover[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Purchase_now_normal[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\texts[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_registryScan_hover[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\btn_registryScan_normal[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\tick_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\jquery[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\alttxt[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Gray_down[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Gray_hover[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Gray_normal[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\8D8F.tmp
- %TEMP%\etilqs_O0HnBGGdJwY5TIj
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\arrow_icon[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\History Provider Cache
- %TEMP%\etilqs_nRFzSvysw0rNh7i
- %HOMEPATH%\Downloads\B55B.tmp
- %HOMEPATH%\Downloads\AAFE.tmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\btn_Upgrade_full_version_hover[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\btn_Upgrade_full_version_normal[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_registryScan_down[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_Upgrade_full_version_down[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\middle_green_d[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\middle_green_h[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\middle_green_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\btn_blue_middle_d[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\446[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\444[1]
- %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-05-2014.log
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\445[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\448[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\447[1]
- <SYSTEM32>\Tasks\RegClean Pro
- %PROGRAM_FILES%\RCP\unins000.dat
- %PROGRAM_FILES%\RCP\unins000.msg
- C:\Users\Public\Desktop\RegClean Pro.lnk
- %TEMP%\is-RVHRM.tmp\roboot.exe
- %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin
- %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin
- <SYSTEM32>\roboot.exe
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\RCP[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\LOG
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\alttxt[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_blue_middle_h[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\btn_blue_middle_n[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\RCP[1]
- %APPDATA%\Roaming\Systweak\RegClean Pro\Version 6.1\eng_rcp.dat
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\440[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\441[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\alttxt[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000002
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\alttxt[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp~RF6f324.TMP
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\Last_Scan_icon[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\Small_level_6[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp~RF6f102.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp~RF6f018.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp~RF6f2a7.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp~RF6f1bd.TMP
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\Heading-BG[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\info[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\btn_bgnew[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\Small_level_6[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\plus[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\23BUYPX5\tickaso[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\downloadNow_btn[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\banner1[1]
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF564bb.TMP
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\YIF7DGLM\RCP[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\alttxt[1]
