Top 10 Alerts
Latest 10 Malware Files
Testimonials
Just want to say that apparently your Exterminate It has worked like a
charm. I was infected with a most troublesome Malware Trojan that kept
replicating every time McAfee found, blocked and removed it... most annoying
for several days... until Mr. Google led me to your door. What a God send!
With thanks, Tom
Tom S.
OnLineGames Registry Values
Scan your Windows registry for OnLineGames
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%SYSTEM%]\olhrwef.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=[%PROFILE_TEMP%]\dsoqq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE_TEMP%]\herss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nod32=[%PROFILE_TEMP%]\nodqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2=[%SYSTEM%]\winsys2.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SYS1=[%SYSTEM%]\system.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%PROFILE_TEMP%]\apiqq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, king_mg=[%SYSTEM%]\mgking.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, King_ar=[%SYSTEM%]\arking.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {87de8a1a-96c5-4420-b222-ef998f697ce7}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8e6d4583-0fa1-41b2-baaa-63352e6333ca}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {1719b301-b494-4185-9379-242461f9cf02}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {cd478099-014d-4b3a-a4bb-b518f1019bc7}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {737858a9-9aea-4838-9b49-54da731f7f37}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {704c3595-db85-40f6-a601-8d6f346907bd}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {36ac68e6-0c26-4d39-b98e-54b49dab6baa}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {2ef0d734-21fd-4225-a1a2-bcd296182aaf}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {122b901e-493f-4ad9-bc69-7de8c3e52fcc}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {08223b03-1b38-4a33-a83a-a4d3cc1d6e4e}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {23da65d2-c696-4ee4-bee8-b4841dec3e30}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4f5eede5-1687-49d2-8a17-ff0b454fb37b}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {76cbcf38-0583-44c7-a1ae-d463dfe625ec}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {93da1e7d-7c46-4f90-8674-ec90511fca72}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8708994f-1758-4c2c-9a3f-fa22d6cccb41}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {51716c09-6b08-4ccf-b526-718e912c0573}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {ce38b9e6-af0c-4b93-afab-a20c2311ffd0}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {79462c10-db9a-4ca0-b3db-24ae72636b75}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7938bd2f-0143-4c46-991c-71069712d9d9}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {9c20d654-5af8-4db7-a125-1a17d7065c73}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {6b1604e2-a839-463c-906a-27a129781e93}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c20c5a13-4dd7-40d9-90b4-700bab0bbbe9}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {a2bcfcee-c939-433f-a32a-7353a6e720db}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {84639c2d-cd75-4081-b515-329afcecbf19}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {74da2fec-f68f-4dc7-9a45-9174ac044427}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {827e2fb4-1047-43de-848d-e12bb0c97aab}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {136f4843-f6b1-459f-83b5-7b0f982fdda5}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {d36a1df7-6582-4160-b925-59a34e39fe30}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {b7d21764-31a1-4b15-b975-8aaa398ce07f}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {0dcb6565-a9f9-41ca-97e1-65f4a6345f3e}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {b6c3510f-2666-496b-a46f-6eefd6328c2b}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {e16ea4c8-040b-4a12-a0f5-783963ad665d}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c07b914b-c164-42d2-9838-1422c3f70d99}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {20cfdc59-228c-481f-80b6-404bcfa16b13}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {b7f1bfdc-4b6c-4e2f-af7a-638d2d47802c}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {f181f067-7046-4dcb-993f-200990736305}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8a6a5b34-d995-4c5d-9338-b5e264b4a87}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {6049bc02-7eda-4c41-b4ab-d5398607c39e}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {335a9bae-19fa-42f2-afd2-20c3275ef392}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {81eb905c-edf8-4033-80bf-e0f4f46733df}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {09fdf8f4-0f9e-4c84-9f0c-21a1143815e3}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {e1639d0b-cc74-4c22-b662-f2f9367cbefc}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {cb661471-055a-4c5b-9ed0-497b9908fef5}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {3dcb9005-aba0-47f8-8c40-49abc04ae5ee}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, king_mg=[%PROFILE_TEMP%]\mgking.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE_TEMP%]\olhrwef.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2=[%SYSTEM%]\startup.