Top 10 Alerts
Latest 10 Malware Files
Testimonials
I managed to get my main PC infected by the Koobface virus. I put up with it's constant interruptions as it presented me with the fake virus screens offering to correct the problems for me. This continued for a couple of days. I ran both SUPERAntiSpyware and Malwarebyte's Anti-Malware several times and neither of them cleaned my PC of this irritating virus. Then I found your Exterminate It! product and decided to give it a chance to succeed where my other attempts had failed.
I was blown away by the speed your scan runs, and once it identified the virus, I would have been crazy not to buy the product and let it really exterminate my pc of this virus.
I'm very pleased with your software and I'm so thankful I found it. You've saved me hours of time, effort and frustation.
There are so many companies offering software that promises to clean viruses, but I'm thrilled to find one that actually keeps it's promise.
Thank you!
Sheila M.
Win32.ExpDwnldr Registry Values
Scan your Windows registry for Win32.ExpDwnldr
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, IPC Configuration Utility=IPC Configuration Utility
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, odby=[%WINDOWS%]\odb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\25.tmp.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=cru629.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\a.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax=[%SYSTEM%]\braviax.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax=[%SYSTEM%]\braviax.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax=braviax.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, netx=[%WINDOWS%]\svx.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2882.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, braviax=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {81705d67-3f73-4983-859b-97d0922e5abe}=00
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\b.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1C1.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\69.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\c.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14345.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\E.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1F.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastia=[%SYSTEM%]\brastia.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\e.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\f.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12E.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\66E.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\D62.tmp.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karna.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcp0wj0ev4n=[%SYSTEM%]\lphcp0wj0ev4n.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Framework Windows=frmwrk32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastia=[%SYSTEM%]\brastia.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=system32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%WINDOWS%]\TEMP\b.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, realtekg="[%APPDATA%]\Google\djvlg2072387.exe" 2
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9B.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\413.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, realtecks="[%APPDATA%]\Google\tjwuh601471.exe" 2
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\13604.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, vxdhm="[%APPDATA%]\Google\xtgoj6119471.exe"
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\d.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6B.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, windpipe="[%APPDATA%]\Google\fhexj6825097.exe" 2
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%SYSTEM%]\lowinplay.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%SYSTEM%]\lowinplay.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, realteks="[%APPDATA%]\Google\qgipz2469937.exe" 2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, realtecss="[%APPDATA%]\Google\phtrc345015.exe" 2
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\a.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\15.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6E.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\66.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3ED4.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\i.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, realteks="[%APPDATA%]\Google\afuya1119762.exe" 2
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10782.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%SYSTEM_DRIVE%]\Temp\3.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Smax4="[%APPDATA%]\Google\kjzna1562565.exe"
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy6809.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\F1.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\h.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11199.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\119.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\BD.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, netzip=[%WINDOWS%]\svzip.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, odb=[%WINDOWS%]\odb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\B5F.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, {728b8fc4-9ba9-d432-9e5b-bcfdc84c7322}=[%SYSTEM%]\Rundll32.exe "[%SYSTEM%]\mrmsfgjceyvz.dll" DllStart
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {020487CC-FC04-4B1E-863F-D9801796230B}=Windows Installer Class
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\~tmpa.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {57a52e74-004c-464b-96cc-4dfe5366ea02}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx9403.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\85D.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Somefox=[%PROFILE_TEMP%]\a.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, inrhc9pqj0e5dt=[%PROFILE_TEMP%]\.tt7.tmp.exe /CR=0B9EF0ACFB8FBFDD4B2DD86928DB01F737615C1D5524C9C8E66F9FBEF5D208A0557A25B7F5A9F855E05B8EA0FAAE6465FB1DE64A2EDEB30B2FAD606D25E2B58B0FB5A521F73E0BA1287EE9839D6F3EE095
