Exterminate It! Antimalware

malpedia

Known threats:699,443 Last Update:August 10, 12:54

Testimonials

I got to say that so far I'm very please with your service. This is my first experience with your company. I have used in the past SpyHunter,Malwarebytes,SpyBlaster, for my detection with Mcafee antivirus/firewall.

Don L.

Autorun Malware- Registry Values List

This is a complete list of Autorun Malware registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the Autorun Malware - malware.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Tok-Cirrhatus="[%LOCAL_APPDATA%]\smss.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mservices.exe=[%APPDATA%]\MServices.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]loader=wscript.exe //B "[%APPDATA%]\Loader.vbe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winshell=[%SYSTEM_DRIVE%]\WinShell\WinSeven.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]loader=wscript.exe //B "[%APPDATA%]\Loader.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]loader=wscript.exe //B "[%APPDATA%]\Loader.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%WINDOWS%]\system\svchost.exe RU
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST=[%WINDOWS%]\system\svchost.exe RO
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%APPDATA%]\readere_lm.com
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\perform\update.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinStart=[%APPDATA%]\Windows.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%RESOURCES%]\svchost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST=[%RESOURCES%]\svchost.exe RO
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explorer.exe=[%APPDATA%]\Microsoft\csrss.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]Microsoft Updates=svehost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Hidden]Microsoft Updates=svehost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices_Hidden]Microsoft Updates=svehost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Updates=svehost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]StubPath="[%SYSTEM_DRIVE%]\Setup\CacheMgr.exe" -as
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinCheck=[%LOCAL_APPDATA%]\wincheck\wincheck.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%WINDOWS%]\windows.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%SYSTEM_DRIVE%]\Google\Windowsupdate.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Word=wscript.exe //B "[%APPDATA%]\Microsoft Office\Microsoft Word.WsF"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Word=wscript.exe //D "[%APPDATA%]\Microsoft Office\Microsoft Word.WsF"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Tok-Cirrhatus=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVHOST=wscript.exe //B "[%PROFILE_TEMP%]\Svhost.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SysWin="[%SYSTEM_DRIVE%]\boots\syswin.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat=wscript.exe //B "[%APPDATA%]\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat=wscript.exe //B "[%APPDATA%]\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Updates=[%ANY_DRIVE%]\Updates.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe=[%APPDATA%]\%APPDATA%\54UzTPv3Sy1l.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSIEXEC=[%PROFILE_TEMP%]\{09a405f0-0a5f-4cfe-a424-a56e9a3186f}\WinDefender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Data=wscript.exe [%COMMON_PROFILE%]\data.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=wscript.exe //B "[%APPDATA%]\Internet Explorer\iexplore.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=wscript.exe //B "[%APPDATA%]\Internet Explorer\iexplore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Services=rundll32 [%PROFILE_TEMP%]\d3dx9_29.dll,f2fr3gh5fds
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows=[%APPDATA%]\Microsoft\Office\rundll32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Driver=[%APPDATA%]\Sysfiles\mm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]user=explorer.exe http://dipladoks.org
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows32=wscript.exe //B "[%PROFILE_TEMP%]\windows32.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%SYSTEM_DRIVE%]\Google\Windowsupdate.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Excel=wscript.exe //B "[%APPDATA%]\Microsoft Office\Microsoft Excel.WsF"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Excel=wscript.exe //B "[%APPDATA%]\Microsoft Office\Microsoft Excel.WsF"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat=wscript.exe //B "[%PROFILE_TEMP%]\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat=wscript.exe //B "[%PROFILE_TEMP%]\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%PROFILE%]\T-608658062085865802096\winsvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Window="[%APPDATA%]\Microsoft\AutoIt3.exe" "[%APPDATA%]\Microsoft\AutoIte"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Disk Master="[%PROGRAM_FILES%]\QILING\Disk Master\DiskMasterUI.exe" -Hide
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%SYSTEM_DRIVE%]\Program File\Microsoft\MicrosoftSafety.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CME="[%PROGRAM_FILESX86%]\Sado\Effusively.exe" aqugiwaqugiwaqugiwaqugi.aqugikaquginaqugimaqugi.aqugipaqugiwaqugi/aqugikb2tw0tw1taqugiw9tw0a4a2kaqugib6kbtwhtm2aqugiNRssnfj87WaqugiY1K6BqFdF
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=[%PROFILE%]\winupdate.vbs