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE%]\IMPOST~1\Temp\herss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cleanhtm=[%APPDATA%]\cleanhtm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDQG32=LYLoadqr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDHG32=LYLoadhr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDMG32=LYLoadmr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDSG32=LYLoadar.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDOG32=LYLoador.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDWG32=LYLoadbr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDEG32=LYLoader.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MSDCG32=LYLeador.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, theme=[%WINDOWS%]\com32.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c5f43bef-ce2f-46d8-afe6-a647bacd1f09}=hook dll rising
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-, cdoosoft=[%PROFILE_TEMP%]\herss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, king_za=[%SYSTEM%]\zaking.exe
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804, Ime File=MGT99008.OCX
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, SysLive=[%PROGRAM_FILES_COMMON%]\SysLive.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, postsos=[%SYSTEM%]\post.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, angeclouds=rundll32.exe "[%PROFILE%]\Microsoft\angeclouds.dll", HotBcfAchF
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1318031954
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, MPMKrnl=rundll32 "[%WINDOWS%]\MKMKrnl.dll",KMainProc
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MPKrnl=rundll32 "[%WINDOWS%]\MPKrnl.dll",KrnlMsgProc
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msconfigs=[%SYSTEM%]\DXGDIALOG.EXE
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, rwasds=[%PROFILE_TEMP%]\huwesa.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, coolsos=[%SYSTEM%]\aqoeerw.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, king_tw=[%SYSTEM%]\twking.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled, cdoosoft=[%PROFILE_TEMP%]\herss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, load=[%SYSTEM%]\scvhost.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%PROGRAM_FILES%]\IMESHA~1\MediaBar\Datamngr\datamngr.dll [%PROGRAM_FILES%]\IMESHA~1\MediaBar\Datamngr\IEBHO.dll karna.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, wowsos=[%SYSTEM%]\wowst.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat??
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 3ASFH=msnmengers.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 3ASFH=[%APPDATA%]\msnmengers.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\guard32.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1278431927
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, SysLive=[%PROGRAM_FILES%]\Common Files\SysLive.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ImagePath="[%PROGRAM_FILES_COMMON%]\System\69\svchost.exe" /AUTO
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804, Ime File=MGT99018.OCX
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks, {328df602-9541-a985-210a-984a698c6f23}=ptjhchlp.dll
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks, {4319a1f1-9410-9654-3201-345ffa349134}=zywmdime.dll
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks, {5a59145f-315d-bc23-ac1f-145df81a34a5}=zyzxeime.dll
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks, {17a924af-1a5f-cf21-ab1d-1d5cf82a8a71}=zywlaime.dll
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks, {4a041f13-a111-12a3-b0cf-f99818aa68a4}=zxmsawin.dll
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks, {4629ff4f-acdb-5c90-a098-facb3456a264}=mpmydapi.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Windows=[%PROGRAM_FILES%]\Windows Media Player\comine.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1322572043
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1314735060
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1322521664
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1322344290
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%SYSTEM_DRIVE%]\Temp\herss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {bd344af4-67ab-4e19-a630-7435587d320b}=hook dll rising
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1299419901
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {d544c22d-1f70-4b1e-873d-d8dabeb26695}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1229189276
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {1dbd6574-d6d0-4782-94c3-69619e719765}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=[%WINDOWS%]\Temp\dsoqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1222807988
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XLNzY0NzctT0VNLTAwNjIwMTUtNDc5MTQyMTY3NjM2OTEw
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c53c1999-1b56-41bd-8f76-520d618f112c}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {32d1a17c-a0e9-4b05-ad83-a292b98cd824}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7198f428-77ac-4837-afbe-1e0393575935}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {5a041f13-a111-12b6-b0cf-f99818aa68a5}=ss12B60096dll.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {5a041f13-a111-12b0-b0cf-f99818aa68a5}=ss12A70096dll.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {5a041f13-a111-12a8-b0cf-f99818aa68a5}=ar12A80099dll.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nod32=[%WINDOWS%]\Temp\nodqq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HMjin=[%SYSTEM%]\HMtin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1230051111