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhc9pqj0e5dt=[%PROGRAM_FILES%]\rhc9pqj0e5dt\rhc9pqj0e5dt.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphccpqj0e5dt=[%SYSTEM%]\lphccpqj0e5dt.exe
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, [%WINDOWS%]\SYSTEM\dop.exe=[%WINDOWS%]\system\dop.exe:*:Enabled:se
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, [%WINDOWS%]\SYSTEM\se.exe=[%WINDOWS%]\system\se.exe:*:Enabled:se
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2D.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Systray=rundll32.exe sxmg4.dll,RunMain
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ColdWare=[%WINDOWS%]\msb.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat,[%PROGRAM_FILES%]\Google\GOOGLE~2\GOEC62~1.DLL
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcrhqj0e58n=[%SYSTEM%]\lphcrhqj0e58n.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastia=brastia.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%WINDOWS%]\karna.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\17B.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, [%SYSTEM%]\baloon.exe=[%SYSTEM%]\baloon.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, [%SYSTEM%]\cfrog.exe=[%SYSTEM%]\cfrog.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1453.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%COMMON_DESKTOPDIRECTORY%]\sysdiag.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\16.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10926.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {16a0662e-ac21-4ad9-89e8-7495ac5ace93}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1FF.tmp.exe
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, [%WINDOWS%]\SYSTEM\dop.exe=[%WINDOWS%]\system\dop.exe:*:Enabled:svchost
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcl0jj0e5c9=[%SYSTEM%]\lphcl0jj0e5c9.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6A.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\59.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\89.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Somefox=[%PROFILE_TEMP%]\video1019.cfg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4B.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk=[%SYSTEM%]\brastk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\154.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6F37.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\201.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphce7vj0e358=[%SYSTEM%]\lphce7vj0e358.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9C.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\B6C3.tmp.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\C.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Somefox=[%PROFILE_TEMP%]\video1168.cfg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7D1B.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\E3.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcnaej0e18e=[%SYSTEM%]\lphcnaej0e18e.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {257f0149-3042-4f1e-97a1-7602460e97ee}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\57.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, inrhcpnvj0e78s=[%PROFILE_TEMP%]\.tt92F.tmp.exe /CR=8AA55C99CD0FC1B8D6314F0FFE96DBEBCF0E91684174B4974958327F99E408206764C6A4318FD7BDB691A24A0C203A5446301EDB195962083F53B6CD86E55996E01AAA914007827CD7FE3693E7DD457A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk=brastk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk=[%SYSTEM%]\brastk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\35.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\CC2.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4265.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2294.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\~tmpb.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcjgtj0ec91=[%SYSTEM%]\lphcjgtj0ec91.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy1383.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc3l1j0ecsr=[%SYSTEM%]\lphc3l1j0ecsr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhc7l1j0ecsr=[%PROGRAM_FILES%]\rhc7l1j0ecsr\rhc7l1j0ecsr.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\diduwada.dll,[%SYSTEM%]\tagutezu.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {23ed2206-856d-461a-bbcf-1c2466ac5ae3}=00
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx41.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Somefox=[%PROFILE_TEMP%]\video1109.cfg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\video232.cfg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2A.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcl13j0ee2g=[%SYSTEM%]\lphcl13j0ee2g.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\F974.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, IPC Configuration Utility=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1714.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc1hnj0erd9=[%SYSTEM%]\lphc1hnj0erd9.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\90.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc7d7j0er3t=[%SYSTEM%]\lphc7d7j0er3t.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\479.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, defender.exe=[%PROFILE_TEMP%]\defender.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\18266.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2D8C.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\F.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9368.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhc5qqj0eedl=[%PROGRAM_FILES%]\rhc5qqj0eedl\rhc5qqj0eedl.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\449E.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\13.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx190.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5292.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphct0vj0e3d7=[%SYSTEM%]\lphct0vj0e3d7.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\karina.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {d92c8b24-6818-4992-afdd-7e96c92e28bd}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\13469.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\ert520413.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\96.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6363.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\fupipivo.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion, ProductId=VIRUS ALERT!