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]sysmon=[%TEMPLATES%]\sysmon.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%APPDATA%]\System\DefenderSecuritySystem.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%PROFILE%]\T-49745040750074006\winsvc.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Word=wscript.exe //D "[%APPDATA%]\Microsoft Office\Microsoft Word.WsF"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Bron-Spizaetus="[%WINDOWS%]\ShellNew\sempalong.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explore=[%PROFILE_TEMP%]\tco\svchost.exe //B "[%PROFILE_TEMP%]\tco\explore.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-Disabled]SVCHOST="[%WINDOWS%]\system\svchost.exe RO"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled]SVCHOST="[%WINDOWS%]\system\svchost.exe ru"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=wscript.exe //B "[%PROFILE_TEMP%]\rknrl.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%APPDATA%]\WindowsUpdate.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Word=wscript.exe //B "[%APPDATA%]\Microsoft Office\Microsoft Word.WsF"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Services.EXE=[%PROFILE_TEMP%]\Services.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]reload=[%SYSTEM_DRIVE%]\PublicPath\PCAT\reload.vbs
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]wscript.exe=wscript.exe //B [%WINDOWS%]\win.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Excel=wscript.exe //D "[%APPDATA%]\Microsoft Office\Microsoft Excel.WsF"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SysWin="[%ANY_DRIVE%]\boots\syswin.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Bron-Spizaetus="[%WINDOWS%]\ShellNew\bronstab.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Services.EXE=[%APPDATA%]\services.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=wscript.exe //B "[%PROFILE_TEMP%]\rknrl.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinStart=wscript.exe //B "[%PROFILE_TEMP%]\rknrl.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]sysmon=[%SYSTEM_DRIVE%]\sysmon.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%PROFILE_TEMP%]\csrss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Communicator="[%PROGRAM_FILESX86%]\Windows Communicator\Communicator.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]smss=[%SYSTEM_DRIVE%]\WINDOW\System32\smss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Client Server Runtime Process=[%SYSTEM%]\csrss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%APPDATA%]\InstallDir\svchost.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\Microsoft\Windows\Windows.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%PROFILE%]\svchost.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update Service="[%COMMON_APPDATA%]\Windows Update Service0\ntulufvxo.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explore=[%PROFILE_TEMP%]\wdn\svchost.exe //B "[%PROFILE_TEMP%]\wdn\explore.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explore=[%PROFILE_TEMP%]\wdn\svchost.exe //B "[%PROFILE_TEMP%]\wdn\explore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winrar=[%PROFILE_TEMP%]\WinRAR\WinRAR.vbs -BB
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]StubPath="[%APPDATA%]\CacheMgr.exe" -as
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Win32BaseServiceMOD=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SystemInit=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]Driver32=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%PERSONAL%]\MSDCSC\msdcsc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=regsvr32 /s "[%SYSTEM_DRIVE%]\Temp:01ACD65A.dat"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%APPDATA%]\WindowsUpdate.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe="[%WINDOWS%]\svchost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Start Page=[%SYSTEM%]\ctfmon.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%PROFILE_TEMP%]\scrss.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=Wscript.exe //e:VBScript "[%WINDOWS%]\:Microsoft Office Update for Windows XP.sys"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%ANY_DRIVE%]\Vo Lam Truyen Ky - Copy\vltk1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]t=\sa-.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]user="[%APPDATA%]\user.lnk"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%ANY_DRIVE%]\patch Worms 3D.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%PROFILE_TEMP%]\AB17.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Client Server Runtime Process=[%APPDATA%]\csrss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%APPDATA%]\Microsoft\Network\Connections\launch.vbs [%APPDATA%]\Microsoft\Network\Connections\cmd.bat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%PERSONAL%]\Microsoft\Svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Software=[%APPDATA%]\Software\sync.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=[%PROFILE_TEMP%]\pk\winupdate.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=[%PROFILE_TEMP%]\uco\svchost.exe //B "[%PROFILE_TEMP%]\uco\iexplore.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=[%PROFILE_TEMP%]\uco\svchost.exe //B "[%PROFILE_TEMP%]\uco\iexplore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%DESKTOPDIRECTORY%]\ConfuserEx Tools\ConfuserEX MethodDecryptor\ConfuserExMethodsDecryptor.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Task Manager=[%PROFILE_TEMP%]\svvc\vcs.vbs -gg
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]loader=[%PROGRAM_FILESX86%]\Letv\LeTVLoader.exe #mini
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinStart=[%LOCAL_APPDATA%]\Microsoft Windows\taskhost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Bron-Spizaetus="[%WINDOWS%]\ShellNew\RakyatKelaparan.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]user=explorer.exe http://ozirizsoos.info
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winprotect=[%APPDATA%]\winprotection\WinProtect.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explore=[%PROFILE_TEMP%]\eco\svchost.exe //B "[%PROFILE_TEMP%]\eco\explore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows=[%APPDATA%]\Microsoft\bbsdiiic\ivrsubgc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=[%APPDATA%]\sy2winapi.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%APPDATA%]\Kernel44\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Session Manager="[%COMMON_APPDATA%]\services\csrss.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows=[%WINDOWS%]\wininit.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Host=[%PROFILE%]\Downloads\Total.Commander.v8.01.Final.Incl.Key.by.valof\Total.Commander.v8.01.Final.Incl.Key.by.alr5000\Total Commander Activator - BlackNinjx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST=[%WINDOWS%]\svchost.exe RO