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Services=[%SYSTEM%]\system.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 3ASFH=svchost.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 3ASFH=[%APPDATA%]\svchost.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2=; [%SYSTEM%]\winsys2.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1236688431
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1228890464
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avpa=[%SYSTEM%]\avpo.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%PROFILE%]\LOCALS~1\Temp\apiqq.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\neniweja.dll [%SYSTEM%]\vavanoho.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, aaaa_hg=[%SYSTEM%]\hgaaaa.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, King_ko=[%SYSTEM%]\koking.exe
- HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_d7ba6e\0000, devicedesc=d7ba6e
- HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_d7ba6e\0000, service=d7ba6e
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SOS_reg=[%SYSTEM%]\sosv3.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, system=[%SYSTEM%]\system.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=CRU629.DATR VUJABONO.DLL [%SYSTEM%]\vuwilamu.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1318070158
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kava=[%SYSTEM%]\kavo.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YHNzY0ODMtNjQwLTQ5NjQ5MzctMjM1MzdfLTEyNjYzMzU1NDI=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%SYSTEM_DRIVE%]\Temp\apiqq.exe
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804, Ime File=DBR99005.OCX
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%WINDOWS%]\Temp\herss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cybansos=[%SYSTEM%]\cyban.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1281994176
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=[%PROFILE_TEMP%]\1\dsoqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2="[%SYSTEM%]\winsys2.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {e4814792-efa3-4c20-93d0-8b130a59f9a8}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {da63e650-537c-4042-87bb-9d19d844680b}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {d7c79813-9233-4ae0-832c-99b2e8019673}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {b3721c07-62b3-411a-9dc7-f5f27e3e21ff}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {9ca963ca-107c-4089-b0ab-31380f90d7e3}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {58ff3024-8a83-4b1a-88e9-302f47646eee}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4bf9cba3-8dee-41a1-8bdb-fc28d30e949f}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {43acdcc5-9009-4af4-b80a-93bc656ef298}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {3474a8c2-bef9-46c8-983a-a26a0030ec30}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4fbfd5a4-5fe8-4444-8bd9-fd0fafa64f96}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4d023de9-f4b5-4be0-99c6-7c7ad0cf5426}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {de02f764-c51a-4788-9597-d78ecc2ac08f}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {d91bc61e-7d78-4a2a-a336-7b97e8e52f0b}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {e3367679-4775-4244-a62e-4cfe58fc850b}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {93dee065-ec9b-4505-add3-19880ad3c38f}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {70b0129e-726e-4789-a7c0-5ddc33241e94}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {16af66eb-93c8-49f9-bb09-b4f87cedce46}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4f34c688-fd49-42fc-97f7-87d2f5791612}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {e0d39066-96d7-4891-8527-488adafcd60f}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {495271ca-d0c6-4052-abe6-5b01c73cdfb0}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {12b02216-ac3f-42a7-8313-449771237061}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1231477452
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cerberus=[%SYSTEM%]\system.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cerberus=[%SYSTEM%]\system.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {24144cb8-10ed-4bfc-843f-68a9f3369947}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {11fdb6d4-166a-47bf-a0f8-a09daba75fc1}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {b59f0a61-ef3e-4a2b-9e3a-4a84eddf2308}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7cc109e5-b2fc-4fee-af04-74b2dcbd2540}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, ins=NativeProc.dll,
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {42efe4db-3f49-4ba2-87e9-72b438af5659}=
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804, Ime File=DBR99006.OCX
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled, cdoosoft=[%SYSTEM%]\olhrwef.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat?
