Top 10 Alerts
Latest 10 Malware Files
Testimonials
A Big thanks to you people, who have developed this product. My Windows XP Media Center OS was infected with Win32.Renos, Backdoor, XPAntivirus, Xta.kill trojans, spyware as I use rapidshare links a lot. I have licensed McAfee, which is good for nothing and was unable to protect my laptop from these malwares. I tried trial version of Bit Defender, Sunbelt Spyware, Claim Win, A-Squared, but they were unable to do a complete detection and removal of malwares. Exterminate listed all the malwares and registry changes done by them, like task manager, registry edit was disabled. I bought a single PC license, activated, scanned my system thrice and my system is now free from all malwares and viruses and running absolutely fine. I still have to use Mcafee as I have a licensed version but buying Exterminate IT is a worth of £20 spent on it. I will recommend this to everyone who use P2P sites or rapidshare or torrents. Now, I dont have to worry about any malware as I have Exterminate in my system.
Rajkumar P.
Palevo Registry Values
Scan your Windows registry for Palevo
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\aadrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\otytkf.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\ngjax.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\cbzvl.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\bncto.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\mmmpc.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2764737122-3136304474-448723861-9021\syscr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\deh3ubd.exe,[%PROFILE%]\fswagz.exe,[%PROFILE%]\otytkf.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\rmhzb.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\wtylgn.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\ggdrive32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\otytkf.exe,explorer.exe,[%PROFILE%]\mscdcx.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4123226349-7606729324-713386403-1378\bfrss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2743156970-9727464674-350765320-7318\hdnekbjk.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6721429301-6020912059-854955908-4095\syscr.exe,explorer.exe,[%APPDATA%]\ltzqai.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\lbisov.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\wtylgn.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run, Ci Servs=Sontiwin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8839009805-7613629308-182037161-7871\bfrss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\nlwyet.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\jvxqnu.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\vgsz.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0840762042-1033491191-488365227-2318\yv8g67.exe,[%APPDATA%]\ozzfhv.exe,explorer.exe,[%APPDATA%]\lbisov.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\nsvb.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0000097277-1950572935-971100466-1710\test.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\Smc.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\ohydy.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\ydwzro.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%WINDOWS%]\aadrive32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\bjvhq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\lzmjqt.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1386033612-8165655345-808156966-6754\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\utre.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\csrss.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\vfbu.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\fxmdk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\ghdrive32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1041740653-4881398694-125671827-2372\dllrun32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6374672714-8380951548-955066822-6677\hod.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\jahcii.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\jahcii.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ipkk.exe,[%APPDATA%]\swff.exe,[%APPDATA%]\gtcy.exe,[%APPDATA%]\tqsgfb.exe,[%APPDATA%]\mlugjj.exe,J:\sys\sys.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\ipkk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\chinde.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1219\mails76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%APPDATA%]\D4F3D\961A1.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\gog.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\HEDY\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2760928328-0378464821-779436882-2912\MsMxEng.exe,[%APPDATA%]\mrpky.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1490615192-4470221485-302147858-5987\MsMxEng.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%WINDOWS%]\ghdrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\vppg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\ydze.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\bdwoxk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\mrpky.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\dcubkr.exe,[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\ydwzro.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4547862589-1386903191-613885551-3523\wnzip32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\wtylgn.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\sjlp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\rljlz.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\rljlz.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Config Setup=[%WINDOWS%]\jxdrive32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ydwzro.exe,explorer.exe,[%SYSTEM_DRIVE%]\Documents