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROGRAM_FILES%]\Target Web ADS\TargetWebADSh.exe.update.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcedcj0e991=[%SYSTEM%]\lphcedcj0e991.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\21.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\16907.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6090.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\18467.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3495.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {dda28099-dacf-415d-a5a8-bb134fca3d6a}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14247.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\951.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\yonevena.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcgdcj0etbv=[%SYSTEM%]\lphcgdcj0etbv.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, inrhc99jj0ejcr=[%PROFILE_TEMP%]\.tt6.tmp.exe /CR=D41D8CD98F00B204E9800998ECF8427E
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat boiypc.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy2267.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\najejifo.dll [%SYSTEM_DRIVE%]\progra~1\ThunMail\testabd.dll [%SYSTEM%]\bodalene.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7484.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7294.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphclk6j0en5c=[%SYSTEM%]\lphclk6j0en5c.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4299.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, mediacodec.exe=[%PROFILE_TEMP%]\mediacodec.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphctu8j0evf3=[%SYSTEM%]\lphctu8j0evf3.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhcpu8j0evf3=[%PROGRAM_FILES%]\rhcpu8j0evf3\rhcpu8j0evf3.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6247.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1146.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\16648.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3C.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5101.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10610.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc1hbj0e36c=[%SYSTEM%]\lphc1hbj0e36c.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9142.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\517.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\D7.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcthej0etba=[%SYSTEM%]\lphcthej0etba.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3651.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\17942.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9478.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8481.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6409.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8859.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%SYSTEM%]\loinplay.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%SYSTEM%]\loinplay.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\17674.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5325.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3119.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3608.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%WINDOWS%]\TEMP\12196.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7015.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6357.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3784.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4332.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3131.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9432.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12551.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5538.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10022.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9761.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10091.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5367.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11443.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7A.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc3guj0el1p=[%SYSTEM%]\lphc3guj0el1p.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7943.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\19680.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\ert51909.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2119.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\193.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy11169.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx9961.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, buritos=buritos.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1281.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1385.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\357.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11161.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2245.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4817.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {13671a38-6aa3-49a1-bdba-d6fd939fb331}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12037.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12090.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, inrhcrnnj0el98=[%PROFILE_TEMP%]\.tt4.tmp.exe /CR=E378D6B80573F693830D714814CC3DF87DD2B348FA0D02A37A91032A814DB454F5D1D1F05D71FA3E7C950E33C8B85A20CB2BD2B4BE7D239D841C627681EFD77D46D9213F46AA0E466B56B937E04C138C35
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9354.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhc9otj0eact=[%PROGRAM_FILES%]\rhc9otj0eact\rhc9otj0eact.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphccotj0eact=[%SYSTEM%]\lphccotj0eact.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10371.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\358.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9086.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1781.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%PROFILE_TEMP%]\IXP000.TMP\System32.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat??
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat,wbsys.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%PROGRAM_FILES%]\System32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7810.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3568.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcv1bj0ea25=[%SYSTEM%]\lphcv1bj0ea25.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12624.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcpkuj0e13c=[%SYSTEM%]\lphcpkuj0e13c.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcpkuj0e13c=[%SYSTEM%]\lphcpkuj0e13c.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4816.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7196.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc75mj0e50v=[%SYSTEM%]\lphc75mj0e50v.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%SYSTEM%]\cru629.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6464.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc3b3j0elac=[%SYSTEM%]\lphc3b3j0elac.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9264.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11330.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\~tmpi.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy20251.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {6ef79941-9a62-4f0d-984b-2f635b5f4194}=
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat sctitn.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy15359.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy7818.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4516.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14687.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\15421.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%SYSTEM%]\update32.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8593.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3227.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx9391.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhcgefj0ervq=[%PROGRAM_FILES%]\rhcgefj0ervq\rhcgefj0ervq.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhc97qj0ee4r=[%PROGRAM_FILES%]\rhc97qj0ee4r\rhc97qj0ee4r.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat pafxie.dll [%SYSTEM%]\jidaduta.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcjgfj0ea50=[%SYSTEM%]\lphcjgfj0ea50.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\361.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3341.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5487.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {c58a4487-4c2e-45e4-9e3a-52b3a23cc396}=
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat?