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1242580881
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804, Ime File=DBR99008.OCX
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1231112512
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7adc2ab1-5c6a-4178-82da-94863354af7c}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c250cf20-5f89-4310-9854-4bc261fb14fb}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {82710040-f86e-42e0-b1f8-04edf75856f8}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nod32=[%PROFILE_TEMP%]\1\nodqq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%PROFILE_TEMP%]\1\apiqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {33496778-0658-40bc-8352-a8f884ca282b}=MMKAFNFW1095.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%SYSTEM_DRIVE%]\DOCUME~1\GUSTAV~1\CONFIG~1\Temp\apiqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c51c4afb-2a3a-6c2e-ba41-c10f02760731}=
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804, Ime File=DBR99007.OCX
- HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks, {e60a0b68-2f3c-a1d2-a901-9381e036d21a}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%WINDOWS%]\Temp\olhrwef.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1241549150
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WZNTUyNzQtNjQwLTgzNjUzOTEtMjMxOTNfNjczNjQ3MTg5
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\E0200804, Ime File=DBR99000.OCX
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {59dabd72-6a3f-47c0-90e6-23022b72d463}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, =[%WINDOWS%]\system\winweng.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {dd7d4640-4464-48c0-83fd-21338366d2d3}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1239636202
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WZNzY0NzctT0VNLTAwNzIzNDUtMDY1NjdfLTE1NTE5MjU1MzI=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7cbfa3fc-f5be-4717-892c-11c4ea515d12}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msconfigs=[%SYSTEM%]\System32\updater.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msconfigs=[%SYSTEM%]\System32\updater.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1237678783
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQNzY0ODctNjQwLTgzNjUzOTEtMjMzODcxNDQ3NzQwMjIz
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat pinigalo.dll [%SYSTEM%]\folajese.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, ins=Intelproc.dll,
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {36341dc2-9e82-4f3a-bd91-92a15251aa0f}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1225715130
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WTNzY0OTctT0VNLTAwMTUzNDEtMjg1MDQzNjUyODk1ODYx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {f0930a2f-d971-4828-8209-b7dfd266ed44}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {65056902-6e7b-4bd7-95ba-688db5fa5beb}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {2cb77746-8ecc-40ca-8217-10ca8be5efc8}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysW=[%WINDOWS%]\255528L.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, qcjmbgwh.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mjimkmma.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ohjzobjv.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1235877551
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XHNzY0ODctNjQwLTgzNjUzOTEtMjMyMjE1NDI1MzQ2MzMy
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, King_pg=[%SYSTEM%]\pgking.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YENzY0MzQtT0VNLTAwMTE5MDMtMDAxMDBfODM5NzE4OTI2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1259960245
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1235677941
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XGNTUyNzQtNjQwLTQzNzg5NTYtMjM1MDAyNTAwNjMyMDMz
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YDODk1NzgtT0VNLTczMzIxNTctMDAyMDRfLTY1ODc3MTgwNQ==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1229088245
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1227212061
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNzY0NzctT0VNLTAwMTE5MDMtMDAxMDIxMjU4MDg4NzYy
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4b00fa89-7c1a-41f1-af62-c7ff0d3b96a7}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4b00fa80-7c1a-41f1-af62-c7ff0d3b96a7}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=VNODk1NzgtT0VNLTczMzIxNTctMDAwNjE1OTg5NjUyMTU3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {90359234-04b2-4a5d-a8d9-f34b82327f64}=hook dll rising
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1253085376
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, systemz=[%SYSTEM%]\system.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1248304009
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQNTUyNzQtNjQwLTM0MzY4MTMtMjM4NTYzOTgzMDA0MjYx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1237970203
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XLNTUyNzQtNjQzLTQ0NTcwMDEtMjMyODQ1Mzc1MDk0Nzcy
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE%]\Temp\herss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YANTU4OTYtNjQwLTQxNjU0NTMtMjMwNTZfLTgwNTA2OTc4Ng==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSys2="[%SYSTEM%]\startup.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1261112848
