• Home
  • Blog
  • Online Scan
  • Update History
  • Online Scan: Analyze unins000.exe file and fix runtime errors, Fix System Error
    Welcome to my blog. I found a malicious code that was added into the unins000.exe file. Due to infection by malicious code, the file contents changed. The MD5 value of the infected file is: 0496efa94eb7cc65d9d0ea99fb394a66, and the file size is: 190 K ( 195,536 bytes )
    Risk level of malicious code
     
     
     
     
     
    ( 3 stars by 161 users )
    Behavior of malicious code ( 320 votes ) If you know more this malicious code, please vote. We sincerely hope you may share your information with other computer users and help them.
    1. Infect file
    12.81% (41)
    2. Intentionally destroy data
    14.69% (47)
    3. Steal personal privacy
    11.88% (38)
    4. Infect other computers through the Internet
    11.88% (38)
    5. Install the backdoor program so that the computer is controlled remotely
    13.44% (43)
    6. Cheat or threaten users to buy something
    11.88% (38)
    7. Download and install other programs without permission in the background
    10.94% (35)
    8. Pop up various advertisements and induce users to click
    12.5% (40)
    Binary Code Analysis:
    When the program runs, the PE loader will try to load the file to 0x00400000 in the virtual address space, Address Of Entry Point: 0x0000D2B6. This file has 5 SECTION.
    DOS Header
    DOS Stub
    ...
     
    NT File Signature
    NT HEADER
    FILE HEADER
     
    OPTIONAL HEADER
    Data Directory
    .text SECTION #1
    .rdata SECTION #2
    .data SECTION #3
    .rsrc SECTION #4
    .reloc SECTION #5
    About this malicious code
    This malicious code is a 32-bit program that infects an EXE file. When the file is run or the file is loaded, the malicious code in the file is run first. Later, this malicious code also infects the following files:

    • unins000.exe
    • unins001.exe
    • unins000.tmp

    Tip: There is something I must emphasize. The file names listed above are infected by malicious code. It does not mean that all files named by these names are malicious files. It is inaccurate to determine whether a file is a malicious program based on its file name.

    The malicious code also infects files on the following path:

    • c:\umtool\
    • c:\windows.old\program files\z3x emmc odin\
    • c:\program files (x86)\qct- quatronik configuration tool\
    • c:\program files\gimp 2\uninst\
    • c:\program files\softland\novapdf 7\
    • c:\purgeie\
    • c:\gesa\
    • c:\ravorife\
    • c:\program files (x86)\common files\enterbrain\rgss3\rpgvxace\
    • c:\asam-assistant 2015\photorescue pro\
    • c:\adams business forms\tax forms helper 2012\
    • c:\program files (x86)\superboost\
    • c:\documents and settings\ak\desktop\mtk usb driver v1.0.8\mtk_driver_ ext\
    • c:\couchdb\
    • c:\program files (x86)\e-file\e-pity\
    • c:\~\quarantine\files\wwedhezqulbfpktlbveiqujdgqfbyhmn\
    • c:\program files\darer\uninst\
    • c:\program files (x86)\tweakbit\pcsuite\
    • c:\program files\novicorp wintoflash\
    • c:\games\farming simulator 17\
    • c:\pyrf\rtsa\
    • c:\nckbox\samsung_module\
    • c:\games\subnautica\uninstall\
    • c:\program files\cheat engine 6.4\
    • c:\eagle 9.0.0\
    • c:\program files\git\
    • c:\games\cuphead\
    • c:\creative destruction\
    • c:\bds_aplicativogestaoescolar\
    • c:\program files (x86)\shuangs audio editor\
    • c:\program files\minitool partition wizard 10\
    • c:\program files\estsoft\alzip\
    • c:\program files\easeus\easeus data recovery wizard\
    • c:\photoen\Τεχνικά\grid---------------\conergy-σκιαση-pv\ipg sizer\
    • c:\program files (x86)\lav filters\
    • c:\documents and settings\client\bureau\flashes\condor\dump condor\upgradetool\
    • c:\games\god of war ii\
    • c:\windows.old\program files\wondershare\drfone for ios\
    • c:\~\quarantine\files\jkeyqnzxcepxxjrgnxkevcjegafftbzv\
    • c:\pidsr\
    • c:\pit format 2015\
    • c:\program files\tuxpaint\
    • c:\arquivos de programas\google\google sketchup 7\plugins\openstudio\
    • c:\법무부 messenger\
    • c:\varranger2 v1.16\
    • c:\dpsgev50\
    • c:\program files (x86)\wise\wise force deleter\
    • c:\program files (x86)\ffdshow\
    • e:\program files\alldj_dvd_ripper\
    • c:\program files\netgate\spy emergency\
    • c:\program files (x86)\adobe\update management tool\
    • c:\games\hienzo.com - gundam seed disteny cloning [gundam war]\gundam seed disteny cloning [gundam war]\
    • c:\data\2019\karaoke\extreme karaoke 2019\
    • c:\games\sakura clicker\
    • c:\program files\convert avi to mp4\
    • c:\program files\drivers-fix.com\drivers fix\
    • c:\xiaomi\xiaomitool\
    • c:\zzkey_suite\
    • c:\pdf2jpg\
    • c:\program files (x86)\4kdownload\4kvideodownloader\
    • c:\games\chaos legion\chaos legion extract\uninstall\
    • c:\~\quarantine\files\iafmflhnvpokqjxbgoazvabixnmrywnp\duplicate file finder\
    • c:\firetext system\
    • c:\avengers\qualcomm_module\
    • c:\program files (x86)\spyware doctor\
    • c:\gog games\doom 2\
    • c:\pdftojpg\
    • c:\cscwebin\libs\cogent\csd200\
    • c:\program files (x86)\pdf to word free\
    • c:\jeux\breach and clear - deadline\
    • c:\msi\msiregister\
    • c:\program files\hd tune\
    • c:\micam 2.0\
    • c:\program files (x86)\itunes\
    • c:\program files\hicloud\update_server\
    • e:\program files\cell phone manager\
    • c:\program files (x86)\frp hijacker by hagard\
    • c:\program files (x86)\4videosoft studio\4videosoft dvd to mp4 converter\
    • c:\arquivos de programas\hugin\
    • c:\program files\avira\system speedup\
    • c:\program files (x86)\vkmusic 4\
    • c:\program files\z3x\lg\lgi_sg3\
    • c:\program files (x86)\uniblue\driverscanner\
    • c:\games\world_of_warships\
    • c:\program files\common files\wondershare\wshelper\
    • c:\gog games\hitman - contracts\
    • c:\coocox\coide_v2beta\
    • c:\arquivos de programas\western digital corporation\data lifeguard diagnostic for windows\
    • c:\arquivos de programas\media player classic - home cinema\
    • c:\program filesl\left 4 dead 2\
    • c:\program files\skillbrains\lightshot\
    • c:\temp\
    • c:\program files\vistadrives\
    • c:\directx 11\coh2\coh 2 ardennes assault\company of heroes 2 - ardennes assault\
    • c:\team17\worms world party\
    • c:\espaciojovenfoto\
    • c:\program files\cyclone box\
    • c:\umtool\ultimatecdma\
    • c:\gog games\medal of honor - allied assault war chest\
    • c:\gsm flasher tools\z3x-20.5\
    • f:\program files\total uninstall 6\
    • c:\program files (x86)\spybot - search & destroy\
    • c:\archivos de programa\dll-files.com fixer\
    • c:\advantech\daqnavi\driver\usb4750\
    • c:\~\quarantine\files\zblhqzlttpehhedhyxwdgohmeranqpsk\
    • c:\games\pro evolution soccer\
    • c:\clasges5\
    • c:\program files\apowersoft\video downloader suite\
    • c:\program files (x86)\izotope\nectar 2\
    • c:\cartool\cartool3.6\
    • c:\program files\greenshot\
    • c:\warthunder\
    • c:\program files\z3x\samsung\samsed\
    • c:\program files\iskysoft\data recovery (cpc)\
    • c:\gog games\hacknet\
    • c:\program files (x86)\netcut\
    • c:\program files (x86)\driver identifier\
    • c:\fuzzland\lista wynagrodzeń\
    • c:\allwinvm\
    • c:\rc-4&5_conventional(v3.2)\
    • f:\program files\pasig\
    • c:\archivos de programa\apowersoft\video download capture 6\
    • c:\program files (x86)\rbsoft_mobile_tool\
    • c:\hd2013\
    • c:\games\call of duty ghosts\
    • c:\program files\crystaldiskinfo\
    • c:\program files (x86)\idautomation.com code 39 free font\uninstall\
    • c:\program files\pdfzilla\
    • c:\program files\positivo informática\gerenciador de inicialização positivo\
    • c:\windows\multisessions\185261\
    • c:\program files (x86)\aurora3d\animation3d\
    • c:\program files\digidna\imazing\
    • c:\gog games\the escapists\
    • c:\qa-cad 2016\pdf-xchange\
    • c:\~\quarantine\files\dorcgldxmqmldlxbxbqlhcuvhjbamkoj\
    • c:\archivos de programa\apowersoft\video converter studio\
    • c:\ovisoft\fst\
    • c:\adbfire\
    • c:\cms2000\
    • c:\gog games\final doom\
    • c:\program files\driver checker\
    • c:\program files (x86)\square enix\hitman sniper challenge\
    • c:\aplikasisas2017\
    • c:\program files\locate laptop\
    • c:\program files (x86)\microsoft\skype for desktop\
    • c:\program files\ffdshow\
    • c:\windows\configsetroot\bit7\
    • c:\oziexplorer\
    • d:\games\better late than dead\
    • c:\program files (x86)\computer zone\kundli for windows 5.5\
    • c:\pdfzilla\
    • c:\program files (x86)\real alternative\
    • f:\program files\auslogics\registry defrag\
    • c:\adblink\
    • c:\cvavr2\
    • c:\program files\dvdfab 9\
    • c:\hwx2.3\
    • c:\programs\havysoft\masstube\
    • c:\program files (x86)\anvsoft\any video converter\
    • c:\program files\coolutils\total pdf converter\
    • c:\program files\qxkankan\
    • c:\program files (x86)\i-funbox devteamm\
    • c:\biralpha34\
    • c:\arquivos de programas\programmer's notepad\
    • c:\program files (x86)\kirby super star (kirby's fun pak)\
    • c:\program files (x86)\remove logo now!\
    • c:\windows.old\program files\mediatek\sp driver\
    • c:\games\battlefield 1942\unins\
    • c:\program files (x86)\nfo viewer\
    • c:\program files\turbomailer\
    • c:\wamp64\
    • c:\contactos agenda\chaos manager 2\
    • c:\certo\mei\
    • c:\program files\packet tracer 5.0\
    • c:\games\slain\
    • c:\~\quarantine\files\fnjrvaeixejtdcqjxnnmksjldbkpektv\
    • c:\dokman\
    • c:\msi\msi usb speed up\
    • c:\cj netmarble\modoomarble\
    • c:\a server\flying prober\2. software & application\!test_software\!!sondersoftware im fluss!!\beta\testplayer2_r&d_20042017\
    • c:\program files\bcuninstaller\
    • c:\program files\adobe\photoshop cs4\
    • c:\program files\yahoo!\yahoo! music jukebox\disc labeler\
    • c:\lol\sun\
    • c:\windows\infix pdf\
    • c:\program files (x86)\steinberg\vstplugins\
    • c:\program files (x86)\teamspeak2_rc2\
    • c:\rise.of.the.tomb.raider-kaos\
    • c:\inferno_volcano_spd\
    • c:\autometal\
    • c:\wamp\www\dx-fusion\
    • c:\gog games\fallout 2\
    • c:\isobuster\uninst\
    • c:\program files (x86)\apowersoft\video download capture 6\
    • c:\program files (x86)\universal extractor\
    • c:\program files (x86)\pdanet for android\
    • c:\pixellu smartalbums 2\
    • c:\wamp\
    • c:\forextester3\
    • c:\windows\win2farsi\
    • c:\phoenix\uninstalljr\
    • c:\mide\
    • c:\hry\age of barbarian extended cut\
    • c:\expresspaypro\
    • c:\openssl-win32\
    • c:\program files (x86)\free mp3 cutter\
    • c:\my program\
    • c:\program files\idm computer solutions\ultraedit\
    • c:\arquivos de programas\auslogics\diskdefrag\
    • c:\program files (x86)\iroot.off\
    • c:\vitra\fastwindowstweaker\
    • c:\program files\investintech.com inc\able2extract professional 11.0\
    • c:\program files (x86)\foxit software\foxit reader\
    • c:\~\quarantine\files\atkmxchhabhaspxznltcuifxxmpgcdkt\
    • c:\program files\direct folders\
    • c:\program files (x86)\facebook\
    • c:\program files\dllescort\
    • c:\games\beamng.drive v0.11.0.4\
    • c:\calendars professional 2017\
    • c:\program files\dvdvideomedia\free video cutter joiner\
    • c:\program files\z3x\samsung\samsungtool\drivers\
    • c:\program files (x86)\common files\wondershare\wondershare helper compact\
    • c:\arquivos de programas\iobit\iobit uninstaller\
    • c:\program files (x86)\wondershare\filmora\
    • c:\nba 2k14\
    • c:\etiquetas\cybersineslda\registadoraslda\samsung\pedroporto\reg530sps\winplus\
    • c:\program files (x86)\legendas-3.5\
    • c:\games\vvvvvv\
    • c:\pdftoexcelconverter\
    • c:\gsm flasher tools\z3x-24.3\
    • c:\program files (x86)\steinberg\vstplugins\vstplugins\
    • c:\nckdongle\android_mtk\
    • c:\program files\realvnc\vnc4\
    • c:\program files\cpuid\cpu-z\
