Техническая информация
- [<HKLM>\SOFTWARE\Classes\pcA.HostHistoryLogFile\shell\open\command] '' = 'notepad.exe "%1"'
- [<HKLM>\SOFTWARE\Classes\pcA.RemoteHistoryLogFile\shell\open\command] '' = 'notepad.exe "%1"'
- [<HKLM>\SOFTWARE\Classes\pcA.PcaOptionFile\shell\open\command] '' = '%PROGRAM_FILES%\Symantec\pcAnywhere\winaw32.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify] 'Startup' = 'WLEventStartup'
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify] 'DllName' = 'PCANotify.dll'
- [<HKLM>\SOFTWARE\Classes\pcA.HostSessionLogFile\shell\open\command] '' = 'notepad.exe "%1"'
- [<HKLM>\SOFTWARE\Classes\pcA.pcAInviteFile\shell\Open\command] '' = '"%PROGRAM_FILES%\Symantec\pcAnywhere\AwInvite.exe" "%1"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] '_Sym_MI_' = '"<Полный путь к вирусу>" /z /nosp'
- [<HKLM>\SOFTWARE\Classes\pcA.RemoteCtrlFile\shell\open\command] '' = '%PROGRAM_FILES%\Symantec\pcAnywhere\awrem32.exe "%1"'
- [<HKLM>\SOFTWARE\Classes\pcA.RemoteSessionLogFile\shell\open\command] '' = 'notepad.exe "%1"'
- [<HKLM>\SOFTWARE\Classes\pcA.pcAnywhereLogFile\shell\open\command] '' = 'notepad.exe "%1"'
- [<HKLM>\SYSTEM\ControlSet001\Services\awecho] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\AW_HOST] 'ImagePath' = 'system32\drivers\aw_host5.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\awlegacy] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\Gernuwa] 'Start' = '00000000'
- [<HKLM>\SYSTEM\ControlSet001\Services\AW_HOST] 'Start' = '00000001'
- [<HKLM>\SYSTEM\ControlSet001\Services\awecho] 'ImagePath' = 'system32\drivers\awechomd.sys'
- '%CommonProgramFiles%\Symantec Shared\LiveReg\IraLrShl.exe' /REGSERVER
- '%TEMP%\pft1A.tmp\VcSetup.exe' -q /INSTALL
- '%WINDIR%\Installer\MSI19.tmp' -s -a -q
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\nsldapauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\pcaauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\ndsauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\ldapauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\windowsauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\WinNTAuth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\SecureID_Auth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\novell_ldapauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\adsauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\awxfer.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\localeng.dll"
- '<SYSTEM32>\msiexec.exe' /V
- '<SYSTEM32>\msiexec.exe' -Embedding BAD05447C11C42C920D0B666FCAA38A5
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\ftstatus.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\httpauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\httpsauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\bindauth.dll"
- '<SYSTEM32>\regsvr32.exe' /s "%PROGRAM_FILES%\Symantec\pcAnywhere\ftpauth.dll"
- %PROGRAM_FILES%\Symantec\pcAnywhere\pcanylog.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\winawsvrResources.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\winawsvr.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\awlog32.dll
- <SYSTEM32>\atl70.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\snmputil.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\libsnmp.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\aw32tcp.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\aw32ser.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\aw32prn.dll
- <DRIVERS>\GERNUWA.sys
- %PROGRAM_FILES%\Symantec\pcAnywhere\aw32capi.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\aw32spx.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\aw32nb.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ISDNTB32.DLL
- %WINDIR%\Installer\$PatchCache$\Managed\38181021A6683D1179FD00008F8D2F9E\12.0.2\Global_System_OLEAUT32_f3.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
- %WINDIR%\Installer\$PatchCache$\Managed\38181021A6683D1179FD00008F8D2F9E\12.0.2\Global_System_OLEAUT32_f2.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
- %WINDIR%\Installer\$PatchCache$\Managed\38181021A6683D1179FD00008F8D2F9E\12.0.2\Global_System_STDOLE_f1.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\ARPPRODUCTICON.exe
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\BeHostFile.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\pcAScreenFile.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\_251AC6AA_CBAD_43F2_B583_EB7A23989C72