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1270566496
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBNzY0ODctT0VNLTAwMTE5MDMtMDAxMTE0MDU2NTAxMzAy
- HKEY_LOCAL_MACHINE\software\\microsoft\\windows\\currentversion\\explorer\\shellexecutehooks, {f60a0b68-af3a-c1d2-cd09-5a80a136d2ba}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1241700881
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBNTU0MzUtNjQwLTA4Nzg2MzMtMjM0MDM0NjI2NjIyOTYy
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1264163216
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XHNzY0ODctNjQwLTE0NTcyMzYtMjM0MTQxOTMyMTAzNDk3
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1232803263
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBNTUwMzQtNjQwLTgzNTU1MDItMjM5Njg0ODgyODkzNTYx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1268506358
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WONzY0NjMtT0VNLTAwNTMxNjYtNDY2NzJfNDc3MzIzMTcy
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {cc3596cb-d6c1-eca1-ae51-deea63f6c21c}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1242085954
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XQNzY0ODctNzc1LTAwNTQzNzItMjI0OTJfLTExMjkxNDY2Njc=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%WINDOWS%]\Temp\apiqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1229984088
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XDNTUyNzQtNjQ4LTg2Mzc0MzQtMjMxMjg3ODU3MTg4MjUw
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1299006619
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1237958592
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XLNTUyNzQtNjQwLTM4Mzg1NjItMjM2MDc5NTk1NDczMTEw
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ahnsoft=[%SYSTEM%]\ahnsbsb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE_TEMP%]\1\herss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=[%PROFILE_TEMP%]\2\dsoqq.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.datr,[%PROGRAM_FILES%]\KASPER~1\KASPER~2\mzvkbd3.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE%]\CONFIG~1\[%PROFILE_TEMP%]\herss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1230952904
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XDODk1NzgtT0VNLTczMTc4MDItMzMyODI3NzYyNDM5MjMx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1263051683
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%SYSTEM_DRIVE%]\DOCUME~1\Sajan\LOCALS~1\Temp\herss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=[%SYSTEM_DRIVE%]\Temp\dsoqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YAMDA0MjYtT0VNLTg5OTI2NjItMDA0MDBfLTEzNjU5OTQzMDI=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1230861354
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1228072342
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {df14157d-3ce2-4d9b-b0cc-7f47e3e31fdb}=ttKAFKAF1074.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {3b1aef69-ddae-fdad-dcab-698f026abdb3}=oohxbbyt.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {398c9b84-4ef7-47b5-9862-de29543b3c42}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {22a9b025-f935-4b08-a5a6-2ca15a0fab7a}=ttQACQAC1046.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, TBMonEx=[%FONTS%]\syn00-19-7E-BF-50-0A\system\smss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1268806505
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8566f82e-03a4-416e-aeac-66600d8881f1}=
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, smbjjaiy.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zhorgokc.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, udolvxqb.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\tusavila.dll,[%SYSTEM%]\mazimiru.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1227226915
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNzY0NzctT0VNLTAwMTE5MDMtMDAxMDY5NDQ3MTU1NTIx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YAMDA0MjYtT0VNLTg5OTI2NjItMDAwMDZfLTk5MzA5NDMzMg==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysW=[%WINDOWS%]\16186L.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WinSysM=[%WINDOWS%]\16186M.exe
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls, AppSecDll=[%SYSTEM%]\config\systemprofile\Local Settings\Application Data\Windows Server\tszznq.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1295702986
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQNzY0ODctNjQwLTU1MzY5OTUtMjM3NjU3NTkxNjk3NTk4
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%PROFILE_TEMP%]\3\apiqq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=[%PROFILE_TEMP%]\9\dsoqq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, nod32=[%PROFILE_TEMP%]\5\nodqq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE_TEMP%]\a\herss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avgupdate=[%SYSTEM%]\system.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, esetsos=[%SYSTEM%]\eset.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {b490415f-65f8-b5c5-d8ba-9405fb12054b}=yzztlmsn.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {55694105-5108-9405-3695-954187462155}=mpwdeapi.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {50940f85-f015-14f1-a05f-f69858ac6d05}=zptlcsys.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {35671234-7890-abcd-cdef-567801237653}=yxcschlp.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {5d098345-6785-1098-5413-678067ae03d5}=tysqbkol.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {25fd6584-698f-bcd2-602c-698745210352}=rijxbkin.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {60a345cd-abcd-efab-cdef-abcd01020306}=pqzfajke.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {1a698452-c5d8-c584-c256-c264c987c5a1}=ijdyapaw.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1246929283