    • c:\smt\applications\commandfx\
    • c:\cscwebin\libs\morpho\cbme\
    • e:\program files\pmp transcoding tool\
    • c:\program files (x86)\ashampoo\ashampoo burning studio 10\
    • c:\nckdongle\cdma_module\
    • c:\qkxzgj\qgdp_developer\
    • c:\mgs\
    • c:\program files (x86)\freemake\freemake video downloader\uninstall\
    • c:\games\minecraft - story mode\
    • c:\arquivos de programas\gnubg\
    • c:\games\age.of.empires.iii.complete.collection-kaos\
    • c:\program files\usb disk security\
    • c:\program files\shark007\
    • c:\program files\bullzip\pdf printer\gs\
    • c:\train simulator 2014 steam edition\
    • c:\a server\flying prober\2. software & application\!test_software\!!sondersoftware im fluss!!\a8ea maschine 2017-03-31\atg\tp2statistics\
    • c:\program files\wondershare\wondershare filmora\
    • c:\ahmed\appdata\roaming\call of duty black ops 2\uninstall\
    • c:\program files (x86)\custom live wallpaper creator\
    • c:\program files\total uninstall 6\
    • c:\program files (x86)\smart projects\isobuster\uninst\
    • c:\program files (x86)\miracle box 2.54\
    • c:\program files\z3x\mtk\
    • c:\program files\gsm aladdin key v2\
    • f:\program files\roguekiller\
    • c:\program files\publicsoft\engdict\
    • c:\games\the witcher 3 wild hunt\
    • c:\ads civil 2017\
    • c:\program files\aimersoft\video converter ultimate\
    • c:\program files (x86)\wondershare\recoverit pro\
    • e:\tqvault\
    • c:\program files\boilsoft\boilsoft video splitter\
    • c:\program files\malwarebytes\anti-malware\
    • c:\program files (x86)\i am alive\
    • c:\sft\
    • c:\go2cam_intl\go2dentalv605\
    • c:\program files (x86)\driver-soft\drivergenius\
    • c:\program files (x86)\synchronize it!\
    • d:\program files\lenovo\shareit\
    • c:\autodesk\prdsp_2016_enu_win_64bit_dlm\x64\showcase\adsk\sc\python\lib\site-packages\wx-2.8-msw-unicode\
    • c:\program files\icompia\wisegrid(unicode)\
    • c:\rtools\
    • c:\~\quarantine\files\vpzjsabimopseegfsmoetrdovodghnuj\application\
    • c:\program files (x86)\zemana antimalware\
    • c:\gog games\american conquest - fight back\
    • c:\program files\hddguru llf tool\
    • c:\windows.0\
    • c:\program files (x86)\iobit\iobit uninstaller\
    • f:\program files\vs revo group\revo uninstaller pro\
    • c:\gog games\syberia 2\
    • c:\cgae\pfd\
    • c:\larian studios\divine divinity\
    • c:\archivos de programa\multimedia builder496\
    • c:\programme\metin2\
    • c:\program files (x86)\geosys\demos\
    • c:\espaciojoven\
    • c:\games\dark souls prepare to die edition\uninstall\
    • c:\odin\diet\masters\
    • c:\avengers\android_mtk\
    • c:\games\call of duty - modern warfare 2\
    • c:\dpos8\
    • f:\program files\uninstall tool\
    • c:\games\namste america\tm\uninst\
    • c:\games\undertale\
    • c:\program files\windows kms activator ultimate 2016 v3.0\windows kms activator ultimate 2016 v3.0\
    • c:\a server\flying prober\2. software & application\!test_software\!!sondersoftware im fluss!!\a8ea maschine 2017-03-31\atg\dps2.v4.80\
    • c:\program files\dllsuite\2014\
    • c:\program files\axbx\multi virus cleaner 2005\
    • c:\autodesk\wi\autodesk product design suite premium 2017\x64\showcase\adsk\sc\python\lib\site-packages\wx-3.0-msw\
    • c:\program files (x86)\iobit\iobit malware fighter\adsremoval\
    • c:\games\counter-strike 1.6 russian\
    • c:\gog games\assassins creed\
    • c:\program files\linotype fontexplorer x\
    • c:\games\crysis 2 maximum edition\uninstall\
    • c:\program files (x86)\ashampoo\ashampoo photo commander 8\
    • c:\games\dont starve\
    • c:\talking dictionary\
    • c:\games\terraria v1.3.5.3 rus\
    • c:\counter-strike\
    • c:\archivos de programa\dvd shrink\
    • c:\kafeo\
    • c:\esau (archivos instalados)\allmytube\
    • e:\program files\torrent master\
    • e:\program files\real alternative\
    • c:\archivos de programa\avast software\avast cleanup\
    • c:\arquivos de programas\innovative solutions\drivermax\
    • c:\windows\multisessions\1612262\
    • c:\esurvey\esurveylisps\
    • c:\program files\care\
    • c:\games\block'hood\
    • c:\program files (x86)\faststone image viewer\
    • c:\~\quarantine\rqf69azbla\
    • c:\program files\wondershare\mobilego for android\
    • c:\windows\system32\macromed\flash\
    • c:\program files\wondershare\data recovery\
    • c:\program files\excel password unlocker\
    • c:\program files\pcpitstop\driver alert2\
    • c:\temp\uninstall\hmc\
    • c:\program files\xvid\
    • c:\temp\uninstall\
    • c:\program files\acon digital\acoustica basic edition 6\
    • c:\games\resident evil 5 - gold edition\
    • c:\gog games\dungeon keeper gold\
    • c:\fingerspot\easytouchsdk\
    • c:\~\quarantine\files\gjucukncbfxgcnovilxjnqcoffrialhc\fixmypc\
    • c:\1ألعاب\chicken invaders 1,2,3,4 collection\chicken invaders 2\
    • c:\timhillone\h264webcam\
    • e:\program files\xinox software\jcreatorv5le\
    • c:\program files\cdburnerxp\
    • c:\program files\sheel's dictionary\
    • c:\archivos de programa\audacity\
    • c:\games\james cameron's avatar - the game\
    • c:\games\world_of_warplanes\
    • c:\mfc\
    • c:\arquivos de programas\google\google sketchup 7\plugins\sketchyphysics3\uninst\
    • c:\program files\asus\share link\
    • c:\gog games\shovel knight\
    • c:\games\the sims 4\
    • c:\games\dark souls remastered\
    • c:\rpgvx\
    • c:\program files\a-pdf text extractor\
    • c:\program files\sugar mtk_sp_gotu2\
    • c:\gsm flasher tools\4se-tool-2.0.4\
    • c:\softwares for windows 10 on my laptops\nvclient_v5\
    • c:\program files (x86)\allepomocnik 2\
    • c:\program files (x86)\epson\
    • c:\games\vector\
    • c:\gog games\abe's oddysee\
    • c:\hd2014\
    • c:\program files\wondershare\pdfelement 6 professional\
    • c:\program files\opentrust\
    • c:\games\artmoney\uninstall\
    • c:\phoenix\instalação do pdv\9º - exes paf pdvs\nsc_pdv light\
    • c:\program files\dll-files.com fixer\
    • c:\program files (x86)\cisco packet tracer 5.3\
    • c:\sniper.ghost.warrior-kaos\
    • c:\program files\firebird\firebird_2_5\
    • c:\purgefox\
    • c:\program files\bhv\dein sportpferd\
    • c:\geovista\bhtv logger\uninst\
    • c:\program files (x86)\spybot - search & destroy 2\
    • c:\dvp-crc16\
    • c:\firebird old\
    • c:\game\game\jojos fashion show - world tour\
    • c:\swtools\ff36patch\
    • c:\rkakldipa19\
    • c:\program files (x86)\pjf tool\
    • c:\documents and settings\administrator.aragsoc\desktop\new folder (2)\janral\my doc\3setup files\led\hd2014\
    • c:\program files (x86)\iobit\game booster 3\
    • c:\mp3cutter\
    • c:\bluej\uninst\
    • c:\games\world_of_tanks_ct\
    • c:\program files\adobe\photoshop 7.0\plug-ins\filters\alphaplugins\
    • c:\program files (x86)\apowersoft\streaming video recorder\
    • c:\games\need for speed - underground 2\
    • c:\pentabletdriver\
    • c:\program files (x86)\excel password recovery master\
    • c:\windows\eole\
    • c:\program files (x86)\7-data recovery suite\
    • c:\中国税法查询系统-税法送万家专版\
    • e:\program files\grupa image\testy b 2011\
    • c:\umtool\ultimatemtk\
    • c:\program files (x86)\videoget\
    • c:\mobile upgrade s gotu2 v5.2.1\
    • c:\program files\webshots\
    • c:\games\geometry dash v2.1\
    • c:\gog games\corpse party\
    • c:\program files\remo recover 4.0\
    • c:\games\batman arkham knight\
    • c:\files\unh solutions\swf opener\
    • e:\tunngle\
    • c:\smt\videomanager\
    • c:\program files\baraha software\baraha 10\
    • c:\gog games\penumbra collection\
    • c:\windows\visualutilities\168201\
    • c:\program files\convertvideofiles.net\free avi to vob converter\
    • c:\games\broforce\
    • c:\program files (x86)\pixresizer\
    • c:\tapinradio\
    • f:\program files\wondershare\tunesgo retro\
    • c:\program files (x86)\allconverter pro\
    • c:\falcon box\fft\
    • c:\aeroglass\
    • c:\archivos de programa\counter-strike 1.6\
    • c:\arquivos de programas\browser updater\
    • c:\rkakldipa18\
    • c:\games\criminal girls invite only\
    • c:\windows\zunist\
    • c:\program files\a-squared free\
    • c:\program files\lav filters\
    • c:\nckbox\spreadtrum_module\
    • e:\program files\grupa image\skrzyżowania\
    • c:\program files (x86)\aurora3d\maker3d\
    • c:\games\sleeping dogs\
    • c:\program files (x86)\resolume arena 5.1.4\
    • c:\program files (x86)\lenovo\shareit\
    • c:\ylxzgj\ygdp\
    • c:\calendars pro 2018\
    • c:\program files\camstudio\
    • c:\youtube to mp3 hq downloader\
    • c:\complete internet repair\
    • c:\dell\drivers\xr5y4\cypress\win7\x86\apps\
    • c:\programme\anycom\blue usb-200-250\
    • c:\program files\miracle box\
    • c:\games\battlefield 4\
    • c:\program files (x86)\tmnationsforever\
    • c:\cok free mp3 recorder\
    • c:\program files\gametop.com\real chess\
    • c:\umtool\ultimatehwf\
    • c:\program files\allplayer remote\
    • c:\program files\aiseesoft studio\aiseesoft pdf to excel converter\
    • c:\r-3.4.3\
    • c:\program files\allplayer\
    • c:\games\call of duty - black ops 2\
    • c:\program files (x86)\webroot\spy sweeper\
    • c:\directx 11\coh2\company of heroes 2\
    • c:\sublime text 2\
    • c:\z - program files - old\dicter\
    • c:\arquivos de programas\acelerador de downloads\
    • c:\program files (x86)\msg viewer\
    • c:\program files (x86)\audacity\
    • c:\games\mortal kombat xl\
    • c:\odmxzgj\qgdp_le_oem_assembly\
    • ютър\
    • c:\program files\digiarty\daplayer\
    • c:\siemens\plpastraps\v01.50.00\
    • c:\program files\proxifier\
    • c:\gog games\rebel galaxy\