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5300189214-6359671207-777858554-2041\MsMxEng.exe,explorer.exe,[%APPDATA%]\ydze.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\yaptm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\vppg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2028852275-3723815518-438273136-1548\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1969985185-4307344205-429629795-0040\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5135791537-2174208371-645526588-5960\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4639818074-9666338010-928298976-0648\rundll32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1080095047-3897019750-031504383-0878\yv8g67.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\ooyi.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\ooyi.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\utre.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\LBTWiz.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\vdolew.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\rkxkxw.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\nsgdpj.exe,[%APPDATA%]\endd.exe,explorer.exe,[%APPDATA%]\rkxkxw.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,EXPLORER.EXE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\eyvkt.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\ydze.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\eyvkt.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run, Ci Servs=SysTuwin.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\vfbu.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%WINDOWS%]\ctfmon.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\ctfmon.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\bdepdf.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\lzmjqt.exe,explorer.exe,[%PROFILE%]\jaase.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\eyvkt.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\xvlof.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,EXPLORER.EXE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Config Setup=[%WINDOWS%]\jodrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6845791748-9284528090-513311895-3349\bfrss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,F:\rakija\svrbi.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%PROFILE%]\fswagz.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\jvxqnu.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msmgr=[%PROFILE_TEMP%]\msmgr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1967575624-9771793630-543882770-8073\MsMxEng.exe,[%APPDATA%]\sjlp.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3913308219-5856860983-497796236-0406\MsMxEng.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\msgvn.exe,explorer.exe,[%PROFILE%]\ctfmon.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ju7bd=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Advanced EHTAL Enable=[%WINDOWS%]\Temp\0041276.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4443365500-9243629321-381145476-1341\MsMxEng.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%WINDOWS%]\ggdrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\Deepak\csrss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\ohydy.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\qmkin.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\qmkin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\ygmdrm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\ashok.vora\msgvn.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\BSyBT.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run, Ci Servs=oldbi.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\insnts.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\BSyBT.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\fhrkmk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8054\fifive92.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7422\s523l22mix.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\vppg.exe,[%PROFILE%]\bdwoxk.exe,[%PROFILE%]\fswagz.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5911182652-7280344800-108886767-3447\yv8g67.exe,explorer.exe,[%PROFILE%]\ctfmon.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,[%PROFILE%]\yeawl.exe,explorer.exe,[%PROFILE%]\ydwzro.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9364\fdwde92.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\jvxqnu.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8448812583-8967574584-106833875-4627\nvapbar.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, t7vd=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, jkqq=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fnfx=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-6883\dfe.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0649\mix76dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9849\p9876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1309\p13076dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1849\p1876dsh.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2253073870-8548775339-584437934-0566\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4813152647-3751905853-490871595-6179\nvapbar.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3260056462-9344003603-624223121-1612\nvapbar.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2099945046-5738775194-908884198-3464\sysdate.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9943960642-9727318602-821542634-0574\sysdate.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1095445524-2582389845-271334324-1496\sysdate.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\iptyr.exe,explorer.exe,[%APPDATA%]\mrpky.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2968764148-0566171589-229189214-0005\nvapbar.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ydwzro.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3135339636-1942884308-694751876-8290\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ohydy.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9861387104-9754939070-059579054-5716\mgrls32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\rmhzb.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\wjdrive32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6837028318-1257951363-601586411-8747\yv8g67.exe,[%SYSTEM%]\clsinde.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7424688659-2447076502-940480173-3193\winmap.exe,explorer.exe,[%APPDATA%]\oekx.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\mrpky.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\dpjk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8380576406-8492718247-786193912-0271\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\juzjf.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\AppData\Roaming\rmhzb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9069753554-5546334782-156183067-8985\wnzip32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4361239643-3821703675-158216682-2792\windll.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9069753554-5546334782-156183067-8985\wnzip32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4412672439-4036418827-211959247-8400\yv8g67.