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7ac33570-13d7-44f0-af96-41a14177d30d}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, kell=[%PROGRAM_FILES%]\Manson\liser.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YANTUyNzQtNjQwLTAwNTkyNjYtMjM5OThfNDA0MjQwMzM2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YAMDAzNTktT0VNLTg4MDIwNTUtMDEwMDBfLTg5ODE0NDMxMw==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1278904148
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1244672848
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, TBMonEx=[%FONTS%]\00-1A-73-AE-84-1D\system\wdfmgr.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat [%PROGRAM_FILES%]\Google\GOOGLE~2\GOEC62~1.DLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1293746003
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1230600452
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNTUyNzctT0VNLTAwMTE5MDMtMDAxMDIzMDg0MDk4MzM0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {a9895933-6636-4281-bc58-ee6de2af96e3}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {8c41b7f7-3168-400d-a702-0e7efe0ba304}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {841529cb-7f77-4b99-a895-b5441e0d302f}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {84143967-b645-4bff-b873-da1dc886e9a7}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {73ae86e6-7f03-4c3b-8980-fb1da157d3c7}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {0b846b26-bfe6-4e8e-a948-1db17b77b483}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YANzY0MzUtT0VNLTAwMTE5MDMtMDAxMDBfNTQwMDY5MTY5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1288652197
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBODk1NzgtT0VNLTczMzIxNTctMDAwNjE2OTgxODcxMzQ2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1238761413
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQNzY0ODctT0VNLTAwMjc4MDQtODk5ODg4NTc3OTU4MDIz
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Services=[%SYSTEM%]\System.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1241091048
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBODk1NzgtT0VNLTczMzIxNTctMDAyMzcyODEwNjAxNTQ1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YENTIzMjktT0VNLTAwMDgwMDYtMDE5MjVfLTE3NDQzMDI4NjM=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1229613882
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNzY0NzctT0VNLTAwMTE5MDMtMDAxMTEwNzEwNjcxODEz
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1241750379
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQODk1NzYtT0VNLTczMzIxNDEtMDAwMzk0MjAzNDg5MTQ3
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karina.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, king_hg=[%SYSTEM%]\hgking.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%SYSTEM_DRIVE%]\Tempo\apiqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1235159485
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBNTUyNzQtNjQ4LTg2Mzc0MzQtMjM5NDgwODA3MDc2OTkw
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1281300240
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQNzY0ODctT0VNLTAwMTE5MDMtMDAxMDE3OTMwMTk5MjU1
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ahncsos=[%SYSTEM%]\ahnabc.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1239138509
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {aa59145f-315d-bc23-ac1f-145df81a34aa}=zyzxjime.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {80af1289-f140-a140-d012-c1458759fc08}=ypcqghlp.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7c8d1401-a58d-a81c-cd24-a5915c4517c7}=mnmhgsrv.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {2a698452-c5d8-c584-c256-c264c987c5a2}=ijdybpaw.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1228526080
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNzY0ODctT0VNLTAwMTE5MDMtMDA4MDMyOTA4NjU0MjA5
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, 54dfsger=[%PROFILE_TEMP%]\xvassdf.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%SYSTEM_DRIVE%]\Windows\Temp\herss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {37ac9076-c898-b098-d098-a18319080973}=nhmxcjkl.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {b490415f-65f8-b5c5-d8ba-9405fb12054b}=yzztkmsn.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7c69034a-f45f-d34d-a33a-c33c4d324fc7}=arjreler.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4a908760-8000-4000-a000-9000322145a4}=akjsdkaq.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YENzY0MzUtT0VNLTAwMTE5MDMtMDA4NjVfMTU2NTA1ODIw