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%APPDATA%]\eozdgzlsppdpzmh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Data=wscript.exe //B "[%PROFILE_TEMP%]\data.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%APPDATA%]\install\Chrome.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%SYSTEM_DRIVE%]\GoogleChrome\GoogleUpdate.lnk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%SYSTEM_DRIVE%]\Program File\Microsoft\MicrosoftSafety.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FILE="[%PROGRAM_FILESX86%]\Java\jre1.8.0_121\bin\javaw.exe" -jar "[%PROFILE_TEMP%]\File7326958665963967848.jar"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Data=wscript.exe //B "[%PROFILE_TEMP%]\data.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%PROFILE_TEMP%]\Dllhost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NetWork=[%APPDATA%]\network\GoogleUpdate.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Updates=wscript.exe //B "[%PROFILE_TEMP%]\updates.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%APPDATA%]\qwxbfhceheabbfr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%COMMON_APPDATA%]\Updater\updater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%COMMON_APPDATA%]\Updater\Updater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=wscript.exe //D "[%APPDATA%]\Internet Explorer\iexplore.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=wscript.exe //D "[%APPDATA%]\Internet Explorer\iexplore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft="[%APPDATA%]\Leo\nircmd.exe" exec hide "
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Bron-Spizaetus=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NetMon=[%APPDATA%]\Themes\Audiosrv.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Update.exe=[%PROGRAM_FILES%]\Free Youtube Downloader\Update.exe /S
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winXP=[%PROGRAM_FILES%]\Mozilla Firefox\firefox.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%WINDOWS%]\csrss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]clock=[%SYSTEM%]\lclock\Clock.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%COMMON_APPDATA%]\Updater\check-update.exe /silent /wait 120
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat=wscript.exe //B "[%COMMON_APPDATA%]\WinUpdat.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat=wscript.exe //B "[%COMMON_APPDATA%]\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Updates=[%WINDOWS%]\M-794970570475508\winupds.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sys=[%COMMON_APPDATA%]\rutserv.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST=[%PROFILE%]\windows\system\svchost.exe RO
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%WINDOWS%]\lsass.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinAuth=[%PROFILE_TEMP%]\Temp1_WinAuth-3.5.1.zip\WinAuth.exe -min
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%APPDATA%]\lkvtlpkkknknhesehp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MicrosoftUpdate=[%SYSTEM%]\cmd.exe /c @start [%HISTORY%]\History.IE5\Microsoftupdate.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%APPDATA%]\grbgqsmrm.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Updater=[%WINDOWS%]\mc\wuaucIt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explore=[%PROFILE_TEMP%]\tco\svchost.exe //B "[%PROFILE_TEMP%]\tco\explore.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVHOST="[%PROFILE_TEMP%]\svhost.exe" run
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%PERSONAL%]\MSDCSC\msdcsc.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Patch=wscript.exe //B "[%APPDATA%]\Patch.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Patch=wscript.exe //B "[%APPDATA%]\Patch.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NetWork="[%PROGRAM_FILES%]\Waterline\Barbershop.exe" kkab
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%APPDATA%]\hqgndsiuoeedloql.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%PROFILE_TEMP%]\85582401\wch.exe [%PROFILE_TEMP%]\85582401\ddg=skr
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%PROFILE_TEMP%]\85582401\wch.exe [%PROFILE_TEMP%]\85582401\ddg=skr
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Windows Update Service=[%APPDATA%]\Microsoft\Security\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UpData="[%APPDATA%]\Microsoft.NET\dllhost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%SYSTEM_DRIVE%]\Microsoft\Mega.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%COMMON_APPDATA%]\Adobe\system32\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=wscript.exe //B "[%PROFILE_TEMP%]\svchost.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe=[%APPDATA%]\WindowsHelper\svchost
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Spool="[%PROGRAM_FILES%]\sitka\spool.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe=[%APPDATA%]\%APPDATA%\307AVM6dkArr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]loader=[%PROGRAM_FILES%]\Letv\LeTVLoader.exe #mini