- %TEMP%\is-RVHRM.tmp\_isetup\_iscrypt.dll
- %TEMP%\is-RVHRM.tmp\roboot.exe
- %TEMP%\is-NJKCG.tmp\<Virus name>.tmp
- %TEMP%\is-RVHRM.tmp\_isetup\_shfoldr.dll
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\MANIFEST-000001
- %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF6a553.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp~RF6ef3e.TMP
- %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp~RF6ede6.TMP
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U23MFC9\RCP[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\alttxt[1]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[2]
- <LS_APPDATA>\Microsoft\Windows\Temporary Internet Files\Content.IE5\UEWNTWLX\RCP[1]
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT
- from %PROGRAM_FILES%\RCP\is-041IP.tmp to %PROGRAM_FILES%\RCP\xmllite.dll
- from %PROGRAM_FILES%\RCP\is-QF345.tmp to %PROGRAM_FILES%\RCP\TPS.ico
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension Rules\CURRENT~RF564bb.TMP
- from %HOMEPATH%\Downloads\B55B.tmp to %HOMEPATH%\Downloads\afterinstall.asp.opdownload
- from %HOMEPATH%\Downloads\en.opdownload to %HOMEPATH%\Downloads\en
- from %APPDATA%\Roaming\Opera Software\Opera Stable\8D8F.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Preferences
- from %HOMEPATH%\Downloads\AAFE.tmp to %HOMEPATH%\Downloads\en.opdownload
- from %PROGRAM_FILES%\RCP\is-AN0LP.tmp to %PROGRAM_FILES%\RCP\Turkish_uninst_tr.ini
- from %PROGRAM_FILES%\RCP\is-HP4GR.tmp to %PROGRAM_FILES%\RCP\polish_uninst_pl.ini
- from %PROGRAM_FILES%\RCP\is-SCT4C.tmp to %PROGRAM_FILES%\RCP\portugese_uninst_pt.ini
- from %PROGRAM_FILES%\RCP\is-VRUV3.tmp to %PROGRAM_FILES%\RCP\korean_uninst_ko.ini
- from %PROGRAM_FILES%\RCP\is-1NU86.tmp to %PROGRAM_FILES%\RCP\Norwegian_uninst.ini
- from %PROGRAM_FILES%\RCP\is-R4UF9.tmp to %PROGRAM_FILES%\RCP\Portuguese_uninst.ini
- from %PROGRAM_FILES%\RCP\is-7TEK6.tmp to %PROGRAM_FILES%\RCP\swedish_uninst.ini
- from %PROGRAM_FILES%\RCP\is-F9FDD.tmp to %PROGRAM_FILES%\RCP\traditionalcn_uninst_zh-tw.ini
- from %PROGRAM_FILES%\RCP\is-8OCK3.tmp to %PROGRAM_FILES%\RCP\russian_uninst_ru.ini
- from %PROGRAM_FILES%\RCP\is-9O0JD.tmp to %PROGRAM_FILES%\RCP\spanish_uninst.ini
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000001.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp~RF6f1bd.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F20A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp~RF6f102.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F14C.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F11D.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F1F9.tmp~RF6f2a7.TMP
- from %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\6C2TI9WJI8973BMX9J0V.temp to %APPDATA%\Roaming\Microsoft\Windows\Recent\CustomDestinations\8548f632abe97aa3.customDestinations-ms
- from %APPDATA%\Roaming\Opera Software\Opera Stable\FB6F.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Local State
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2D6.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F2C6.tmp~RF6f324.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F060.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\F031.tmp
- from %HOMEPATH%\Downloads\afterinstall.asp.opdownload to %HOMEPATH%\Downloads\afterinstall.asp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7D.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\000002.dbtmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT to %APPDATA%\Roaming\Opera Software\Opera Stable\Extension State\CURRENT~RF6a553.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\ED7C.tmp~RF6ede6.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFB3.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EFA2.tmp~RF6f018.TMP
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE5A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp
- from %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp to %APPDATA%\Roaming\Opera Software\Opera Stable\Jump List Icons\EE2A.tmp~RF6ef3e.TMP
- from %PROGRAM_FILES%\RCP\is-9IQR7.tmp to %PROGRAM_FILES%\RCP\German_rcp.ini
- from %PROGRAM_FILES%\RCP\is-LBJV2.tmp to %PROGRAM_FILES%\RCP\Italian_rcp.ini