    • c:\respaldo irma\raiz\nueva carpeta\respaldo irma\pdfcreator\
    • c:\program files (x86)\digiarty\winx_hd_video_converter_deluxe\
    • c:\program files (x86)\magix\connect\
    • c:\mseedbiooffice\
    • c:\program files (x86)\ea games\need for speed most wanted\
    • c:\gsm flasher tools\
    • c:\program files (x86)\escan\
    • f:\program files\clean space 7\
    • c:\soft-windows\microsoft office 2010 professional plus x86\
    • c:\program files\eagleget\
    • c:\program files\reliance pro 3\
    • c:\program files\hicloud\pcplayer\
    • c:\games\hitman\
    • c:\program files (x86)\realvnc\vnc4\
    • c:\program files\sbqh\
    • c:\program files\thinksky\itools 3\
    • c:\program files (x86)\ultraiso\
    • c:\aquariumdemo\
    • c:\program files\wgsoft\scanmaster-elm\
    • c:\program files (x86)\mafia\
    • c:\program files\emsisoft anti-malware\
    • c:\mop030b\spider-man 3 - the game\
    • c:\games\counter-strike global offensive\
    • c:\program files (x86)\smadav\
    • c:\umtool\qcfire\
    • c:\program files\minitool partition wizard home edition 8.1.1\
    • c:\a.m.t.t infernokey mtk\
    • d:\program files\kingroot\
    • c:\program files\010 editor\
    • c:\program files\wifi password revealer\
    • c:\windows.old\program files\dpower\
    • c:\temp\itoolsgc\
    • c:\program files\iobit\driver booster\4.4.0\
    • c:\program files\minimal adb and fastboot\
    • c:\games\diner dash 2 restaurant rescue\
    • c:\program files\transcend\recoverx\
    • c:\thunder\
    • c:\program files\animated wallpaper\video wallpaper\
    • c:\wondershare\drfone\
    • c:\program files\crossfire\
    • c:\stephen\appdata\local\dvdstyler\
    • c:\program files\violation_setupv2\
    • c:\directorios contabilidad\contalux\
    • c:\gog games\trine 3 - artifacts of power\
    • c:\games\world_of_tanks\aslain_modpack\
    • c:\program files (x86)\quicktime alternative\
    • c:\~\quarantine\files\jdovxeadtmwxwstndodjsipynjrwptor\
    • c:\program files (x86)\gm3000\
    • c:\anusm\
    • c:\cds\topss\
    • c:\program files\mobile 4g\
    • c:\windows\resources\themes\blue night\
    • c:\program files\tracker software\pdf viewer\
    • c:\magic83\get\
    • c:\windows\burnintest1\burnintest1\
    • c:\rk software\symbolik\
    • c:\alice\alice madness returns\
    • c:\program files\freealarmclock\
    • c:\dell\drivers\xr5y4\cypress\win7\x64\apps\
    • c:\shadowexplorer\
    • c:\games\prototype\
    • c:\program files (x86)\malwarebytes anti-malware\
    • c:\games\the legend of zelda - breath of the wild\
    • c:\advantech\daqnavi\uninstaller\
    • c:\program files\z3x\
    • c:\program files\fez\
    • c:\z - program files - old\getleft\
    • c:\calendars professional 2016\
    • c:\program files (x86)\youtube song downloader\
    • c:\renostar\renoticker\
    • c:\phc18\
    • c:\program files\hasleo\wintohdd\
    • c:\program files\tanki online\
    • c:\program files\unikey\
    • c:\program files\positivo informática\sw_cadastro\
    • c:\program files (x86)\izotope\vinyl\
    • c:\archivos de programa\aide pdf to dxf converter\
    • c:\program files (x86)\sugar mtk_sp_gotu2\
    • c:\program files\stellar phoenix windows data recovery\
    • c:\program files\xerox phaser 3132 series\
    • c:\program files (x86)\simplitec\simplitec\simpliclean\
    • c:\program files\sublime text 3\
    • c:\program files\megaman x4 latino\
    • c:\archivos de programa\karafun\
    • c:\program files\aomei partition assistant standard edition 5.6\
    • c:\mobile upgrade s 4.1.8\
    • c:\game\softnyxgame\nyxlauncherks\
    • c:\files\unhackme\
    • c:\arquivos de programas\filter forge freepack 1 - metals\
    • c:\~\quarantine\files\gnvhjockypknjokmwaveriyrjrxnrkjq\
    • c:\program files\lenovo\communications utility\
    • c:\program files\adobe\adobe photoshop cs3\plug-ins\filters\neat image\
    • c:\windows.old\program files\zte 3gphone usb driver\
    • c:\gog games\simcity 4 deluxe edition\
    • c:\temp\~xc34b4.tmp.0\
    • c:\program files (x86)\wondershare\new tunesgo\
    • c:\program files (x86)\auslogics\disk defrag\
    • c:\program files\kv331 audio\synthmaster\
    • c:\mobile upgrade s 4.1.3\
    • c:\archivos de programa\delpsguard\
    • c:\a server\flying prober\2. software & application\!test_software\!!sondersoftware im fluss!!\a8ea maschine 2017-03-31\atg\testplayer2\
    • c:\gst offline tool\
    • c:\windows\configsetroot\pc_test\pc-test 2 se\files\#7 pc-test 2 se 160\roda\7_x64\
    • c:\dwimperl\
    • c:\program files (x86)\sniper elite 3\
    • c:\windows.old\program files\smartfren connex ce682 ui\
    • c:\arquivos de programas\performancetest\
    • c:\program files\positivo informática\navlicense\
    • c:\program files\mediatek\driver package\
    • c:\archivos de programa\break for games\hunting unlimited 2010\
    • c:\stephen\appdata\roaming\cliqz\
    • c:\~\quarantine\files\gjucukncbfxgcnovilxjnqcoffrialhc\driver updater\
    • c:\gdoor sistemas\gdoor pro\uninst\
    • c:\psapa\_20171112\rawtherapeeportable\app\rawtherapee\x86\
    • c:\windows.old\program files\k-lite codec pack\
    • c:\nfp\uninstallnfp\
    • c:\program files (x86)\common files\aimersoft\aimersoft helper compact\
    • c:\program files (x86)\ztemobilebroadbanddevicedrivers\
    • c:\game\softnyxgame\rakionis\
    • c:\games\middle-earth - shadow of mordor\
    • c:\program files (x86)\tweakbit\fixmypc\
    • c:\program files\dolphin futures\xpsviewer\
    • c:\program files (x86)\icare data recovery\
    • c:\umtool\ultimategsm\
    • c:\program files (x86)\dsnet corp\atube catcher 2.0\
    • c:\program files\startup manager\
    • c:\archivos de programa\archivos comunes\microsoft shared\vfp\
    • c:\program files\folderico\
    • c:\program files (x86)\iobit\game assistant\
    • c:\game\game\monster mash\reflexivearcade\
    • c:\~\quarantine\files\amyyxkzvefmkpvmhcqhgizvcpvqpakmu\phone saver\
    • c:\program files (x86)\auto shutdown\
    • c:\windows.old\program files\sell loader\
    • c:\program files (x86)\iobit\smart defrag\
    • c:\program files\gametop.com\rome puzzle\
    • c:\cartool\
    • c:\program files\social media live production\neighbours from hell woody comes back 2014\
    • c:\gog games\kerbal space program\
    • c:\docscan\
    • c:\the punk software\rocketdock\tools\mediaget\
    • c:\games\xcom.2.proper-kaos\
    • c:\ruby23\
    • c:\adcda2\
    • c:\archivos de programa\aaalogo\
    • c:\utility\need for speed the run\
    • c:\program files (x86)\the binding of isaac rebirth\
    • c:\ruby200\
    • c:\gdoor sistemas\gdoor 2016\
    • c:\umtool\ultimatefrp\
    • c:\program files\konami\yu-gi-oh! power of chaos\yugi the destiny\
    • c:\program files (x86)\ffmpeg for audacity\
    • c:\files\dvdvideosoft\
    • c:\program files (x86)\wonderfox soft\wonderfox dvd ripper\
    • c:\cisco_ccna\
    • c:\program files (x86)\abasset\explorer3\
    • c:\~\quarantine\files\vzfzqfhuezfjzkyzyzqrbokotqygxqai\
    • c:\games\cathys crafts platinum edition\
    • c:\program files\instanteyedropper\
    • c:\program files\mobile utility\mobileusbdriver\
    • c:\games\a hat in time\
    • c:\program files (x86)\hewlett-packard\hp_encryption_recovery\
    • c:\z - program files - old\lenovo1\uesdk\
    • c:\arquivos de programas\vso\convertx\4\
    • c:\program files\sweet home 3d\
    • c:\tc\
    • c:\rox games\
    • c:\games\counter strike virtus pro\
    • c:\huion tablet\
    • c:\windows.old\program files\wondershare\waf\
    • c:\program files\hipkilocalsignserver\
    • c:\games\trackmania turbo\
    • c:\wanscam\
    • c:\osgeo4w64\apps\python27\lib\site-packages\wx-2.8-msw-unicode\
    • c:\gog games\ori and the blind forest - definitive edition\
    • c:\program files\z3x\samsung\drivers\
    • c:\program files\wondershare\dr.fone toolkit for ios\
    • c:\program files (x86)\wonderfox soft\wonderfox dvd video converter\
    • e:\program files\blazevideo\blazedtv 6.0\
    • c:\fssrf\arm_fss_net\
    • c:\windows_repair_toolbox\
    • c:\program files (x86)\mpc-hc\
    • c:\program files\camstudio 2.7\
    • c:\program files\fpsensor\
    • c:\g3imap\
    • c:\program files\lighten pdf to word converter (tradepub)\
    • c:\gang beasts v14.02.2018-juegapepeyito.blog\
    • c:\program files\estsoft\alupdate\
    • c:\games\r.g. catalyst\tom clancy`s ghost recon - advanced warfighter 2\
    • c:\quarantine\folders\primepc.2016-05-19. 6.46.54.82\
    • c:\arquivos de programas\ac3filter\
    • c:\program files\estsoft\alsee\
    • c:\jogos\the king of fighters\the king of fighters xiii\
    • c:\nckdongle\generic_mtk\
    • c:\program files\7-data recovery suite\
    • c:\games\assassin's creed chronicles - trilogy\
    • c:\program files\imagewriter\
    • c:\program files\kmsnano\
    • c:\sefanet\
    • c:\gog games\outlaws\
    • c:\freeocr\
    • c:\psapa\sublight\
    • c:\tibia\
    • c:\psapa\_20171112\watch 4 folder\
    • c:\cscwebin\libs\mantra\mfs100\
    • c:\fpos\binms\
    • c:\alfatest\
    • c:\windows\
    • c:\program files\double driver\
    • c:\teracopy\
    • c:\tx32\
    • c:\firebird\
    • c:\jeux\breach and clear\
    • c:\program files (x86)\auslogics\boostspeed\
    • c:\mamp\
    • c:\games\need for speed - most wanted black edition\
    • c:\gog games\timeshift\
    • c:\program files\a sharper scaling\
    • c:\program files (x86)\compass\
    • c:\program files (x86)\luxonix\purity\uninstall\
    • c:\program files\vbto converter\
    • c:\program files\any drive formatter\
    • c:\program files\utvideo\
    • c:\program files (x86)\purevpn\
    • c:\sabre interact\airport\v5.5\
    • c:\webxone\
    • c:\pnotes\
    • c:\program files\mp3jam\
    • c:\abakus\misc\
    • c:\program files\foxit software\foxit advanced pdf editor\