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fredg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\yeawl.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0068312337-1649456058-069561901-0012\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%PROFILE_TEMP%]\\xfgnp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\nsvb.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\pnmnwk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\xvlof.exe,[%PROFILE%]\bncto.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\administrator\Application Data\mmmpc.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\aegvvp.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\bdwoxk.exe,Explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\oekx.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6136959209-5519263840-002797264-1345\wingn.exe,explorer.exe,[%APPDATA%]\oekx.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\bowcav.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-6883\dfe.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\zmrnig.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\zmrnig.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4111376051-0080073529-579497531-1575\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8117675025-3433691942-497687655-0684\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0549915184-1566328445-707789417-4520\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9996697234-7408279946-648913035-2179\djwi2kcew.exe,explorer.exe,[%PROFILE%]\xvlof.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3941298124-6576804655-983122873-2839\nvapbar.exe,explorer.exe,[%APPDATA%]\tnzbrg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3941298124-6576804655-983122873-2839\nvapbar.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\cfdrive32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%APPDATA%]\lsass.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\mmmpc.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\sjlp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\yeawl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\bdwoxk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\yeawl.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\hztxr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8721354227-7216085583-036991195-8713\dllrun32.exe,explorer.exe "[%PROFILE%]\maend.exe"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\hztxr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6710331561-4642795096-180862118-9938\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1522786768-2337236034-944999988-0355\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5389934417-3398686730-197059014-9783\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1253851924-1932457417-483143241-9281\yv8g67.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6710331561-4642795096-180862118-9938\yv8g67.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\gsyzq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\ydwzro.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\Update.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\juzjf.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\bncto.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\sxzzs.exe,explorer.exe,[%APPDATA%]\iptyr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,[%PROFILE%]\ydwzro.exe,explorer.exe,[%PROFILE%]\aegvvp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5456910258-6256229609-534053469-7424\wmfcgr.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\Instmiv.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\bncto.exe,explorer.exe,[%PROFILE%]\bdwoxk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1716294750-8569060184-036771231-7224\rundll32.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1159405976-5402119593-837621104-6774\yv8g67.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1159405976-5402119593-837621104-6774\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\ydwzro.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,explorer.exe,[%APPDATA%]\vfbu.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\nlwyet.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\nlwyet.exe,explorer.exe,[%APPDATA%]\nsvb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE_TEMP%]\89299.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1417\systm.exe,explorer.exe,[%APPDATA%]\oekx.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%APPDATA%]\micq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1769355359-0536136660-663903491-8773\hdav.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1769355359-0536136660-663903491-8773\hdav.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5757871094-2517349069-401880025-3939\yv8g67.exe,[%APPDATA%]\juzjf.exe,explorer.exe,[%PROFILE%]\ctfmon.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\bncto.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7541\s523lswp18.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\xefe.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2941724214-2526413190-275419102-7339\syscr.exe,explorer.exe,[%APPDATA%]\ltzqai.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4992225206-4488096811-006650331-7601\wnzip32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\yeawl.exe,Explorer.exe, [%PROGRAM_FILES%]\Microsoft Office\OFFICE11\services.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\bncto.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3182346154-0479154116-444428734-2205\wnzip32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3467\gg44.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\bncto.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, jkqq=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ju7bd=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Fnfx=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-6883\dfe.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, t7vd=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,EXPLORER.EXE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\aruabd\bncto.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\lsass.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\msgvn.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9500624590-1699304076-596905469-0358\test.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\vmpfze.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0543813167-1297165616-406265786-5084\nvapbar.