- %WINDIR%\Installer\$PatchCache$\Managed\38181021A6683D1179FD00008F8D2F9E\12.0.2\Global_System_OLEPRO32_f0.8C0C59A0_7DC8_11D2_B95D_006097C4DE24
- <SYSTEM32>\mfc70.dll
- <SYSTEM32>\mfc70u.dll
- <SYSTEM32>\msvci70.dll
- <SYSTEM32>\msvcp70.dll
- %WINDIR%\Installer\$PatchCache$\Managed\38181021A6683D1179FD00008F8D2F9E\12.0.2\Global_VC_CRT_f0.51D569E0_8A28_11D2_B962_006097C4DE24
- %WINDIR%\Installer\$PatchCache$\Managed\38181021A6683D1179FD00008F8D2F9E\12.0.2\Global_VC_CPPRT60_f0.51D569E3_8A28_11D2_B962_006097C4DE24
- %WINDIR%\Installer\$PatchCache$\Managed\38181021A6683D1179FD00008F8D2F9E\12.0.2\Global_Controls_COMCATDLL_f0.3207D1B0_80E5_11D2_B95D_006097C4DE24
- <DRIVERS>\AWLEGACY.sys
- %PROGRAM_FILES%\Symantec\pcAnywhere\plc3.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\nsldapssl32v41.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\nspr3.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\pcAauth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\nssl.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\novell_ldapauth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\bindauth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\plds3.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\SystemStateServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\EditFileServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\InstalledAppsServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ftpauth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\nsldapauth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\HTTPAuth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\HTTPSAuth.dll
- <DRIVERS>\AW_HOST5.sys
- <SYSTEM32>\PCANotify.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\SecureID_Auth.dll
- <DRIVERS>\awechomd.sys
- <SYSTEM32>\awmon.dll
- <SYSTEM32>\awddi5.dll
- <SYSTEM32>\awechodd.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\adsauth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\LDAPSDK.DLL
- %PROGRAM_FILES%\Symantec\pcAnywhere\LDAPSSL.DLL
- %PROGRAM_FILES%\Symantec\pcAnywhere\LDAPX.DLL
- %PROGRAM_FILES%\Symantec\pcAnywhere\ndsauth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\WinNTAuth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\WindowsAuth.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ldapauth.dll
- %CommonProgramFiles%\Symantec Shared\IraLsClt.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\iraLSCl2.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\IraLrShl.exe
- %CommonProgramFiles%\Symantec Shared\LiveReg\iraLSUI.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\LRCtrl.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\IraVcObj.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\IraVcLc3.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\iraDefA2.dll
- %TEMP%\pft1A.tmp\LRCtrl.dll
- %TEMP%\pft1A.tmp\symcsub.exe
- %TEMP%\pft1A.tmp\LSPlugin.dll
- %TEMP%\pft1A.tmp\LRRes.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\Defaults.liveReg
- %TEMP%\LSInstall.log
- %TEMP%\pft1A.tmp\VcCleanUp.exe
- %APPDATA%\Symantec\Shared\Options.VcPref
- %CommonProgramFiles%\Symantec Shared\LiveReg\Watermrk.gif
- %CommonProgramFiles%\Symantec Shared\LiveReg\VcSetup.exe
- %WINDIR%\Installer\MSI1B.tmp
- %WINDIR%\Installer\MSI1E.tmp
- %WINDIR%\Installer\MSI1D.tmp
- %WINDIR%\Installer\MSI1C.tmp
- %CommonProgramFiles%\Symantec Shared\LiveReg\VcResEN.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\LRWebWnd.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\LrResEN.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\LRRes.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\LSCtrl.dll
- %CommonProgramFiles%\Symantec Shared\LiveReg\VcCleanUp.exe
- %CommonProgramFiles%\Symantec Shared\LiveReg\symcsub.exe
- %CommonProgramFiles%\Symantec Shared\LiveReg\LSPlugin.dll
- %TEMP%\pft1A.tmp\LSCtrl.dll
- %WINDIR%\Installer\MSI17.tmp
- %WINDIR%\Installer\MSI16.tmp
- %WINDIR%\Installer\MSI15.tmp
- %WINDIR%\Installer\MSI18.tmp
- %TEMP%\pft1A.tmp\iraDefA2.dll
- %TEMP%\pft1A.tmp\pftw1.pkg
- %WINDIR%\Installer\MSI19.tmp
- %WINDIR%\Installer\MSI14.tmp
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\pcACommandQueFile.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\pcAInviteFile.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\RemoteCtrlFile.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\CallerFile.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\HostAdminSnapIn.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\pcAThinHostConfigFile.ico
- %WINDIR%\Installer\{12018183-866A-11D3-97DF-0000F8D8F2E9}\pcASidFile.ico