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat="[%PROFILE_TEMP%]\WinUpdat.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat="[%PROFILE_TEMP%]\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]Video Process=phgyrip.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explore=[%PROFILE_TEMP%]\eco\svchost.exe //B "[%PROFILE_TEMP%]\eco\explore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Host Service=[%APPDATA%]\ytfinxzhnb\Windows host service.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SERVER.EXE="[%ADMINTOOLS%]\Server.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]defender=[%LOCAL_APPDATA%]\Windows Defender\Defender.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]regedit=wscript.exe //B "[%PROFILE_TEMP%]\regedit.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]regedit=wscript.exe //B "[%PROFILE_TEMP%]\regedit.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UPnP Manager=[%PROGRAM_FILES%]\UPNP Manager\upnpmgr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%PROGRAM_FILES%]\Updater\updater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tcupdater=[%LOCAL_APPDATA%]\TCSystem\TCUpdater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]test=[%WINDOWS%]\bat_starter.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UpData=[%PROFILE_TEMP%]\DX.exe pub1
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Reg="[%APPDATA%]\File.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Reg="[%APPDATA%]\File.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]test=[%WINDOWS%]\Sys64\starter.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Load=[%APPDATA%]\Microsoft\Windows\DsvHelper\svchost.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winrar=wscript.exe //B "[%PROFILE_TEMP%]\winrar.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]smss=[%COMMON_APPDATA%]\smss.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%WINDOWS%]\T-608658062085865802096\winsvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%WINDOWS%]\T-608658062085865802096\winsvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%PROFILE_TEMP%]\92778.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%WINDOWS%]\driver\svchost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%PROGRAM_FILES%]\Microsoft\WindowsDefend.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%PROGRAM_FILES%]\Microsoft\WindowsDefend.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%APPDATA%]\Microsoft\System\Services\svchost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%APPDATA%]\Microsoft\System\Services\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]regsvr=[%APPDATA%]\INT\regsvr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Connector=[%PROGRAM_FILES%]\Connector\Connector.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST=[%COMMON_APPDATA%]\temp\qpqpdndnn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST="[%COMMON_APPDATA%]\temp\qpqpdndnn.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=[%PROFILE_TEMP%]\eco\svchost.exe //B "[%PROFILE_TEMP%]\eco\iexplore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%PROFILE%]\T-564208652452452046852046560\winsvc.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinCheck=[%LOCAL_APPDATA%]\9E0E4BFC-1428587914-2347-A05E-089E01ADF0F3\bnsfD32A.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat=wscript.exe //B "[%ANY_DRIVE%]\Temp\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%APPDATA%]\luyfziqpixyr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%WINDOWS%]\M-5050506806850880580607670660\winsvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%WINDOWS%]\M-5050506806850880580607670660\winsvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syscheck=[%PROFILE_TEMP%]\RegiAsm.exe.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%APPDATA%]\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wininit=[%LOCAL_APPDATA%]\Packages\wininit.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DSS=[%WINDOWS%]\BBSTORE\DSS\DSSAGENT.EXE
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%SYSTEM_DRIVE%]\driver\driver.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Driver=[%SYSTEM_DRIVE%]\systeam\driver.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows=[%WINDOWS%]\Photos.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]RunOnceEx=Rundll32 [%SYSTEM%]\iernonce.dll,RunOnceExProcess
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]once=[%SYSTEM%]\once.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Security=[%SYSTEM_DRIVE%]\MicrosoftSecurity\MicrosoftCMD.lnk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NsUpdate=[%PROFILE_TEMP%]\20957716\hqe.exe [%PROFILE_TEMP%]\20957716\bds-hgs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NsUpdate=[%PROFILE_TEMP%]\20957716\hqe.exe [%PROFILE_TEMP%]\20957716\bds-hgs
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TaskList=[%APPDATA%]\UPUpdata\tasklist
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%APPDATA%]\42x8F0BWte3J2YV6dZord40qHvnmiL\Microsoft Corporation\9.0.7.7\Updater\Updater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe="[%APPDATA%]\SubDir\Client.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]defender="[%PROGRAM_FILES%]\DefenderBind\DefenderBindSt.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-Disabled]SVCHOST="[%WINDOWS%]\system\svchost.exe" RO
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%COMMON_PROGRAMS%]\Microsoft Live\Microsoft Live.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]RunDLL=[%SYSTEM%]\wscript.exe [%COMMON_APPDATA%]\indus\start.vbs
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Systems=[%SYSTEM%]\wscript.exe /e:VBScript.Encode [%APPDATA%]\Microsoft\store\lot.rar
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Classes=[%APPDATA%]\Microsoft\crgrbsrf\cgarfhrj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVHOST=[%ANY_DRIVE%]\Svhost\C.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled]Client Server Runtime Process="[%SYSTEM%]\csrss.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NsUpdate=[%PROFILE_TEMP%]\94755631\iku.exe [%PROFILE_TEMP%]\94755631\drs=lbk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NsUpdate=[%PROFILE_TEMP%]\94755631\iku.exe [%PROFILE_TEMP%]\94755631\drs=lbk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSUpdate=[%PROFILE_TEMP%]\22892284\xek.exe [%PROFILE_TEMP%]\22892284\xwh=vmn