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6536470777-5606412212-096018155-6976\nvapbar.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\nsvb.exe,[%APPDATA%]\ygmdrm.exe,explorer.exe,[%APPDATA%]\lbisov.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\cwdrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9890582368-9341937867-469621352-2045\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\BSqBT.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\jxiz.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\jxiz.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7422\s523l22mix.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7541\s523lswp18.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3040100284-1569690555-739391886-4685\windll.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9181\i1864tg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\lbisov.exe,explorer.exe,F:\ciao\amore.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%APPDATA%]\hotfix.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\mmmpc.exe,explorer.exe,[%APPDATA%]\ooyi.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ydwzro.exe,[%PROFILE%]\bncto.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\systmr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=J:\U3ROM\usbdriver.exe,explorer.exe,[%APPDATA%]\vfbu.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6108209274-4116255620-575039786-7797\hdnekbjk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7422\s523l22mix.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\rmhzb.exe,explorer.exe,[%PROFILE%]\vpyu.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\jzkv.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5068495418-6266377889-528408159-3296\yv8g67.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5535586132-4465900222-811498005-5881\yv8g67.exe,[%APPDATA%]\ufxw.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5048245514-3296344476-909593811-6031\rundll32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\aegvvp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\aegvvp.exe,[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\fswagz.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\ygmdrm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\cbzvl.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Tpp3=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\gpp3g.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\tmrlc.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\xvlof.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3955594745-8988449698-655183645-8495\wnzip32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3955594745-8988449698-655183645-8495\wnzip32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\sjlp.exe,explorer.exe,[%APPDATA%]\lbisov.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1875419723-5027042842-566171015-6430\djwi2kcew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\hozfp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0122\k344m122y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9813\kswor98y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9850\kswor50y.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1858\kswor18y.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\gsyzq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9188509665-8275155044-790479578-5270\hdav.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9188509665-8275155044-790479578-5270\hdav.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ohydy.exe,explorer.exe,[%PROFILE%]\cbzvl.exe,[%APPDATA%]\antispy.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ydwzro.exe,[%PROFILE%]\aegvvp.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3276719503-3965872728-023465141-3215\nissan.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6126173227-2247194483-389529585-1040\wnzip32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\bdepdf.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9358903238-5743984670-021613857-9223\yv8g67.exe,[%APPDATA%]\juzjf.exe,explorer.exe,[%APPDATA%]\nsvb.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\UReg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE%]\msgvn.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\TServ.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7422\s523l22mix.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7541\s523lswp18.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\nsvb.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0242904334-9404609803-667480139-8317\yv8g67.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0242904334-9404609803-667480139-8317\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2261345026-9399017332-481714390-3183\hdnekbjk.exe,explorer.exe,[%PROFILE%]\zmrnig.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\iukdqw.exe,[%APPDATA%]\qgfmc.exe,[%APPDATA%]\tmrlc.exe,[%APPDATA%]\vret.exe,[%APPDATA%]\kksl.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\ydwzro.exe,explorer.exe,[%PROFILE%]\cbzvl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,explorer.exe,[%APPDATA%]\rmhzb.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\zmrnig.exe,explorer.exe,[%PROFILE%]\fxmdk.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\aegvvp.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0022008802-9087943312-376222437-0359\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8338620103-9262886854-789221654-0596\djwi2kcew.exe,[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3429075721-4774656290-166744246-4582\hod.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\aegvvp.exe,explorer.exe,[%PROFILE%]\ydwzro.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-6883\dfe.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\vfbu.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8961\s523lswp98.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7541\s523lswp18.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-0953\klmqm122y.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-7888\ldw08.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-3487\s523ll5pu6s1.exe,EXPLORER.EXE