    • c:\game\game\broken-heart\
    • c:\program files\megadownloader\
    • c:\archivos de programa\sourcetec\sothink logo maker\
    • c:\games\gwent\
    • c:\~\quarantine\files\uyobkwqhgduvugmywdvpntbocmpdudlf\
    • c:\program files\amd quick stream\
    • c:\windows.old\program files\firebird\firebird_2_1\
    • c:\redeemer\
    • c:\program files (x86)\psicraft\line 6\vyzex pocket pod\win32\
    • c:\ortep3\
    • c:\program files\calccf_standart\
    • c:\gog games\neighbours from hell\
    • c:\games\panzar\
    • c:\winki\
    • c:\programs\micam-1.6\
    • c:\plants vs. zombies\
    • c:\documents and settings\administrator\desktop\sh\ceo\myplaycity.com\anka\
    • c:\nckbox\generic_mtk\
    • c:\warpack\
    • c:\program files\z3x\samsung\samsungtoolpro\
    • c:\archivos de programa\mojosoft\photo calendar studio\
    • c:\socketeq\
    • c:\hry\battlechess game of kings\
    • c:\etiquetas\cybersineslda\registadoraslda\samsung\pedroporto\cd soft\software registadoras\le win\lewin 2000 2.0.1\
    • c:\asam-assistant 2015\1click dvd converter\
    • c:\program files\minecraft pc gamer demo\
    • c:\program files (x86)\megamanchristian games\god of war version pc\
    • c:\braca soft\fmrte 18\
    • c:\program files\microsoft\skype for desktop\
    • c:\gq\
    • c:\program files\aomei backupper professional edition 2.0.3\
    • c:\program files\moborobo\
    • c:\program files (x86)\gmt-max.org\grand theft auto iv\uninstall\
    • c:\program files\z3x\samsung\all\
    • c:\windows.old\program files\mpck\
    • c:\program files (x86)\dvdvideosoft\
    • c:\games\just cause 3\
    • c:\program files\bullzip\pdf printer\xpdf\
    • c:\dos2usb\
    • c:\gog games\stronghold crusader extreme hd\
    • c:\program files\eltima software\flexihub\
    • c:\program files\renault\
    • c:\games\novaro\
    • f:\program files\auslogics\boostspeed\
    • c:\keil_v5\arm\nulink\unistall\
    • c:\digitals\
    • c:\program files\axbx\viruskeeper 2017 free edition\
    • c:\esurvey\lockupdater\
    • c:\program1\
    • c:\program files (x86)\mouse server\
    • c:\seal online indonesia\
    • c:\games\cue club 2 pool and snooker\
    • c:\archivos de programa\icon commander\
    • c:\games\terratech v0.7.9\
    • c:\gog games\hotline miami 2 - wrong number\
    • c:\game\game\virtual villagers\reflexivearcade\
    • c:\xicato_control_panel_v1_4\
    • c:\program files (x86)\common files\avid\audio\plug-ins\lucifer\uninstall\
    • c:\kinder\mostri & pirati\
    • c:\program files (x86)\skillbrains\lightshot\
    • c:\phoenix\uninstallg5\
    • c:\archivos de programa\k-lite codec pack\
    • c:\speedpro starter\
    • c:\nvidia\gog games\singularity\
    • c:\navergame\champagne_naver\
    • f:\program files\peazip\
    • c:\program files\flv to avi mpeg wmv 3gp mp4 ipod converter\
    • c:\gammu\
    • c:\program files (x86)\pdfcreator\
    • c:\torrentex\
    • c:\backup-share\bp2013\
    • c:\program files (x86)\winscp\
    • c:\oemxzgj\qgdp_le_oem_smt\
    • c:\gdoor sistemas\gdoor pro\
    • c:\games\snake pass\
    • c:\pdfpasswordremover\
    • c:\dpadmwin\
    • c:\program files (x86)\nero\
    • c:\program files\avro keyboard\
    • c:\odin\diet\bhavcopy\
    • c:\nckdongle\huawei_module\
    • c:\arquivos\01\w2\mlg\
    • c:\program files\bit che\
    • c:\esurvey\esurveysections\
    • c:\games\heroes of might and magic v\
    • c:\cgae\aca\
    • c:\program files\gsautoclicker3\
    • c:\program files (x86)\putty\
    • c:\games\totally accurate battle simulator v0.3.6192.6310\
    • c:\esurvey\esurveycad\
    • c:\axon7development\
    • c:\pos moudule\
    • c:\documents and settings\administrator\desktop\virus removal tool\
    • c:\program files (x86)\aimersoft\aimersoft itube studio (portuguese)\
    • c:\program files (x86)\embarcadero\rad studio\7.0\ravereports\
    • c:\program files (x86)\iknowps\
    • c:\battlestate games\bsglauncher\
    • c:\program files\lenovo\imcontroller\
    • c:\antivir\trojan remover\
    • c:\program files (x86)\windows movie maker\
    • c:\mobile upgrade s 4.4.1\
    • c:\wondershare\drfone\toolkit\
    • d:\program files\rocketdock\
    • c:\nckdongle\spreadtrum_module\
    • c:\~\quarantine\zmck8r6beu\
    • c:\miracle box\
    • c:\program files\pdfcreator\
    • c:\program files (x86)\hcwp web components\
    • c:\windows.old\program files\bbk\aftool_4.3.1\
    • c:\program files\teracopy\
    • c:\documents and settings\fgomez\escritorio\otros\pdfrizator\
    • c:\games\sniperelitev2\
    • c:\program files (x86)\clamwin\
    • c:\hry\bombshell\
    • c:\games\life is strange before the storm\
    • c:\hry\adultgamecity\magic shop\
    • c:\~\quarantine\files\jnckaquauuaennyvdehpqwfbvcrafbbr\
    • c:\program files (x86)\ac3filter\
    • c:\dbksatker-bp\uninst\
    • f:\program files\ashampoo\ashampoo internet accelerator 3\
    • c:\dbsas17\
    • c:\dll-files.com client\
    • c:\program files\email verifier\
    • c:\ebirforms\
    • c:\program files\kutools for excel\
    • c:\openssl-win64\
    • c:\windows\speciesatrisk uninstaller\
    • c:\games\hello neighbor alpha 4\
    • c:\program files (x86)\wise\wise jetsearch\
    • c:\my\omerta\omerta\
    • c:\program files (x86)\tweakbit\file recovery\
    • c:\braca soft\fmrte 17\
    • c:\program files\kingo android root\
    • c:\archivos de programa\vso\convertx\5\
    • c:\joygame\wolfteamts\
    • c:\odcecs\
    • c:\archivos de programa\dsnet corp\atube catcher 2.0\
    • c:\games\act of aggression\
    • c:\easyboot\
    • c:\nckbox\qualcomm_module\
    • c:\antivir\spybot old\spybot - search & destroy\
    • c:\program files (x86)\call of duty.ghosts.v 1.0.647482\uninstall\
    • c:\game\hitman sniper challenge\
    • c:\gog games\nexus mod manager\uninstall\
    • c:\program files (x86)\izotope\trash 2\
    • c:\sgbr\master\
    • c:\android_mtk\
    • f:\program files\malwarebytes anti-malware\
    • c:\program files\avs4you\avsupdatemanager\
    • c:\program files (x86)\common files\enterbrain\rgss2\rpgvx\
    • c:\games\insurgency\
    • c:\adobe\after effects 4.1\plug-ins\filters\panopticum\
    • c:\truespace76\
    • c:\program files\software informer\
    • c:\outerspace software\
    • c:\ecusafe (loader)\
    • c:\program files\booking\
    • c:\program files (x86)\torrentstime media player\
    • c:\program files\z3x\lg\lgtool\
    • c:\program files\wizvera\delfino\
    • c:\program files\virtual magnifying glass\
    • c:\edgard\angielski multipakiet\
    • c:\asam-assistant 2015\photo recovery\
    • c:\cvavreval2.05\
    • c:\bmnkpb13\
    • c:\program files\apowersoft\video converter studio\
    • c:\bitnami\wordpress-4.9.4-6\imagemagick\
    • c:\atlab\ata5701 tuning viewer xpress\
    • c:\ipc_ax\
    • c:\program files\easeware\drivereasy\
    • c:\program files\azhagi+\
    • c:\odis-diag-modules\pduapi\ven-ime\
    • c:\program files (x86)\didactic\robotinoview2\
    • c:\emu8086\
    • c:\prog\superior\
    • c:\program files (x86)\unknown file handler\
    • c:\corepack\outlast - complete edition\uninstall\
    • c:\documents and settings\comp34\desktop\gimp 2\uninst\
    • c:\ultravnc\
    • c:\program files (x86)\brs\
    • c:\games\dead cells\
    • c:\sistemas\cos 1.0\
    • c:\program files\converthelper\
    • c:\phoenix\uninstallmodulocliente\
    • c:\magic8322\get\
    • f:\program files\usenet.nl\
    • c:\program files\common files\wondershare\wondershare helper compact\
    • c:\program files\estsoft\altoolbar\
    • c:\program files (x86)\freealarmclock\
    • c:\program files\anvsoft\pdfmate free pdf merger\
    • c:\program files\uniform software\uniform invoice software\
    • c:\windows\win2farsi\temp\
    • c:\program files\mpc homecinema (x64)\
    • c:\braca soft\fmrte 19\
    • c:\program files\gametop.com\super mario forever\
    • c:\program files\icare data recovery free\
    • c:\windows\configsetroot\pc_test\pc-test 2 se\files\#7 pc-test 2 se 160\roda\7\
    • c:\anibalbackup\escritorio\zula\
    • c:\games\spintires\
    • c:\archivos de programa\ashampoo\ashampoo uninstaller 5\
    • c:\windows.old\program files\oppo\usb driver\
    • c:\games\resident evil 7 - biohazard\
    • c:\quarantine\folders\iszone.2016-05-19. 6.46.55.90\
    • c:\unigine\valley benchmark 1.0 advanced\
    • c:\program files\acon digital\deverberate\
    • c:\program files (x86)\hd tune pro\
    • c:\gog games\worms armageddon\
    • c:\program files\iolo\system mechanic professional\
    • c:\4nec2\
    • c:\program files\bullzip\pdf printer\
    • c:\program files\k-lite codec pack\
    • c:\program files\wondershare\wondershare video converter ultimate\
    • c:\games\fallout 4\
    • c:\games\world_of_tanks\
    • c:\program files (x86)\innovative solutions\drivermax\
    • c:\arquivos de programas\pdfcreator\
    • c:\program files\mediatek\sp driver\
    • c:\radiodjv2\
    • c:\program files\free desktop clock\
    • c:\z - program files - old\lenovo1\ccsdk\
    • e:\program files\fma\
    • c:\windows\temp\is-l389v.tmp\
    • c:\phdgd virtual vram tool\phdgd virtual vram tool\
    • c:\games\mafia iii\
    • c:\gsm_x_team\grt dongle qualcomm crack v1.0.03\
    • c:\program files\swf file player\
    • c:\windows\system32\cpldapu\uninstall\
    • c:\program files (x86)\aomei backupper\
    • c:\r.g. catalyst\grand theft auto - vice city\uninstall\
    • c:\limbo\
    • c:\program files\apowersoft\video download capture 6\
    • f:\program files\reg organizer\
    • c:\games\grand theft auto iv - the complete edition\
    • c:\program files (x86)\total video converter\
    • c:\program files\mpc-hc\
    • c:\arquivos de programas\youtube downloader hd\
    • c:\program files\zoom\
    • c:\program files\common files\iskysoft\iskysoft helper compact\