- %TEMP%\pft1A.tmp\Watermrk.gif
- %TEMP%\pft1A.tmp\VcSetup.exe
- %TEMP%\pft1A.tmp\VcResEN.dll
- %TEMP%\pft1A.tmp\IraLsClt.dll
- %TEMP%\pft1A.tmp\LAResEN.dll
- %TEMP%\pft1A.tmp\Advisor.exe
- %TEMP%\pft1A.tmp\ShFolder.dll
- %TEMP%\pft1A.tmp\LrResEN.dll
- %TEMP%\pft1A.tmp\iraLSCl2.dll
- %TEMP%\pft1A.tmp\IraLrShl.exe
- %TEMP%\pft1A.tmp\Defaults.liveReg
- %TEMP%\pft1A.tmp\iraLSUI.dll
- %TEMP%\pft1A.tmp\LRWebWnd.dll
- %TEMP%\pft1A.tmp\IraVcObj.dll
- %TEMP%\pft1A.tmp\IraVcLc3.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\iscustom.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\PowerMgr.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\S32PCAG.DLL
- %PROGRAM_FILES%\Symantec\pcAnywhere\IntgStat.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\awofrwrk.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awtime32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\InstData.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\pca.product
- %PROGRAM_FILES%\Symantec\pcAnywhere\README.TXT
- %PROGRAM_FILES%\Symantec\pcAnywhere\setdefaultproviderresources.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\SetDefaultProvider.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\LicensePCA.txt
- %PROGRAM_FILES%\Symantec\pcAnywhere\AwioResources.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\SWISH.WAV
- %PROGRAM_FILES%\Symantec\pcAnywhere\SWOOSH.WAV
- %PROGRAM_FILES%\Symantec\pcAnywhere\CMS\admin11.chf
- %PROGRAM_FILES%\Symantec\pcAnywhere\CMS\admin.bhf
- %PROGRAM_FILES%\Symantec\pcAnywhere\DbgHelp.Dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\CMS\admin12.chf
- %PROGRAM_FILES%\Symantec\pcAnywhere\pcAnywhere.chm
- %PROGRAM_FILES%\Symantec\pcAnywhere\pca_HAT.chm
- %PROGRAM_FILES%\Symantec\pcAnywhere\CMS\pca_trap.mib
- %PROGRAM_FILES%\Symantec\pcAnywhere\DefaultConfig.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awcfgmgr.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awgui32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awio.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\Util.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ijl20.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\EULA.rtf
- %PROGRAM_FILES%\Symantec\pcAnywhere\Anywhere.Bin
- %PROGRAM_FILES%\Symantec\pcAnywhere\PCACMNDG.dll
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSI3.tmp
- %TEMP%\~SMIDDE7\HDSL_Host_SID_IP_CET_THD.msi\PkgClnup.log
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI8.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSI6.tmp
- %TEMP%\~SMIDDE7\HDSL_Host_SID_IP_CET_THD.msi\SerialID.sid
- %TEMP%\~SMIDDE7\sp_inopt.ini
- %TEMP%\~SMIDDE7\HDSL_Host_SID_IP_CET_THD.msi\sp_sfxtp.tmp
- %TEMP%\<Имя вируса>-201408222337510671.log
- %WINDIR%\Installer\1f1bd.msi
- %TEMP%\~SMIDDE7\HDSL_Host_SID_IP_CET_THD.msi\Default\Option Sets\DSL.OPT
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI1.tmp
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\Hosts\HDSL_GRUPPO_CET.BHF
- %WINDIR%\Installer\MSI11.tmp
- %WINDIR%\Installer\MSI10.tmp
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\Hosts\HDSL_GRUPPO_THD.BHF
- C:\Config.Msi\1f1c0.rbs
- %WINDIR%\Installer\MSI12.tmp
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\Hosts\PCA.dummy.CIF
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSI9.tmp
- %WINDIR%\Installer\MSIC.tmp
- %WINDIR%\Installer\MSIF.tmp
- %WINDIR%\Installer\MSIE.tmp
- %WINDIR%\Installer\MSID.tmp
- %PROGRAM_FILES%\Symantec\pcAnywhere\AwInvite.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\awres-host.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awhost32.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\awdsp32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awhk32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awhlogon.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awhpilot.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\SymCrypt.edc
- %PROGRAM_FILES%\Symantec\pcAnywhere\CryptoAddressBook.reg
- %PROGRAM_FILES%\Symantec\pcAnywhere\IMPLODE.DLL
- %PROGRAM_FILES%\Symantec\pcAnywhere\awconn32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\crypshim.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\SymCrypt.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\CryptoIE.reg
- %PROGRAM_FILES%\Symantec\pcAnywhere\CryptoFile.reg