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1D1.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcn0qj0ep6c=[%SYSTEM%]\lphcn0qj0ep6c.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\16897.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk=:[%SYSTEM%]\brastk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk=:[%SYSTEM%]\brastk.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphctnvj0e78s=[%SYSTEM%]\lphctnvj0e78s.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc365j0etbg=[%SYSTEM%]\lphc365j0etbg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {069f5b57-5227-4882-904c-92d528fddcee}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\perce.jpg.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run, {308c684d-d588-5014-4895-1a94f1f8456a}=[%SYSTEM%]\Rundll32.exe "[%SYSTEM%]\ycorhvjxcbtv.dll" DllStart
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\19376.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {54becb1c-d4ea-47b2-9b56-c6768144fdd5}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7384.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3982.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12203.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcgg1j0ep5r=[%SYSTEM%]\lphcgg1j0ep5r.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx2452.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2A1.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10540.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2305.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9325.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6407.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3060.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\video1019.cfg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3636.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%PROGRAM_FILES%]\SYSCON~1\sysdiag.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcnlkj0eveo=[%SYSTEM%]\lphcnlkj0eveo.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\ert513902.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\262.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11055.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ColdWare=[%PROFILE_TEMP%]\10371.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5490.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14704.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\17116.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\16170.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\16876.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\15854.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1167.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8383.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, cdoosoft=[%SYSTEM%]\olhrwef.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\13361.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5104.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4403.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\111.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhct0tj0evqk=[%PROGRAM_FILES%]\rhct0tj0evqk\rhct0tj0evqk.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11678.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4356.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%SYSTEM%]\winds32.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {503aa2b1-c257-44d3-82d9-43fd349561a6}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7D80.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14497.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcvo6j0ec9r=[%SYSTEM%]\lphcvo6j0ec9r.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6339.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4849.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9189.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11169.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Somefox=[%PROFILE_TEMP%]\setup1019.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%WINDOWS%]\karina.dat
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc51nj0ep23=[%SYSTEM%]\lphc51nj0ep23.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2651.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\223.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%SYSTEM%]\drivers\svchost.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11780.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3607.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, {f8da1cfb-5a6c-f3de-1678-1f83547c91e0}=[%SYSTEM%]\Rundll32.exe "[%SYSTEM%]\{aef86982-a094-98d7-e264-74b945e1b31b}.dll" DllStart
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\45E8.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\~tmpu.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy2396.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\20243.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4314.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3000.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\585.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%PROGRAM_FILES%]\ThunMail\testabd.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5162.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3062.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\18956.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7684.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9815.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10857.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3948.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\985.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7909.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14258.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc9ksj0en19=[%SYSTEM%]\lphc9ksj0en19.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8414.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {062f3f8b-cb94-4d76-a98a-ef800a438f01}=00
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcp96j0e18g=[%SYSTEM%]\lphcp96j0e18g.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\goveyudi.dll,[%SYSTEM%]\pujawewo.dll,[%SYSTEM%]\ponovisi.dll,
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10542.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11580.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhcvegj0e9bj=[%PROGRAM_FILES%]\rhcvegj0e9bj\rhcvegj0e9bj.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcregj0e9bj=[%SYSTEM%]\lphcregj0e9bj.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10166.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8440.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Somefox=[%PROFILE_TEMP%]\396.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\18233.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\k.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6743.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx8227.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, {941cfed6-7fd7-f3f4-55ae-af4cbee7c955}=[%SYSTEM%]\Rundll32.exe "[%SYSTEM%]\{c36fe0f7-2a4f-e5c5-6dc9-1e2276f4230d}.dll" DllStart
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2884.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12698.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\15446.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy3183.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\38.tmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcam8j0en71=[%SYSTEM%]\lphcam8j0en71.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11453.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10207.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14521.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, brastk=[%WINDOWS%]\system