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msconfigs=[%APPDATA%]\System32\updater.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WONzY0ODctT0VNLTAwMTE5MDMtMDAxMDJfMTQxMzM1MDU4MA==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1595188933
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, king_mg=[%WINDOWS%]\Temp\mgking.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WNNzY0MTMtT0VNLTAwMTE5MDMtMDAxMDI5MjY3Mzc4OTQw
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=J:\apiqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WONzY0NzctT0VNLTAwMTE5MDMtMDAxMDhfMTI4MDgyMDIwMA==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1288775545
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQNzY0ODctNjQwLTU1MzY5OTUtMjM4MzUxMDk2MzU0ODE3
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, doscp=[%PROFILE_TEMP%]\doscp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1279782340
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%PROFILE%]\LOCALS~1\[%PROFILE_TEMP%]\herss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1287277583
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c3d16072-2e1b-450b-b843-50eaddc8eb63}=hook dll rising
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {f8c6b7b5-dae0-4b78-bf2a-101c9a9cca27}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {42752a70-c149-4995-ae4a-ab81f12e9bc3}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1228083371
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNzY0NTktT0VNLTAwMTE5MDMtMDAxMDAzMTgyMzE1NDI0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XGODk1NzItT0VNLTczMzIxNjYtMDAwOTZfLTQ1NzI3Njc5NA==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1239217796
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNzY0ODctT0VNLTAwMTE5MDMtMDAxMDIwNDEyNjgwNDIx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1237511886
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XLNTUzNzUtT0VNLTAwMTQ2MzctMDc2MTY3OTMzMTU3OTA3
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, api32=[%SYSTEM_DRIVE%]\Windows\Temp\apiqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YHODk1NzgtT0VNLTczMzIxNTctMDAwNjFfLTIwMzAwODI5ODU=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1239746268
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YANTUyNzQtNjQzLTcyMTMzMjMtMjMwNTNfNzM4ODY4MTE3
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, DirectX=[%WINDOWS%]\system\TAPI.exe /shell
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoftshell=[%SYSTEM%]\dllcache\microsoftshell.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1242399390
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WZNTUyNzQtMDc0LTY2NTI1NTYtMjIyODdfLTIxMzg0NTIyMjk=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YBNTU2NjMtNjQwLTA4MTM2OTEtMjM4MTBfMjA5Mzc2MzI0Mg==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1277495199
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WNODk1NzgtT0VNLTczMzIxNTctMDAwNjEwMjI0NjIyOTUy
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (Disabled by AnVir), cdoosoft=[%PROFILE_TEMP%]\herss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, smx4pnp=rundll32.exe "[%PROFILE%]\Microsoft\smx4pnp.dll", Launch
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1286559046
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1279742854
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XGNzYzOTYtT0VNLTAwODA0MDItMTQ1NjQ3NTQ2MzAyNjc1
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {d1cc9dc6-f0bc-40fc-9552-e497b05e05b8}=
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xenhwmzd.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wtbybliz.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, npgofuku.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dkerwmte.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, gawaofwu.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, elixngnw.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, uermtbui.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wjbfghci.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, iyftwbzc.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jidrdsse.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, brecalwk.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lngmilee.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vmxeukaw.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, pdiqtspj.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, wqherfbr.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tqwhkwoo.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, yjbbwvuh.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, mrjlmqbq.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, dsuspqkk.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, cgvrdasv.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, rotucrwl.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, tnfeuccg.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1226060794
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\cru629.dat