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Taskmgr=[%LOCAL_APPDATA%]\taskmgr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]user=explorer.exe http://exinariuminix.info
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Service Manager=winsvc32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Load=[%APPDATA%]\Microsoft\Windows\DsvHelper\mss.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FILE=[%PROFILE_TEMP%]\251020111053.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Load=[%APPDATA%]\Microsoft\Windows\DsvHelper\mms.lnk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=wscript.exe //B "[%PROFILE_TEMP%]\windows.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=wscript.exe //B "[%PROFILE_TEMP%]\windows.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update Manager=[%PROGRAM_FILES%]\JavaLive! Manager\jvsystem32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winlog=wscript.exe //B "[%PROFILE_TEMP%]\winlog.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe="[%WINDOWS%]\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Net=[%SYSTEM_DRIVE%]\Cache\All Users\{90120000-0019-0816-0000-0000000FF1CE}-C\path.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Excel=[%APPDATA%]\Microsoft\abwehvic\etfedijj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FILE=wscript.exe //B "[%PROFILE_TEMP%]\File.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fc="[%APPDATA%]\Microsoft\Windows\dllcache\fc.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Bron-Spizaetus="[%WINDOWS%]\ShellNew\ElnorB.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cassandra=[%PROGRAM_FILES%]\Sawgrass\Cassandra\Cassandra.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update Center=[%APPDATA%]\WindowsW0W32\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]user=explorer.exe http://kb-ribaki.org
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Security="[%APPDATA%]\Microsoft\Credentials\StarterModule.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SystemCheck=Runtime.exe /nomsg
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%COMMON_APPDATA%]\svchost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Load=[%APPDATA%]\Microsoft\Windows\DwiDesk\MsRunner.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%WINDOWS%]\Temp\7325.tmp /autorun
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=[%SYSTEM_DRIVE%]\temp\uco\svchost.exe //B "[%SYSTEM_DRIVE%]\temp\uco\iexplore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=[%SYSTEM_DRIVE%]\temp\uco\svchost.exe //B "[%SYSTEM_DRIVE%]\temp\uco\iexplore.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Load=[%APPDATA%]\Microsoft\Windows\DwiDesk\muti.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Load=[%APPDATA%]\Microsoft\Windows\DwiDesk\windVsl.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FILE="[%PROGRAM_FILES%]\Java\jre1.8.0_111\bin\javaw.exe" -jar "[%APPDATA%]\File.jar"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%PROFILE_TEMP%]\smss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winhost=[%APPDATA%]\TorCash\TorCash Wallet\bin\require\host.exe -i
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%PERSONAL%]\DCSCMIN\IMDCSC.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winhost=[%APPDATA%]\Bot.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%PROFILE_TEMP%]\485868232.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Corporation=[%WINDOWS%]\sys32\mstsc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\alpha.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]WindowsUpdate="[%COMMON_APPDATA%]\Microsoft.com"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%SYSTEM_DRIVE%]\Program File\Microsoft\WindowsDefend.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%SYSTEM_DRIVE%]\Program File\Microsoft\WindowsDefend.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]smss=[%COMMON_APPDATA%]\smss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winlogon.exe=[%APPDATA%]\Microsoft\Office\16\Outlook\winlogon.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winlog=wscript.exe //B "[%APPDATA%]\winlog.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]kernel32=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST="[%PROFILE_TEMP%]\svchost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST="[%PROFILE_TEMP%]\svchost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]divx=[%APPDATA%]\divx\divx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%SYSTEM_DRIVE%]\systeam\start.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=%Temp%\Microsoft\wautlc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]key=wscript.exe //B "[%APPDATA%]\key.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winint=[%WINDOWS%]\winint.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=[%WINDOWS%]\NewFolder.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater="[%PROGRAM_FILES%]\Java\jre1.8.0_102\bin\javaw.exe" -jar "[%APPDATA%]\Updater.jar"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVHOST=[%DESKTOPDIRECTORY%]\Borderlands 2 Trainer Tool\Borderlands 2 v1.0-Update 1 Plus 24 Trainer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]sysinfo=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W3KNetwork=RunDll32.exe w3knet.dll,DLLInitRun
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft="[%PROFILE_TEMP%]\taskmgr.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSIdll=rundll32.exe msivml32.dll,jnnTln
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winapp=[%APPDATA%]\Windows\WinApp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Services=rundll32 [%PROFILE_TEMP%]\d3dx9_27.dll,f2fr3gh5fds
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]defender=[%APPDATA%]\sDnY16UaJWxQqwZoe2oh2t5Wb2z5.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Driver=[%COMMON_APPDATA%]\service.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]defender=[%APPDATA%]\sDnY16UaJWxQqwZoe2oh2t5Wb2z5.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%PERSONAL%]\MSDCSC\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System Tray=[%INTERNET_CACHE%]\Content.IE5\[%RANDOM_NAME%]\application.pif