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10119.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9676.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Somefox=[%PROFILE_TEMP%]\setup81.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8243.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\16621.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5981.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4063.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2771.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {3fda21ed-312c-44dd-9030-a2dc90fd1ccd}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\3344.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {ef246205-4640-4101-8902-0604eea0e7ba}=
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\yikiduta.dll znmbpc.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {bab8f6dc-41b1-440f-a066-aac224906880}=
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7572.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, inrhcv11j0ercc=[%PROFILE_TEMP%]\.tt10.tmp.exe /CR=612DAB836C1CFE7DC30B249D38852008ED7C925FEA3C224D166A4521C98104C1EE2422D498F3ECB5B4A639973A302D87AB42D601530D11318338B45834D7677030CEDC648806063CA80CDE30D934C3ED57
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8811.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\304.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphctw3j0e5b3=[%SYSTEM%]\lphctw3j0e5b3.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat [%SYSTEM%]\buwuwati.dll igbqok.dll
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat [%SYSTEM%]\buwuwati.dll nqqgri.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\10653.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9032.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5676.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\18510.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcl5hj0ecb3=[%SYSTEM%]\lphcl5hj0ecb3.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8213.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6871.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc9wjj0ejcg=[%SYSTEM%]\lphc9wjj0ejcg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy2776.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9635.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\video233.cfg.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4163.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\19768.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\6151.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, {c5c087a3-743b-0412-b476-78b4492929ab}=[%SYSTEM%]\Rundll32.exe "[%SYSTEM%]\pwrhgdestkiu.dll" DllStart
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\24.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\27.tmp.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=[%WINDOWS%]\karna.dat,[%SYSTEM%]\devmgr32.dll
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, inrhc3utj0e9ev=[%PROFILE_TEMP%]\.ttDC.tmp.exe /CR=8CBA18F4F154B8E1B01AA0560819391BB466913918CF3862F61B3C28EC0B474A1269497F5088496449DB97E88B60E25091F176B42DF42175D87BC67E48D99F8A5E62452D462E624FFC80362F0CFDE18901A9B2384A73
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\ert53758.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc186j0ennd=[%SYSTEM%]\lphc186j0ennd.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhc1k8j0e35v=[%PROGRAM_FILES%]\rhc1k8j0e35v\rhc1k8j0e35v.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphc5k8j0e35v=[%SYSTEM%]\lphc5k8j0e35v.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12590.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\12720.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1428.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcv8nj0enn1=[%SYSTEM%]\lphcv8nj0enn1.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcrkkj0erbr=[%SYSTEM%]\lphcrkkj0erbr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar, {e99d4d0c-eb54-46af-b62a-3aa1f31d53e5}=
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhcvkkj0erbr=[%PROGRAM_FILES%]\rhcvkkj0erbr\rhcvkkj0erbr.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcgu7j0ec1e=[%SYSTEM%]\lphcgu7j0ec1e.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat jyizkf.dll [%SYSTEM%]\ruyopaku.dll
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat [%SYSTEM%]\ruyopaku.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4597.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcp0wj0ev4n=[%SYSTEM%]\lphcp0wj0ev4n.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx2636.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\17463.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\1971.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, System32=[%PROGRAM_FILES%]\System Config\snmp.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphca5hj0ea3j=[%SYSTEM%]\lphca5hj0ea3j.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7358.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, {67ff423f-189b-5d68-4af1-2449c135d58c}=[%SYSTEM%]\Rundll32.exe "[%SYSTEM%]\ibeppyqnpi.dll" DllStart
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SMrhce4ej0e38g=[%PROGRAM_FILES%]\rhce4ej0e38g\rhce4ej0e38g.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\11264.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcnltj0ea65=[%SYSTEM%]\lphcnltj0ea65.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\xxx6639.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%LOCAL_APPDATA%]\Temp\11006.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=secuload.dll [%SYSTEM%]\karna.dat
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\4228.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\14058.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lphcj47j0e3c3=[%SYSTEM%]\lphcj47j0e3c3.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\18286.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, {930b86d6-22e7-2893-21b1-17fea4f7717e}=[%SYSTEM%]\Rundll32.exe "[%SYSTEM%]\trrgulwxbrvmj.dll" DllStart
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\5128.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\7597.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UpdateWin=[%SYSTEM%]\acoden.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UpdateWin=[%SYSTEM%]\acoden.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, UpdateWin=[%SYSTEM%]\acoden.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, UpdateWin=[%SYSTEM%]\acoden.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\yyy402.exe
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karna.dat,[%SYSTEM%]\sekapehu.dll
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs=karina.dat,[%SYSTEM%]\sopejuwi.dll msdiew.dll
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\8C.tmp.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\613.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\2258.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\9583.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\ert517909.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\ert53373.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Cognac=[%PROFILE_TEMP%]\ert5536.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSFox=[%PROFILE_TEMP%]\ert510229.exe
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UpdateWin=[%SYSTEM%]\adsntf.exe
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, UpdateWin=[%SYSTEM%]\adsntf.exe
Scan your system registry for FREE
CURIOLAB S.M.B.A., Amagertorv 15, 2, 1160 Copenhagen K, Denmark, +45.36965533