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\rrfztc.exe,explorer.exe,[%APPDATA%]\uczr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9425253947-8026701681-747985548-3891\test.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\rmhzb.exe,explorer.exe,[%APPDATA%]\nsvb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\nsvb.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3802818759-8737513970-215729721-5507\yv8g67.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8634\dsds110.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1830\zaberg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\rrfztc.exe,[%APPDATA%]\uczr.exe,[%APPDATA%]\zyhzbf.exe,[%APPDATA%]\zhzud.exe,explorer.exe,[%APPDATA%]\cypmj.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Advanced EHTAL Enable=[%PROFILE_TEMP%]\75366.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\aegvvp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\yeawl.exe,explorer.exe,[%APPDATA%]\rmhzb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\msgvn.exe,
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%APPDATA%]\lbisov.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,[%SYSTEM_DRIVE%]\Documents and,[%SYSTEM_DRIVE%]\Documents Settings\Administrator\cbzvl.exe,explorer.exe,[%PROFILE%]\aegvvp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\oekx.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9422610970-3418990615-704181026-1438\winmap.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8930939344-3701335064-629478953-7578\syscr.exe,explorer.exe,[%APPDATA%]\ltzqai.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ozzfhv.exe,[%APPDATA%]\sjlp.exe,explorer.exe,[%APPDATA%]\lbisov.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\aegvvp.exe,[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\ydwzro.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6257296027-8714911280-358691928-0639\wnzip32.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%PROFILE%]\zmrnig.exe,[%PROFILE%]\zmrnig.ee,explorer.xe,[%PROFILE%]\fxmdk.ex
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1456\budau44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyu44.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9220779092-5769945080-999518337-6865\msdrive.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\qmkin.exe,explorer.exe,[%APPDATA%]\vfbu.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\utre.exe,explorer.exe,\Users\maricris\utre.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1457\system.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-6883\dfe.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\Administrador\Datos de programa\vrli.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\Zsorm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\SH-1-5-21877831-88379-708-1455\chromeez.exe,explorer.exe,[%PROFILE%]\xvlof.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8333\lsvb.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1247800944-6956602770-689366427-6288\winmap.exe,explorer.exe,[%APPDATA%]\oekx.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Ci Servs=Sontiwin.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-5033\ggew33.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\cbzvl.exe,explorer.exe,[%PROFILE%]\fswagz.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9627565143-8796664958-778079908-4133\wnzip32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\mcdrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\LMVServ.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\ohydy.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8333\lsvb.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4641287825-6587921289-364550317-8104\syscr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2534962157-7887658649-885258250-6356\nvapbar.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6306227446-5699904504-376585591-7289\nvapbar.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5381594255-1984313802-137533382-3376\MsMxEng.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ydze.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9186294715-4059066473-592897653-1948\yv8g67.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\yxttd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\yxttd.exe,explorer.exe,[%APPDATA%]\wnob.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2362532303-8257401279-395084950-5591\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3523150951-1620509616-311267858-6837\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1090677207-2111241443-105011647-2083\yv8g67.exe,explorer.exe,[%APPDATA%]\ufxw.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\rthdti.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ebzbg.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2192862678-8780134919-124999760-9719\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5270020574-4771004824-144778778-3404\djwi2kcew.exe,[%PROFILE%]\fswagz.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%PROFILE%]\cbzvl.exe,
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\uczr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0120409633-7689137716-702499625-2343\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\ssjq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6116498701-6061460051-080119816-1457\djwi2kcew.exe,explorer.exe,[%PROFILE%]\xvlof.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5847127742-5834738732-454597338-8560\djwi2kcew.exe,[%PROFILE%]\xvlof.exe,[%PROFILE%]\aegvvp.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\sbeb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,[%PROGRAM_FILES%]\PCenter\pc.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9986220397-0641625635-001442307-2913\djwi2kcew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,Explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4581552637-8181136780-660683987-1014\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3116822912-2964425398-193214828-2035\wnzip32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9173567046-9141628891-847577499-6608\bfrss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3008774337-7766191466-741195000-4661\yv8g67.exe,[%APPDATA%]\juzjf.exe,explorer.exe,[%APPDATA%]\nsvb.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\fvrgmt.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2682435257-8263494346-446748157-1915\bfrss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\aegvvp.exe,explorer.exe,[%PROFILE%]\xvlof.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\xvlof.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6737795856-2340736309-100023081-4871\djwi2kcew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6154901201-9611966237-745254242-0103\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6154901201-9611966237-745254242-0103\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Advanced EHTAL Enable=[%PROFILE_TEMP%]\009156.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\qmkin.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\rljlz.exe,[%APPDATA%]\lbisov.exe,[%APPDATA%]\dgixy.exe,explorer.exe,[%PROFILE%]\csrss.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1680957711-4567963205-579967178-3199\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7119083569-7202611952-376874268-2459\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5462237281-2369065074-352640550-0602\syscr.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2875272286-9709282152-654289439-5051\syscr.exe,explorer.exe,[%APPDATA%]\ltzqai.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5189216871-6355635997-856933733-0222\MsMxEng.exe,[%SYSTEM_DRIVE%]\Documents Settings\Friends\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\Documents and