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Update.exe=[%APPDATA%]\Update\Update.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]updater=[%COMMON_APPDATA%]\Updater\Updater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]updater=[%COMMON_APPDATA%]\Updater\updater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sys="[%PROGRAM_FILES%]\Java\jre1.8.0_131\bin\javaw.exe" -jar "[%PROFILE_TEMP%]\Sys760913812886425379.jar"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%APPDATA%]\Microsoft\Windows\1042\dllhost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%WINDOWS%]\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%PROFILE_TEMP%]\yeaplayer51495.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%PROFILE_TEMP%]\explorer.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe="[%PROFILE_TEMP%]\svchost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=[%APPDATA%]\pa2sEa23ZLlFUX1It9BW6IwIqYCX.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SystemTools="[%PROGRAM_FILES%]\System Tools 9.0.0\SystemTools.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Services.EXE="[%APPDATA%]\services.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Load=[%APPDATA%]\Microsoft\Windows\DwiDesk\Filename.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%PROFILE_TEMP%]\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%PROFILE_TEMP%]\service2.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]seekmo="[%PROGRAM_FILES%]\seekmo\seekmo.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]License Manager="[%PROGRAM_FILES%]\License_Manager\license_manager.exe " /silent
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winhelp=[%PROFILE_TEMP%]\winhelp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%PROGRAM_FILES%]\Windows Media Player\comine.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explorer.exe=[%APPDATA%]\Microsoft\explorer.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SysStart=[%COMMON_APPDATA%]\SSA\monitor.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%PROFILE_TEMP%]\55755834\dkg.exe [%PROFILE_TEMP%]\55755834\fuc-mfr
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled]microsoft="wscript.exe //B [%APPDATA%]\Microsoft.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe=[%SYSTEM%]\[%WINDOWS%]\5vdiuG7M5uVt\System32
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinLogin=[%TEMPLATES%]\winlogin.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winserver=[%DESKTOPDIRECTORY%]\Client.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=\Windows\Explorer.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled]Windows Update="[%APPDATA%]\dllhost.exe" ..
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%APPDATA%]\dllhost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled]Windows Update="[%APPDATA%]\dllhost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%APPDATA%]\dllhost.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST=\Windows\Explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST="[%PROFILE_TEMP%]\4014.tmp.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplore=[%PROFILE_TEMP%]\eco\svchost.exe //B "[%PROFILE_TEMP%]\eco\iexplore.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=[%PROFILE_TEMP%]\wocualts.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=[%PROFILE_TEMP%]\wocualts.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST="[%PROFILE_TEMP%]\3468.tmp.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Client Server Runtime Process=[%APPDATA%]\Microsoft\stwvstjg\rtfdgred.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lsasss=[%SYSTEM_DRIVE%]\lsasss.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Hidden]SVCHOST=[%RESOURCES%]\svchost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce_Hidden]SVCHOST=[%RESOURCES%]\svchost.exe RO
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Word=wscript.exe //D "[%APPDATA%]\Microsoft Office\\Microsoft Word.WsF"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Word=wscript.exe //D "[%APPDATA%]\Microsoft Office\\Microsoft Word.WsF"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lsass=[%COMMON_APPDATA%]\lsass.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=wscript.exe //B "[%PROFILE_TEMP%]\win.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Updates=D:\Updates.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Video=[%COMMON_APPDATA%]\video\drvvideo.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%WINDOWS%]\svchost.exe RU
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%APPDATA%]\ihf\hst.exe [%APPDATA%]\ihf\kea-rnn
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinAuth=[%PROFILE%]\Downloads\WinAuth.exe -min
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Excel=wscript.exe //B "[%APPDATA%]\Microsoft Office\\Microsoft Excel.WsF"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%PROFILE_TEMP%]\is-9I08F.tmp\51490.exe /autorun
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%APPDATA%]\hexjm\tsxve.com [%APPDATA%]\hexjm\rbxvn.ggg
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%APPDATA%]\hexjm\tsxve.com [%APPDATA%]\hexjm\rbxvn.ggg
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=[%APPDATA%]\LhJJOHgd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winapp=[%APPDATA%]\Windows\System.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WindowsUpdate=[%PROFILE_TEMP%]\75557258\trm.exe [%PROFILE_TEMP%]\75557258\lxb-xog
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]WindowsUpdate="Error Reading Key"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]scheck="[%APPDATA%]\SCheck\SCheck.exe" check nohp nods