    • c:\games\counter strike go edition\
    • c:\windows\system32\spool\drivers\w32x86\3\win2pdf\
    • c:\gog games\banished\
    • c:\arquivos de programas\diebold\warsaw\
    • c:\grand theft auto san andreas\
    • c:\gog games\cuphead\
    • c:\~\quarantine\files\gjucukncbfxgcnovilxjnqcoffrialhc\pcspeedup\
    • c:\corepack\just cause 2\uninstall\
    • c:\amuzi\casinoval\
    • c:\program files (x86)\teamviewer\
    • c:\program files\abyssmedia\wave editor\
    • c:\coocox\coide\
    • c:\~\quarantine\files\yclyqxpxuemhxhvuzsxcemhwxgwvlsmu\
    • c:\program files\ext2fsd\
    • c:\~\quarantine\bh29cm3ory\
    • c:\program files (x86)\mkv player\
    • c:\cwinventory-24\
    • c:\r.g. catalyst\ghost recon - future soldier\uninstall\
    • c:\gdoor sistemas\gdoor 2016\uninst\
    • c:\program files\anvsoft\any video converter ultimate\
    • c:\program files\youtube song downloader\
    • c:\program files (x86)\gigaflat\
    • c:\iso to usb\
    • c:\curso reaper musical\plugins para reaper\auto tune vst para vegas pro(2)\vst bridge\
    • c:\program files\positivo informática\positivo experience\positivo smart backup\
    • c:\antivir\xenu\
    • c:\games\talonro\
    • c:\windows\system32\cpldapu\
    • c:\advantech\daqnavi\runtime\
    • c:\~\quarantine\1xvpfvjcrg\
    • c:\program files (x86)\free pdf reader\
    • c:\program files\z3x\samsung\samsungtoolpro\recovery\
    • c:\program files\audacity\
    • c:\aeriagames\s4league\
    • c:\program files\pia_manager\
    • c:\xampp\mercurymail\
    • c:\archivos de programa\dvdlabpro2\
    • c:\program files (x86)\freemake\freemake video converter\uninstall\
    • c:\program files\dll-files.com client\
    • c:\program files\roguekiller\
    • c:\program files\pcfixkit\
    • c:\cafe station\
    • c:\nex\
    • c:\rbuildtools\3.4\
    • c:\windows.old\program files\minimal adb and fastboot\
    • c:\program files\usb safely remove\
    • c:\program files\wizvera\veraport20\
    • c:\program files\avg\avg pc tuneup\
    • c:\gog games\anno 1701 ad\
    • c:\lawfinder\libed\
    • c:\program files\whocrashed\
    • c:\program files\wondershare\pdfelement\
    • c:\program files\pdf printer for windows 8\
    • c:\program files\facebook\
    • c:\games\battlefield 4\uninstall\
    • c:\bq\bq_firmware_flash_tool\
    • c:\program files\vs revo group\revo uninstaller pro\
    • c:\program files (x86)\common files\pervasive software shared\
    • c:\program files\smartpcfixer\
    • c:\games\euro truck simulator 2\
    • c:\program files (x86)\apowersoft\video converter studio\
    • c:\koplayer\
    • c:\program files\web components\
    • c:\windows\syswow64\
    • c:\arquivos de programas\filter forge\
    • c:\manufactor\
    • c:\program files (x86)\cybercafepro server\
    • c:\games\counter-strike\
    • c:\appl\cdburnerxp\
    • c:\renasoft\transportadora5pro\
    • c:\program files\apowersoft\streaming video recorder\
    • c:\program files (x86)\stellar phoenix windows data recovery.off\
    • c:\pdfocr\
    • c:\games\crossfire\
    • c:\program files (x86)\k-lite codec pack\
    • c:\netxms\
    • c:\gsc11\
    • c:\program files\auslogics\auslogics disk defrag\
    • c:\ruby23-x64\
    • c:\archivos de programa\mojosoft\businesscardsmx\
    • c:\program files\z3x\lg\lgq\
    • c:\hry\brutal legend\
    • c:\program files\easyphototools\
    • c:\program files (x86)\wise\wise disk cleaner\
    • c:\program files (x86)\dll-files.com fixer\
    • c:\tecnobyte\agenda\
    • c:\program files\soundspot\renegade\
    • c:\openssl\
    • c:\program files\iphoneyeta\
    • c:\games\metal slug series\
    • c:\champagne\
    • c:\album design 8 demo\
    • c:\recovered data 05-08 22_27_42\recovered data 05-08 22_28_36\deep scan result\existing partition(ntfs)\program files\kmspico\
    • c:\windows\microsoft.net\framework\v2.0.50727\
    • c:\program files\a-ff find and mount\
    • c:\games\crysis 2\
    • c:\photosi\easyprint4\
    • c:\deltakc\deltatip\
    • c:\ros\
    • c:\program files (x86)\poweriso\
    • c:\dtef8runtime\
    • c:\program files\hxd\
    • c:\program files (x86)\malware hunter suite\
    • c:\program files\7-data card recovery\
    • c:\program files\cpuid\rog cpu-z\
    • c:\program files\easeus\easeus partition master 12.8\
    • c:\games\namste america\
    • c:\one touch upgrade s 2.8.0\
    • c:\sugar_mtk_sp\
    • c:\reserva\at-simplesnacional\sedif\
    • c:\nckbox\huawei_flasher\
    • c:\program files (x86)\my program\
    • c:\bq\bq_firmware_flash_tool\drivers\com.vendor.drivers\data\uninst\
    • c:\gog games\american conquest\
    • e:\programy\pit-y.pl 2017\
    • c:\inferno_volcano_mtk\
    • c:\rf online indonesia\
    • c:\resident evil 7 - biohazard\
    • c:\program files\setup\
    • c:\program files (x86)\common files\digidesign\dae\plug-ins\gladiator\
    • c:\dokman v.3.0\
    • c:\program files\anvsoft\any video converter\
    • f:\program files\auslogics\registry cleaner\
    • c:\destek menkul piyasa takip\
    • c:\multipsk\
    • c:\samsungtoolpro\
    • c:\program files (x86)\wise\wise program uninstaller\
    • c:\game\game\magic academy\
    • c:\program files\dvdfab hd decrypter 4\
    • c:\gaming\need for speed most wanted 2012\
    • c:\program files\docx repair free\
    • c:\program files (x86)\msi kombustor\
    • c:\games\dead island definitive collection\
    • c:\fingerprintsensors\smartchip_dll\
    • c:\windows.old\program files\spt shahzeb\
    • c:\program files (x86)\ad stream recorder\
    • c:\games\icytower1.5\
    • c:\program files (x86)\pit projekt 2014\
    • c:\arq progamas\appbrad\
    • c:\3d rad games\stuntplane v100\
    • c:\morphordservicel0soft\
    • c:\nckbox\android_mtk\
    • c:\program files (x86)\mr dj\hitman absolution professional edition\uninstall\
    • c:\link g4\
    • c:\program files\orban\aac-aacplus plugin\
    • c:\program files (x86)\auslogics\duplicate file finder\
    • c:\program files (x86)\tinypic\
    • c:\program files\dvdvideosoft\
    • c:\program files\sothink video converter\
    • c:\terkon\exaradyo\
    • c:\program files\allegorithmic\substance designer\
    • c:\program files\lenovo\system update\
    • c:\program files (x86)\libusb-win32-0.1.10.1\
    • c:\iverilog\
    • c:\program files\haihaisoft universal player\codec\
    • c:\documents and settings\comp33\desktop\gimp 2\uninst\
    • c:\xim-ble_control_panel_v1_3\
    • c:\program files\wondershare\waf\
    • c:\games\hitman go definitive edition\
    • c:\ccboot\
    • c:\program files\nusphere\phped\cse validator lite 65\
    • c:\program files\zxic_develop_driver\
    • c:\program files\email extractor\
    • c:\hry\2k games\the darkness ii - limited edition\
    • c:\purgeiepro\
    • c:\program files\fixauto\
    • c:\lazarus\
    • c:\games\flyff\
    • c:\program files (x86)\lame for audacity\
    • c:\program files\7thshare\7thshare android data recovery\
    • c:\program files\foxit software\foxit reader\
    • c:\hry\bloody boobs\
    • c:\program files\vs revo group\revo uninstaller\
    • c:\program files\wondershare\pdf converter pro\
    • c:\program files (x86)\pavtube\pavtube video converter ultimate\
    • c:\games\pro evolution soccer 2017\
    • c:\games\lego marvel super heroes 2\
    • c:\asam-assistant 2015\microsd card recovery pro\
    • c:\healthtemp\
    • c:\lokumgames\zula\
    • c:\mamppro\
    • c:\games\f1 2018\
    • c:\program files (x86)\king tools by technical computer solutions\
    • c:\game\softnyxgame\wolfteamls\
    • c:\windows\system32\
    • c:\arquivos de programas\iobit\driver booster\4.3.0\
    • c:\one touch upgrade 6.2.3\
    • c:\program files\huawei\ensp\
    • c:\jpg2pdf\
    • c:\program files\flash memory toolkit\
    • c:\program files\fabfilter\
    • c:\arquivos de programas\aimersoft\video converter ultimate\
    • c:\arquivos de programas\dvdvideosoft\
    • c:\umtool\ultimatehwe\
    • c:\sabre interact\res\v5.5\
    • e:\windows\
    • c:\gog games\stronghold crusader 2\
    • c:\program files\positivo informática\positivo experience\positivo audio power\
    • c:\game\softnyxgame\nyxlauncheris\
    • c:\gog games\rayman forever\
    • c:\dev\mapwingis\
    • c:\program files\cpuid\pc wizard 2009\
    • c:\program files (x86)\gst tool v1.0 by technical computer solutions\
    • c:\program files (x86)\hax264\
    • c:\games\the.evil.within.2.repack-kaos\
    • c:\~\quarantine\files\axicjowsihclyvhdiqduoxylvazcjfky\diskdefrag\
    • c:\arquivos de programas\arsights 1.1\
    • c:\program files (x86)\adata\ssd toolbox\
    • c:\program files\regutility\
    • c:\program files\brosvideo\bros ts converter\
    • c:\program files (x86)\shareit technologies\shareit\
    • f:\program files\hxd\
    • c:\program files\lighten pdf to word converter\
    • c:\program files (x86)\avn products\easy video cutter\
    • c:\program files\your uninstaller! 7\
    • c:\phoenix\uninstalljrpocket\
    • c:\games\world_of_tanks\wgmods essentials\
    • c:\odin\diet\
    • c:\hry\bloodlust shadowhunter\
    • c:\ematrix\cheque\
    • c:\windows\burnintest1\burnintest1\win7bit\
    • c:\arquivos de programas\malwarebytes anti-malware\
    • c:\program files\malwarebytes' anti-malware\
    • c:\mtl-multisync\
    Tip: The code of most malicious files is fixed, rarely changed, which means, this type of malicious files regardless of which computer they are in, will copy themselves into the pre-set path, so we can go to the path listed above to find this file, and there is a great chance to find it.
    Are all the files with the same file name listed above and with the same path malicious files?
    Of course not. The file name is just the identification of the file. Strictly speaking, the file is modified by malicious code.