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8312936454-4782728163-379882447-7192\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\cqsgf.exe,[%APPDATA%]\insnts.exe,[%APPDATA%]\vdolew.exe,explorer.exe,[%APPDATA%]\mqpp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\xvlof.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%PROFILE%]\xvlof.exe,Explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9736937247-9847210520-032402266-4621\hdav.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3609061063-7411475352-524363579-8365\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,[%PROFILE%]\fswagz.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4614650777-1492137433-324716078-9938\djwi2kcew.exe,explorer.exe,[%PROFILE%]\xvlof.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9644564046-1497782666-314603435-2569\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4654627236-3692312231-249312577-8993\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\mrpky.exe,explorer.exe,[%APPDATA%]\mmmpc.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%PROFILE_TEMP%]\csrssr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,explorer.exe,[%PROFILE%]\jvxqnu.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2480773855-5080271425-704052165-1179\MsMxEng.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5769881473-0726522266-026141839-9807\MsMxEng.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9789445732-1252172208-036473122-8735\yv8g67.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9504715400-9269081581-231449195-3904\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\SH-1-5-21877831-88379-708-1455\chromeez.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1897995271-7024101566-978124709-3874\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7580284197-6956731406-600505308-3469\MsMxEng.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\nwvyyw.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\yjty.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ygmdrm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6050687632-6267595908-582512842-8573\MsMxEng.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1208035611-3512508506-522438274-2058\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2827671478-4759408072-835055486-5008\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5691960225-5149830034-380255735-8567\djwi2kcew.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\hcnrv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\BStBT.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\cidrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Config Setup=[%WINDOWS%]\jodrive32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\zyhzbf.exe,H:\sond\Mircr0dll.exe,[%PROFILE%]\cbzvl.exe,explorer.exe,[%APPDATA%]\yxttd.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-5287539867-5675258124-428388765-9058\djwi2kcew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6382662093-9843635846-826257824-5498\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresd.exe,explorer.exe,[%PROFILE%]\fxmdk.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\vdolew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,Explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9043\jwkd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-9143\jikd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8763\lsq.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8333\lsvb.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3685661965-4271981200-878483925-1341\hdav.exe,explorer.exe,[%LOCAL_APPDATA%]\Opera\Opera 9\temporary_downloads\img949.pif
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3685661965-4271981200-878483925-1341\hdav.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6191325356-0605271823-329792259-4883\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\Documents and and,[%SYSTEM_DRIVE%]\Documents Settings\mirsija.djordjevic\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\xvlof.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4614650777-1492137433-324716078-9938\djwi2kcew.exe,[%PROFILE%]\fswagz.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0969894099-7567251589-354230592-4815\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\xp\msgvn.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\SH-1-5-21877831-88379-708-1455\chromeez.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fresd.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3862402997-5727244191-253179564-5855\djwi2kcew.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, wors=[%SYSTEM%]\umdmgr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6889098579-5270622322-999835552-1742\yv8g67.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9988255044-2920482512-120503506-0804\yv8g67.exe,[%PROFILE%]\fxmdk.exe,[%PROFILE%]\ydwzro.exe,[%PROFILE%]\jvxqnu.exe,explorer.exe,[%PROFILE%]\gsyzq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\lbisov.exe,explorer.exe,[%APPDATA%]\mmmpc.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\wcmrv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\BSzBT.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\foikn.exe,explorer.exe,[%APPDATA%]\wnob.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\wnob.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1329657533-7264211041-016518290-4210\djwi2kcew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\fhrkmk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3794511599-0888256713-034175164-3493\winlogon.