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]system.exe="[%APPDATA%]\system.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]system.exe="[%APPDATA%]\system.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]NS="[%PROGRAM_FILES%]\NORTON~1\{0C55C~1\NS\A5E82D02\22100~1.85\InstStub.exe" /RELAUNCH /RUNONCE /PRODID NS /FSD "[%COMMON_PROFILE%]\DOWNLO~1\Norton\{NS210~1\NSDELU~1.EXE" /upgradelayout /ADMIN
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinTask=[%WINDOWS%]\wintask.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Driver=wscript.exe //B "[%PROFILE_TEMP%]\driver.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Syskey=[%COMMON_PROFILE%]\mplace\keymasher.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Task Manager="[%APPDATA%]\Task Manager\Task Managerservice.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]notepad.exe=[%APPDATA%]\SKRRRT.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]explorer.exe=[%APPDATA%]\test_skeet.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]clock=[%PROGRAM_FILES%]\Clock\Clock
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]schost=rundll32 "[%APPDATA%]\WebUpdates\ManagedStub.dll",handle
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DirectX=wscript.exe //B "[%PROFILE_TEMP%]\Directx.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DirectX=wscript.exe //B "[%PROFILE_TEMP%]\Directx.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Trickler="[%PROGRAM_FILES%]\gator.com\fsg\fsg.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Driver=[%WINDOWS%]\Drivers\driver.bat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\local.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\local.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win update=[%APPDATA%]\Win Update.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%APPDATA%]\Google\int\Updater.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST=[%APPDATA%]\com9.{20D04FE0-3AEA-1069-A2D8-08002B30309D}\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%APPDATA%]\com9.{20D04FE0-3AEA-1069-A2D8-08002B30309D}\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinStart=[%LOCAL_APPDATA%]\Microsoft Windows\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Session Manager="[%SYSTEMX86%]\smms.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SysCtl=[%PROGRAM_FILES%]\TmtkControl\sysctl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Explorer=[%WINDOWS%]\rnx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System Backup=[%APPDATA%]\Recovery\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%STARTUP%]\Java update.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinUpdate=[%SYSTEM%]\MSDCSC\winupdate.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=wscript.exe //B "[%PROFILE_TEMP%]\windows update.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\MSconfig\restore.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%WINDOWS%]\Temp\2EE7.tmp /autorun
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]Msys32="[%PROGRAM_FILES%]\Morfit\Secret Mission ep1\morfitwebentrance.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]userinit=[%APPDATA%]\sdra64.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]POP=[%SYSTEM%]\rundll32.exe "[%PROGRAM_FILES%]\Pop\Ms_001CBF744DE9.dll",#16
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%PROFILE%]\M-505057621985990250101320\winsvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=regsvr32 /s "[%SYSTEM_DRIVE%]\Temp:03BBE624.dat"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%APPDATA%]\tebjghcfdxjkst.zip
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winrar=[%APPDATA%]\Microsoft\ghaabafd\hcjhrwvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Help=[%LOCAL_APPDATA%]\Microsoft Help\MsHelpCenter.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%PROFILE_TEMP%]\nsdD02.tmp /autorun
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update Manager=[%APPDATA%]\WindowsUpdate\VGA.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater="[%APPDATA%]\Microsoft\office\dllchost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled]Tok-Cirrhatus="[%LOCAL_APPDATA%]\smss.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-Disabled]Client Server Runtime Process="[%APPDATA%]\csrss.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]My App=[%APPDATA%]\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows=[%APPDATA%]\Microsoft\Setup\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]OSSProxy=[%PROGRAM_FILES%]\relevantknowledge\rlvknlg.exe -bootinstall
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%LOCAL_APPDATA%]\Microsoft\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%WINDOWS%]\Temp\8675.tmp /autorun
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CSRSS=[%APPDATA%]\Microsoft\Temp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Debugger=wscript.exe //b //e:vbscript.encode "[%SYSTEM%]\debug.txt"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%ANY_DRIVE%]\Sniper Elite\SNIPERE4SETUP.EXE" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%PROFILE_TEMP%]\is-3HIPK.tmp\51492.exe /autorun
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]SVCHOST="[%PROGRAM_FILES%]\Windows\svchost.exe" -a /a
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Windows="[%PROGRAM_FILES%]\windows\windows.exe" -a /a
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%STARTUP%]\17930164.lnk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SysStart=[%COMMON_APPDATA%]\SSA\envtask.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NetWork=[%APPDATA%]\network\ChromeUpdate.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe=[%APPDATA%]\OWZCEN323F\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winhlp32.exe=[%APPDATA%]\OWZCEN323F\winhlp32.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SystemManager="[%APPDATA%]\SystemManager.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SystemManager="[%APPDATA%]\SystemManager.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinStart=[%LOCAL_APPDATA%]\Microsoft Windows\svchost.exe.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sysdir="[%COMMON_APPDATA%]\SysApp\SysDir.exe" /Hide