    The following are methods commonly used by malicious code in order to confuse users:

    • Deliberately modify their own file name to some system file name, or some well-known software name.
    • Generate malicious files in the system folder or in the installation folder of some well-known software, and even name their own folder with an antivirus software name (actually the user did not install this antivirus software). In fact, these malicious files are not system files, nor part of the famous software.

    For example, one of the most common system file names is: explorer.exe, and under normal circumstances, the system only has an explorer.exe process. When you open the Task Manager and find that there are two or more explorer.exe processes, it is likely the camouflage of some malicious viruses. As shown in the following figure, there are two explorer.exe processes in Task Manager.

    When I find the path where the file is located, it will be clear that the real explorer.exe system file is located under "C:\ Windows\", and the malicious file that pretends to be system process is under the other path.

    The running status of the unins000.exe file that is infected with malicious code:
    unins000.exe running statusTake up memory 144K
    Occupy CPU resources between 35% - 53%
    Run the program with the SYSTEM permissions.
    At runtime, 14 Windows system files, 0 external files (not owned by the Windows system), are called
    Windows system files
  • File name
  • Number of calling functions
  • KERNEL32.dll
  • 89
  • USER32.dll
  • 33
  • GDI32.dll
  • 7
  • ADVAPI32.dll
  • 10
  • SHELL32.dll
  • 2
  • ole32.dll
  • 5
  • COMCTL32.dll
  • 1
  • SHLWAPI.dll
  • 1
  • WININET.dll
  • 10
  • d3d9.dll
  • 1
  • WS2_32.dll
  • 1
  • SETUPAPI.dll
  • 4
  • OLEAUT32.dll
  • 3
  • IPHLPAPI.DLL
  • 1
  • Not owned by the windows system
  • File name
  • Number of calling functions
  • In general, the most accurate way to determine if a file is a malicious file is to analyze its code and see what happens when these functions are called while the program is running. Does it have malicious behavior (destroying data or stealing data)? I have listed the functions called by this file and some internal data, but there is too much data, I can't show them all here. →Click here← to see the full binary code analysis page.
    unins000.exe runtime behavior analysis
    The KERNEL32.dll dynamic link library is loaded and the functions in the file are called: ( Kernel32.dll is a very important 32-bit dynamic link library file in the Windows operating system. It is a kernel-level file. It controls the system's memory management, data input and output operations and interrupt handling. When the Windows operating system starts, kernel32.dll resides in a specific write-protected area of memory, so that other programs cannot occupy this memory area. )
  • OpenProcess: Opens an existing local process object.
  • TerminateProcess: Ends the calling process and all its threads.
  • Process32NextW: Retrieves information about the next process recorded in a system snapshot.
  • Process32FirstW: Retrieves information about the first process encountered in a system snapshot.
  • CreateToolhelp32Snapshot: Takes a snapshot of the specified processes, as well as the heaps, modules, and threads used by these processes.
  • GetCurrentProcess: Retrieves a pseudo handle for the current process.
  • GetModuleHandleW: Retrieves a module handle for the specified module. The module must have been loaded by the calling process.
  • GetProcAddress: Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
  • WriteConsoleW: Writes a character string to a console screen buffer beginning at the current cursor location.
  • GetConsoleMode: Retrieves the current input mode of a console's input buffer or the current output mode of a console screen buffer.
  • FlushFileBuffers: Flushes the buffers of a specified file and causes all buffered data to be written to a file.
  • RtlUnwind: Initiates an unwind of procedure call frames.
  • GetModuleFileNameW: Retrieves the fully qualified path for the file that contains the specified module.
  • ExitProcess: Ends the calling process and all its threads.
  • FreeEnvironmentStringsW: Frees a block of environment strings.
  • GetEnvironmentStringsW: Retrieves the environment variables for the current process.
  • GetSystemTimeAsFileTime: Retrieves the current system date and time. The information is in Coordinated Universal Time (UTC) format.
  • GetCurrentProcessId: Retrieves the process identifier of the calling process.
  • QueryPerformanceCounter: Retrieves the current value of the performance counter, which is a high resolution (<1us) time stamp that can be used for time-interval measurements.
  • SetEnvironmentVariableA: Sets the contents of the specified environment variable for the current process.
  • GetStartupInfoW: Retrieves the contents of the STARTUPINFO structure that was specified when the calling process was created.
  • TlsSetValue: Stores a value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process has its own slot for each TLS index.
  • TlsGetValue: Retrieves the value in the calling thread's thread local storage (TLS) slot for the specified TLS index. Each thread of a process has its own slot for each TLS index.
  • TlsAlloc: Allocates a thread local storage (TLS) index. Any thread of the process can subsequently use this index to store and retrieve values that are local to the thread, because each thread receives its own slot for the index.
  • SetUnhandledExceptionFilter: Enables an application to supersede the top-level exception handler of each thread of a process.
  • UnhandledExceptionFilter: An application-defined function that passes unhandled exceptions to the debugger, if the process is being debugged.
  • GetLastError: Retrieves the calling thread's last-error code value.
  • CreateThread: Creates a thread to execute within the virtual address space of the calling process.
  • GetCurrentThreadId: Retrieves the thread identifier of the calling thread.
  • IsDebuggerPresent: Determines whether the calling process is being debugged by a user-mode debugger.
  • GetModuleHandleExW: Retrieves a module handle for the specified module. The module must have been loaded by the calling process.
  • GetStdHandle: Retrieves a handle to the specified standard device (standard input, standard output, or standard error).
  • The ADVAPI32.dll dynamic link library is loaded and the functions in the file are called: ( Advapi32.dll is part of a high-level API application interface service library that contains functions related to object security, registry manipulation, and event logging. It is generally located in the system directory: \WINDOWS\system32\ )
  • AdjustTokenPrivileges: The AdjustTokenPrivileges function enables or disables privileges in the specified access token.
  • LookupPrivilegeValueW: This function retrieves the locally unique identifier (LUID) used on a specified system to locally represent the specified privilege name.
  • OpenProcessToken: This function opens the access token associated with a process.
  • RegQueryValueExW: Retrieves the data associated with the default or unnamed value of a specified registry key.
  • RegOpenKeyExW: Opens the specified registry key. Note that key names are not case sensitive.
  • RegQueryValueExA: Retrieves the data associated with the default or unnamed value of a specified registry key.
  • RegOpenKeyExA: Opens the specified registry key. Note that key names are not case sensitive.
  • The following files have been identified as malicious files. Some files are variants of unins000.exe; some files are another type of malicious file, but use the same file name as unins000.exe.