- %PROGRAM_FILES%\Symantec\pcAnywhere\TaskAppServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\EventServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\RMcommServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ProcessServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ServicesServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\RegistryServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\CmdPromptServer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\TrayIcon.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\AwHxPrb.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\AwHProbeDll.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awhseq.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\stophost.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\AwHProbe.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\awhutil.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\slaunch.exe
- %PROGRAM_FILES%\Symantec\pcAnywhere\awds32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\RMClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\LocalEng.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\crypto.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\RMComm.dll
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\PCAExclusionCommands.lst
- %PROGRAM_FILES%\Symantec\pcAnywhere\CmdPromptClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\DevPCA.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\loadtapi.dll
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\Citempl.cif
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\Bhtempl.bhf
- %CommonProgramFiles%\Symantec Shared\ehandres.dll
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\Chtempl.chf
- %PROGRAM_FILES%\Symantec\pcAnywhere\awcp.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\DSMgr.dll
- %ALLUSERSPROFILE%\Application Data\Symantec\pcAnywhere\opttempl.opt
- %PROGRAM_FILES%\Symantec\pcAnywhere\FTStatusResources.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\FTStatus.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awxfer.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awchat.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\pcaime.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awses32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\awcm32.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ProcessClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\InstalledAppsClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\EventClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\EditFileClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\RegistryClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\TaskAppClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\ServicesClient.dll
- %PROGRAM_FILES%\Symantec\pcAnywhere\SystemStateClient.dll
- %TEMP%\pft1A.tmp\LRRes.dll
- %TEMP%\pft1A.tmp\LRCtrl.dll
- %TEMP%\pft1A.tmp\IraVcObj.dll
- %TEMP%\pft1A.tmp\LSCtrl.dll
- %TEMP%\pft1A.tmp\LRWebWnd.dll
- %TEMP%\pft1A.tmp\LrResEN.dll
- %TEMP%\pft1A.tmp\iraLSCl2.dll
- %TEMP%\pft1A.tmp\IraLrShl.exe
- %TEMP%\pft1A.tmp\iraDefA2.dll
- %TEMP%\pft1A.tmp\IraVcLc3.dll
- %TEMP%\pft1A.tmp\iraLSUI.dll
- %TEMP%\pft1A.tmp\IraLsClt.dll
- %TEMP%\pft1A.tmp\LSPlugin.dll
- %WINDIR%\Installer\MSI19.tmp
- %TEMP%\pft1A.tmp\VcSetup.exe
- %TEMP%\pft1A.tmp\LAResEN.dll
- %WINDIR%\Installer\MSI1D.tmp
- %WINDIR%\Installer\MSI1C.tmp
- %WINDIR%\Installer\MSI1B.tmp
- %TEMP%\pft1A.tmp\VcCleanUp.exe
- %TEMP%\pft1A.tmp\symcsub.exe
- %TEMP%\pft1A.tmp\ShFolder.dll
- %TEMP%\pft1A.tmp\Advisor.exe
- %TEMP%\pft1A.tmp\Watermrk.gif
- %TEMP%\pft1A.tmp\VcResEN.dll
- %WINDIR%\Installer\MSI9.tmp
- %WINDIR%\Installer\MSI8.tmp
- %WINDIR%\Installer\MSI7.tmp
- %WINDIR%\Installer\MSIC.tmp
- %WINDIR%\Installer\MSIB.tmp
- %WINDIR%\Installer\MSIA.tmp
- %WINDIR%\Installer\MSI3.tmp
- %WINDIR%\Installer\MSI2.tmp
- %WINDIR%\Installer\MSI1.tmp
- %WINDIR%\Installer\MSI6.tmp
- %WINDIR%\Installer\MSI5.tmp
- %WINDIR%\Installer\MSI4.tmp
- %WINDIR%\Installer\MSID.tmp
- %WINDIR%\Installer\MSI17.tmp
- %WINDIR%\Installer\MSI16.tmp
- %WINDIR%\Installer\MSI15.tmp
- %TEMP%\pft1A.tmp\Defaults.liveReg
- %TEMP%\pft1A.tmp\pftw1.pkg
- %WINDIR%\Installer\MSI18.tmp
- %WINDIR%\Installer\MSI10.tmp
- %WINDIR%\Installer\MSIF.tmp
- %WINDIR%\Installer\MSIE.tmp
- %WINDIR%\Installer\MSI14.tmp
- %WINDIR%\REGLOCS.OLD
- %WINDIR%\Installer\MSI11.tmp
- %TEMP%\~SMIDDE7\HDSL_Host_SID_IP_CET_THD.msi\sp_sfxtp.tmp в %TEMP%\~SMIDDE7\HDSL_Host_SID_IP_CET_THD.msi\HDSL_Host_SID_IP_CET_THD.msi
- ClassName: 'Symantec NAMApp Class' WindowName: ''
- ClassName: 'LiveAdvisor_Window' WindowName: ''
- ClassName: 'MsiDialogCloseClass' WindowName: ''
- ClassName: 'SYMIntegratorWnd' WindowName: ''