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, xolehlpjh.dll={F0930A2F-D971-4828-8209-B7DFD266ED44}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, lweurqhx.dll={71A78CD4-E470-4a18-8457-E0E0283DD507}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {eb9660d8-e1cd-4ff0-b4a9-00cd907f928a}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {6b9fead7-4319-4312-ab05-d8c9cd255bfe}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {434fa69c-5f0a-42e1-82b8-10af2c8e53c6}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {a1a6bc2e-c6a1-43c1-8884-a31d772f42b8}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {dfb3dac5-b0b5-4b05-bfcf-fb42737778fa}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {d9c002dd-ea51-43a2-9009-54eaaaf031a4}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {56bc86c7-0692-4f94-a2c1-6cf1dbf8096c}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {201476d0-2b18-462e-ab9f-3e2b0cc8732b}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {3d144530-43da-47cc-b7c7-a3a9f3b9a6b2}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {21be5fdf-d4cb-4850-ad99-21e68b50bf3f}=
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, jrmvblmr.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, zkhefvsx.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, alraosgq.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, ghwyephh.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, kkmoekyh.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, oiukxpol.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, siuuiveu.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, iyobjvzn.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, yefkxlxz.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, vrzkyeun.dll={21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YBNzYzOTYtT0VNLTAwNDUyNDYtMTM1NDJfLTY2ODY2MDUyNw==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YCNzY0NzctT0VNLTAwMTE5MDMtMDAxMDJfMTAxMjUxNTQ5Ng==
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=J:\dsoqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1247789393
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBODk1NzgtT0VNLTczMzIxNTctMDAyMTE4MzA0NTEyNzMx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WONzY1MDMtNjQwLTgzNjUzOTEtMjMwMjFfNjE1NTg0OTYw
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1255617050
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XLNTU2NzktNjQwLTIyOTE1OTctMjM1MDc3MTM5Mjg2ODY0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1231282444
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1279660481
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBMDA0MjYtT0VNLTg5OTI2NjItMDA0MDAwNDU0NzQyMDYx
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1223751813
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WQNTUyNzQtNjQ1LTIyMjE1NTQtMjMzNDIyMzg4NDA3NTU2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1284654691
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1231024199
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1235840508
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {a5ca6c70-7185-4466-ab45-b1c34e7a37ca}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {a23ca53c-731f-4033-92e8-c1dfb4e71d34}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {4e5cfe74-700b-4a8b-b0bf-a6b47d896c18}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {7a93621d-bffe-4eb1-aae1-cd487f429840}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {e88ae11c-26df-4f4d-8726-c043f513990e}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {1ece2fcb-c1bb-4706-920c-f4c1076fd155}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {c722ad57-35da-4460-8353-328372f32ab2}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {fbfad3a6-0b1e-4122-9c2b-92a4623875ec}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {ccf11fd0-1056-4894-98a9-581ee4649d22}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1226857315
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUNzY0NTItT0VNLTAwNTM3MTUtNjA1NTkxNTExNDg1ODQy
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Hidden, cdoosoft=[%SYSTEM%]\olhrwef.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PWRMGRTE=[%SYSTEM%]\PowreAutoSet.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, dso32=E:\Temp\dsoqq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1279887524
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBNTUwMzQtNjQwLTgzNjUzOTEtMjMzNzg4OTgxMjc2NzI0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1923269163
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {5add154a-2990-49f7-99d8-922e7d292e61}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=XBMDA0MjYtT0VNLTg5OTI2NjItMDA0MDBfMTU0NjQzNTg0NA==
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1241767806
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WZNzY0NzctT0VNLTAwMTE5MDMtMDAxMTFfLTE4NzE2NTY4ODg=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1236812629
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1227666840
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WUcгxSAz
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1277701650
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=WTNTUyNzQtNjQyLTQzMTEwNTctMjM4NzgwMTgxNjI2MzA4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, XML2u=1241863867
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, w32id=YANzY0ODctT0VNLTAwNTQ0NjItODYwMDZfMjcxNTEyMzc1
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\hafedeku.dll gdtzxo.dll
Scan your system registry for FREE
CURIOLAB S.M.B.A., Amagertorv 15, 2, 1160 Copenhagen K, Denmark, +45.36965533