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ozzfhv.exe,explorer.exe,[%APPDATA%]\lbisov.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\notepad.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8333\lsvb.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-6883\dfe.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1214\t7vd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\drivers\notepad.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4181826784-6649094341-133689726-1026\nvapbar.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%APPDATA%]\fhrkmk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ltzqai.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-3858269055-2491428208-819654317-0631\syscr.exe,explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2170068592-1458392647-495998569-7124\hdav.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\qldi.exe,explorer.exe,[%APPDATA%]\sbqh.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ujkm.exe,[%APPDATA%]\hgmfrl.exe,[%APPDATA%]\veef.exe,[%APPDATA%]\idyq.exe,[%APPDATA%]\mzrp.exe,explorer.exe,[%APPDATA%]\uoagxd.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2734578637-8113196680-080381071-2194\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\wchrv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\wchrv.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\ufxw.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9147677466-6580392227-077306296-9228\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1343\jwjqa.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-2734\ju7bd.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8333\lsvb.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-8763\lsq.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ntdrive=[%SYSTEM%]\ntdrive.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fswagz.exe,[%APPDATA%]\nsvb.exe,explorer.exe,[%APPDATA%]\nlwyet.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKLM=[%SYSTEM%]\HelpFiles\Dll_Execute.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Policies=[%SYSTEM%]\HelpFiles\Dll_Execute.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run, Policies=[%SYSTEM%]\HelpFiles\Dll_Execute.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKCU=[%SYSTEM%]\HelpFiles\Dll_Execute.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\oekx.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6576379811-4545635923-503978666-2661\winmap.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\jvxqnu.exe,explorer.exe,[%PROFILE%]\gsyzq.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8571299513-5701107847-223166733-3170\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-4657228839-4017672738-335094365-4384\djwi2kcew.exe,explorer.exe,[%PROFILE%]\fxmdk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1473770546-2821746187-370925147-0048\yv8g67.exe,explorer.exe,[%APPDATA%]\juzjf.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\sjlp.exe,explorer.exe,[%APPDATA%]\gnja.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-6828057049-2736891376-999427706-6613\winmap32.exe,[%APPDATA%]\yjty.exe,explorer.exe,[%APPDATA%]\qmkin.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\wmasrv.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1651351801-4602575680-356951179-5115\syscr.exe,Explorer.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1651351801-4602575680-356951179-5115\syscr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%APPDATA%]\elwb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8081829402-8131360726-850983968-8034\djwi2kcew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\lbisov.exe,explorer.exe,[%APPDATA%]\ozzfhv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\wtfm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%SYSTEM%]\wtfm.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\Documents and Settings\Yasikan\cbzvl.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9261378474-5923088901-112032242-7148\syscr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%APPDATA%]\sbeb.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%WINDOWS%]\wndrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Microsoft Driver Setup=[%WINDOWS%]\wndrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-8302115674-3275977893-880286485-3627\wnzip32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1291824912-8874461163-176932076-5355\syscr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\mzrp.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1815222991-3166893927-541023381-3765\MsMxEng.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0767188622-8571664625-809169719-0673\MsMxEng.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%WINDOWS%]\wjdrive32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\wmiapsrv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2120637079-2310631500-037046308-1728\syscr.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7840005683-8605217685-874785818-0589\djwi2kcew.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9909022704-2820658211-826173252-1322\djwi2kcew.exe,[%PROFILE%]\fxmdk.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-9505944598-0320646483-884512699-2143\djwi2kcew.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%PROFILE%]\yeawl.exe,explorer.exe,[%PROFILE%]\jahcii.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1451\games.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2970585883-1182911070-370907152-9393\yv8g67.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-2970585883-1182911070-370907152-9393\yv8g67.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\mrpky.exe,explorer.exe,[%PROFILE%]\ctfmon.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, Microsoft Driver Setup=[%SYSTEM%]\wmisrv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-1266035942-0195204192-667437225-0165\nvapbar.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Taskman=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-7609164577-0127354300-258071023-5143\nvapbar.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%APPDATA%]\wnob.exe,[%APPDATA%]\tqsgfb.exe,[%APPDATA%]\vbms.exe,explorer.exe,[%APPDATA%]\mlugjj.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell=[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe,explorer.exe,[%SYSTEM_DRIVE%]\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1457\system.exe
Scan your system registry for FREE
CURIOLAB S.M.B.A., Amagertorv 15, 2, 1160 Copenhagen K, Denmark, +45.36965533