|
file
|
04/27 19:48:18
|
C:\Program Files\Internet Explorer\IEXPLORE.EXE
|
C:\WINDOWS\Temp\cmecy.exe
|
-
|
|
|
registry
|
04/27 19:48:18
|
C:\WINDOWS\Temp\cmecy.exe
|
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
|
-
|
|
|
registry
|
04/27 19:48:18
|
C:\WINDOWS\Temp\cmecy.exe
|
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
|
-
|
|
|
registry
|
04/27 19:48:18
|
C:\WINDOWS\Temp\cmecy.exe
|
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Templates
|
-
|
|
|
process
|
04/27 19:48:20
|
C:\WINDOWS\Temp\cmecy.exe
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Local AppData
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Templates
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DoNotAllowExceptions
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\DisableNotifications
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Start
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Microsoft\Security Center\FirewallOverride
|
-
|
|
|
registry
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
|
-
|
|
|
process
|
04/27 19:48:19
|
UNKNOWN
|
C:\WINDOWS\Temp\cmecy.exe
|
-
|
|
|
file
|
04/27 19:48:18
|
C:\WINDOWS\Temp\cmecy.exe
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
-
|
|
|
file
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\******\Local Settings\Application Data\7VJ5
|
-
|
|
|
file
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\All Users\Application Data\7VJ5
|
-
|
|
|
file
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\WINDOWS\Temp\7VJ5
|
-
|
|
|
file
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\******\Templates\7VJ5
|
-
|
|
|
file
|
04/27 19:48:19
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\WINDOWS\Temp\cmecy.exe
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\Content Type
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\DefaultIcon
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\open\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\open\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\runas\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\runas\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\start\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\start\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\Content Type
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\DefaultIcon
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\open\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\open\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\runas\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\runas\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\start\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\start\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\Content Type
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\DefaultIcon
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\open\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\open\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\runas\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\runas\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\start\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\.exe\shell\start\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\Content Type
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\DefaultIcon
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\open\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\open\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\runas\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\runas\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\start\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCR\secfile\shell\start\command\IsolatedCommand
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Clients\StartMenuInternet
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
|
-
|
|
|
registry
|
04/27 19:48:20
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
HKCU\Software\Microsoft\Windows\Identity
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\Installed Plugins\In Process
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\ActiveX\Installed MIME Types\video/quicktime
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\Installed MIME Types\video/quicktime
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKCU\Software\Microsoft\Internet Explorer\Media\MimeTypes\video/quicktime
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\video/quicktime\CLSID
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mov
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.qt
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\ActiveX\Installed MIME Types\image/x-macpaint
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\Installed MIME Types\image/x-macpaint
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKCU\Software\Microsoft\Internet Explorer\Media\MimeTypes\image/x-macpaint
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\image/x-macpaint\CLSID
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.pntg
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.pnt
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.mac
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\ActiveX\Installed MIME Types\image/x-quicktime
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\Installed MIME Types\image/x-quicktime
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKCU\Software\Microsoft\Internet Explorer\Media\MimeTypes\image/x-quicktime
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Classes\MIME\Database\Content Type\image/x-quicktime\CLSID
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.qtif
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Microsoft\Internet Explorer\EmbedExtnToClsidMappings\.qti
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\Installed Plugins\Names
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\Installed Plugins\Deferred
|
-
|
|
|
registry
|
04/27 19:48:23
|
C:\Program Files\QuickTime\qttask.exe
|
HKLM\SOFTWARE\Apple Computer, Inc.\QuickTime\Installed Plugins\In Process
|
-
|
|
|
file
|
04/27 19:48:26
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\******\Local Settings\Application Data\7VJ5
|
-
|
|
|
file
|
04/27 19:48:26
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\All Users\Application Data\7VJ5
|
-
|
|
|
file
|
04/27 19:48:26
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\WINDOWS\Temp\7VJ5
|
-
|
|
|
file
|
04/27 19:48:26
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\******\Templates\7VJ5
|
-
|
|
|
file
|
04/27 19:51:30
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\******\Local Settings\Application Data\7VJ5
|
-
|
|
|
file
|
04/27 19:51:30
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\All Users\Application Data\7VJ5
|
-
|
|
|
file
|
04/27 19:51:30
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\WINDOWS\Temp\7VJ5
|
-
|
|
|
file
|
04/27 19:51:30
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\******\Templates\7VJ5
|
-
|
|
|
file
|
04/27 19:51:33
|
C:\Documents and Settings\******\Local Settings\Application Data\ave.exe
|
C:\Documents and Settings\******\Local Settings\Application Data\7VJ5
|
-
|
|