    It is a simple and effective way to determine whether a file is a malicious file by a hash value, which has lower false detection rate than the "static signature" method. So, if the MD5 value of a file on the computer is the same as the MD5 value listed below, then it is sure that the file is a malicious file.

    This is my analysis results to the code of each malicious below, mainly provided to industry professionals who engage in the maintenance of computer security. If you are interested, you can also have a view, but it may require certain computer knowledge.
    • File Md5
    • File Size
    • File Bit
    • File Type
    • Binary Code Analysis

    How to repair or remove unins000.exe

    Method 1: Manual Removal

    • Reboot the system and then enter safe mode (Click here to see how each Windows version (XP/Vista/7/8/10) goes into safe mode)

    • Open Task Manager and if unins000.exe is running, end this program.
    unins000.exe running status

    • Show all hidden files.
    Step: "My Computer" -> "Floder Options" ->"View" -> "Show hidden files, folders, and drives"

    • Malicious code used to generate or infect files on the following paths, so you need to one by one go into the following path, and delete all files [  unins000.exe, unins001.exe, unins000.tmp  ]

    • c:\umtool\
    • c:\windows.old\program files\z3x emmc odin\
    • c:\program files (x86)\qct- quatronik configuration tool\
    • c:\program files\gimp 2\uninst\
    • c:\program files\softland\novapdf 7\
    • c:\purgeie\

    • Finally, restart your computer.

    Method 2: Automatic Removal Using Tools (Recommended)

    1. Download Removal Tool

    2. Save it into your computer and install it step by step.

    3. During the installation process, the user interface is available in multiple languages and is easy to use.

    4. The installation process is an online installation, so after the installation is complete, the software version and virus database are up-to-date.

    5. After the installation is complete, run the antivirus software and click the "Scan Computer Now!" button to scan the whole system.

    6. Tick "Select all" and then Remove to delete all threats. Reboot your computer.

    When you find your operating system is abnormal, and the file name listed above appears in the Task Manager, or there are several processes in running with the same name as the core file name, it is best to download the anti-virus software to check your system.

    Online detection of unins000.exe

    If you don't know if unins000.exe is infected with malicious code on your computer, you may also use online scan tool.

    • Use the following online detection function to check the file.
  • • Enter the file name, or file MD5, for the query.
  • • You can also scan a file online. Click the "Upload File" button, and then click the "submit" button, to immediately detect whether the file is a virus. (Tip: The maximum size of the file uploaded cannot exceed 8MB)
  • How do I use the T21 engine for online scanning?

    T21 can detect unknown files online, mainly using "behavior-based" judgment mechanism. It is very simple to use T21.

    1. Click the "Upload File" button, select the file you want to detect, and then click "Submit".
    2. The next step is to wait for the system to check, which may take a little time, so please be patient.
    3. When the T21 scan engine finishes detection, the test results are immediately fed back, as shown below:

    • If you suspect that there are malicious files on your computer, but you cannot find where they are, or if you want to make a thorough check on your computer, you can download the automatic scanning tool.

    If you want to know what kind of T21 system is, you can click here to view the introduction of T21. You can also go to the home page to read the original intention and philosophy of my development of T21 system.

    Other captured malicious files:
    zunemtpz.dll file analysis
    zunedriver.dll file analysis
    hackhound.exe file analysis
    drvlangchg.exe file analysis
    usbguardupdate.exe file analysis
    usbguard.exe file analysis
    tier0_s.dll file analysis
    officec2rclient.exe file analysis
    rarext32.dll file analysis
    Copyright statement: The above data is obtained by my analysis, and without authorization, you may not copy or reprint it.
    Leave a Reply

    Your email address will not be published. Required fields are marked *
    If you need help, please leave a message, try to match the picture, and I will reply as soon as possible to each question.

    Name *

    Email

      Comment
      ToolBar:
    Preview, Read Only, Click here Edit Post.

    Copyright © 2016-2019 mygoodtools.com All rights reserved.