- from %PROGRAM_FILES%\RCP\is-SBJGQ.tmp to %PROGRAM_FILES%\RCP\eng_rcp.ini
- from %PROGRAM_FILES%\RCP\is-4T4LG.tmp to %PROGRAM_FILES%\RCP\French_rcp.ini
- from %PROGRAM_FILES%\RCP\is-RKCMH.tmp to %PROGRAM_FILES%\RCP\Japanese_rcp.ini
- from %PROGRAM_FILES%\RCP\is-8A9CR.tmp to %PROGRAM_FILES%\RCP\Spanish_rcp.ini
- from %PROGRAM_FILES%\RCP\is-5TJEB.tmp to %PROGRAM_FILES%\RCP\Swedish_rcp.ini
- from %PROGRAM_FILES%\RCP\is-NCO11.tmp to %PROGRAM_FILES%\RCP\Norwegian_rcp.ini
- from %PROGRAM_FILES%\RCP\is-926VP.tmp to %PROGRAM_FILES%\RCP\Portuguese_rcp.ini
- from %PROGRAM_FILES%\RCP\is-84OO4.tmp to %PROGRAM_FILES%\RCP\Dutch_rcp.ini
- from %PROGRAM_FILES%\RCP\is-ST2GR.tmp to %PROGRAM_FILES%\RCP\install_left_image.bmp
- from %PROGRAM_FILES%\RCP\is-UU27J.tmp to %PROGRAM_FILES%\RCP\LicMgr.dll
- from %PROGRAM_FILES%\RCP\is-FAHP5.tmp to %PROGRAM_FILES%\RCP\unins000.exe
- from %PROGRAM_FILES%\RCP\is-HRFFN.tmp to %PROGRAM_FILES%\RCP\RegCleanPro.exe
- from %PROGRAM_FILES%\RCP\is-4PBFL.tmp to %PROGRAM_FILES%\RCP\isxdl.dll
- from %PROGRAM_FILES%\RCP\is-J0CHU.tmp to %PROGRAM_FILES%\RCP\Chinese_rcp.ini
- from %PROGRAM_FILES%\RCP\is-FG5EE.tmp to %PROGRAM_FILES%\RCP\Danish_rcp.ini
- from %PROGRAM_FILES%\RCP\is-HFN78.tmp to %PROGRAM_FILES%\RCP\CleanSchedule.exe
- from %PROGRAM_FILES%\RCP\is-USD9G.tmp to %PROGRAM_FILES%\RCP\RCPUninstall.exe
- from %PROGRAM_FILES%\RCP\is-2T3N7.tmp to %PROGRAM_FILES%\RCP\Finnish_rcp_fi.ini
- from %PROGRAM_FILES%\RCP\is-1BHEL.tmp to %PROGRAM_FILES%\RCP\eng_uninst.ini
- from %PROGRAM_FILES%\RCP\is-P1LJ6.tmp to %PROGRAM_FILES%\RCP\Finnish_uninst_fi.ini
- from %PROGRAM_FILES%\RCP\is-C3847.tmp to %PROGRAM_FILES%\RCP\Danish_uninst.ini
- from %PROGRAM_FILES%\RCP\is-U9K1J.tmp to %PROGRAM_FILES%\RCP\Dutch_uninst.ini
- from %PROGRAM_FILES%\RCP\is-1Q7Q4.tmp to %PROGRAM_FILES%\RCP\French_uninst.ini
- from %PROGRAM_FILES%\RCP\is-TUFQB.tmp to %PROGRAM_FILES%\RCP\Italian_uninst.ini
- from %PROGRAM_FILES%\RCP\is-Q830U.tmp to %PROGRAM_FILES%\RCP\Japanese_uninst.ini
- from %PROGRAM_FILES%\RCP\is-QUUE4.tmp to %PROGRAM_FILES%\RCP\German_uninst.ini
- from %PROGRAM_FILES%\RCP\is-S1189.tmp to %PROGRAM_FILES%\RCP\greek_uninst_el.ini
- from %PROGRAM_FILES%\RCP\is-PFJIJ.tmp to %PROGRAM_FILES%\RCP\Chinese_uninst.ini
- from %PROGRAM_FILES%\RCP\is-983G3.tmp to %PROGRAM_FILES%\RCP\greek_rcp_el.ini
- from %PROGRAM_FILES%\RCP\is-T2AET.tmp to %PROGRAM_FILES%\RCP\turkish_rcp_tr.ini
- from %PROGRAM_FILES%\RCP\is-JUJ9R.tmp to %PROGRAM_FILES%\RCP\portugese_rcp_pt.ini
- from %PROGRAM_FILES%\RCP\is-I8066.tmp to %PROGRAM_FILES%\RCP\russian_rcp_ru.ini
- from %PROGRAM_FILES%\RCP\is-RR5B6.tmp to %PROGRAM_FILES%\RCP\polish_rcp_pl.ini
- from %PROGRAM_FILES%\RCP\is-DKAIP.tmp to %PROGRAM_FILES%\RCP\FileList.rcp
- from %PROGRAM_FILES%\RCP\is-SICPH.tmp to %PROGRAM_FILES%\RCP\RegList.rcp
- from %PROGRAM_FILES%\RCP\is-UEC3R.tmp to %PROGRAM_FILES%\RCP\korean_rcp_ko.ini
- from %PROGRAM_FILES%\RCP\is-MKNNF.tmp to %PROGRAM_FILES%\RCP\TraditionalCn_rcp_zh-tw.ini
- '93.##8.134.11':80
- 'www.go##le.ru':80
- 'ap#.###sys.opera.com':443
- 'au######te.geo.opera.com':443
- 'i.##0.ru':80
- 'www.sy###eak.com':80
- 'www.ic#.com':80
- 'bi##.#ikimedia.org':80
- 'si#####ck2.opera.com':80
- 93.##8.134.11/favicon.ico
- www.go##le.ru/favicon.ico
- www.ic#.com/en
- www.sy###eak.com/registryCleaner/afterinstall.asp?ne###############################################################################################################################
- si#####ck2.opera.com/?ho######################################################
- si#####ck2.opera.com/?ho###############################################
- i.##0.ru/2011/icons/rambler.ico
- bi##.#ikimedia.org/favicon/wikipedia.ico
- DNS ASK sl####i.yandex.ru
- DNS ASK www.go##le.ru
- DNS ASK au######te.geo.opera.com
- DNS ASK ap#.###sys.opera.com
- DNS ASK dn#.##ftncsi.com
- DNS ASK i.##0.ru
- DNS ASK www.ic#.com
- DNS ASK www.google.com
- DNS ASK www.sy###eak.com
- DNS ASK bi##.#ikimedia.org
- DNS ASK si#####ck2.opera.com
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'Opera_MessageWindow' WindowName: '%APPDATA%\Roaming\Opera Software\Opera Stable'
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''