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%APPDATA%]\Microsoft\wbhebeft\sgufecws.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Registry Services=[%SYSTEM_DRIVE%]\WINNIT\0x03847\SYS\RegistryServiceBackup.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Performance Monitor=rundll32.exe "[%LOCAL_APPDATA%]\Microsoft\Performance\Monitor\PerformanceMonitor.dll",DllInstall
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Internat=INTERNAT.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Service=[%PROFILE%]\M-50507564324649683503740\winsvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=wscript.exe //B "[%PROFILE_TEMP%]\updater.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update=[%SYSTEM_DRIVE%]\FromUSB\Emule\config\svohcst.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSIdll=rundll32.exe msivqa32.dll,run
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]Windows Update=[%SYSTEM_DRIVE%]\Google\Windowsupdate.lnk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]Windows Update=[%SYSTEM_DRIVE%]\Google\Windowsupdate.lnk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Swchost=[%WINDOWS%]\swchost.exe RU
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]userinit=[%WINDOWS%]\userinit.exe RU
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update="[%STARTUP%]\Java update.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Task Manager=[%SYSTEM%]\taskmgr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]taskmanager="[%COMMON_APPDATA%]\Task.Manager\Task Manager.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdat="[%APPDATA%]\WinUpdat.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%WINDOWS%]\sync.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Hidden]WinCheck=[%LOCAL_APPDATA%]\wincheck\wincheck.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe=[%PROFILE_TEMP%]\svchost.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater="[%APPDATA%]\sqjkmjjcuotdjrzzchapwpvkrwokpane\Launcher.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update Manager=[%APPDATA%]\WindowsUpdate\MSupdate.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SystemTools="[%PROGRAM_FILES%]\System Tools 8.4.4\SystemTools.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost.exe=[%WINDOWS%]\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%PROFILE_TEMP%]\is-ON0SO.tmp\51495.exe /autorun
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Driver="[%APPDATA%]\Windows\win.exe" /autostart
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Net=wscript.exe //B "[%PROFILE_TEMP%]\net.jse"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows="[%SYSTEM_DRIVE%]\KMSpico\KMSpico_Setup.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows="[%SYSTEM_DRIVE%]\KMSpico\KMSpico_Setup.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]services=[%PROFILE_TEMP%]\Driver\2suZJ4eZad5d\2suZJ4eZad5d\csrss.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%APPDATA%]\lssass.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=wscript.exe //B "[%APPDATA%]\windows.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]updater=[%APPDATA%]\Microsoft\Systema\Updater.exe "[%APPDATA%]\Microsoft\Systema\Updater"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]VideoDriver=[%APPDATA%]\Windows\VideoDriver.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FILE="[%PROGRAM_FILES%]\Java\jre1.8.0_121\bin\javaw.exe" -jar "[%PROFILE_TEMP%]\File1442760386893980515.jar"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]user=[%WINDOWS%]\TEMP\g96C8.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FILE="[%PROGRAM_FILES%]\Java\jre1.8.0_121\bin\javaw.exe" -jar "[%APPDATA%]\File.jar"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winrar=[%APPDATA%]\Microsoft\bcveucea\jtjufbss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]microsoft=[%COMMON_STARTMENU%]\ASLJtFazUTg5\Microsoft.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%PROFILE_TEMP%]\is-PGT1D.tmp\51490.exe /autorun
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SysCtl=[%PROGRAM_FILES%]\MediaVideoPlayer\sysctl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%WINDOWS%]\Temp\E4EA.tmp /autorun
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]Windows Update=[%PROFILE_TEMP%]\WinAV.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winapp=[%APPDATA%]\Windows\helpar.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]microsoft=[%SYSTEM%]\lala.bat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Classes=[%APPDATA%]\Microsoft\gdawsesa\iigvgrti.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%STARTUP%]\10859745.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST=[%APPDATA%]\appdata\HTFkCiMXvvsR.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]StartMenu=[%APPDATA%]\StartMenu\StartMenu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AdobeA=[%APPDATA%]\Adobe\Adobe Inc\AdobeRead\bct03.bat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinStart=[%LOCAL_APPDATA%]\Microsoft Windows\spdc32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SVCHOST="[%APPDATA%]\svchost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]SVCHOST="[%APPDATA%]\svchost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows=[%PROFILE_TEMP%]\KB00059670.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Services=service2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]system.="[%PROFILE%]\microsoft.exe" ..
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]McAfee=[%APPDATA%]\Microsoft\hhstrhev\scddagda.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Bron-Spizaetus="[%WINDOWS%]\INF\norBtok.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]Windows Update Service=[%COMMON_APPDATA%]\Windows Update Service0\ywtrkuoss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Update Service="[%COMMON_APPDATA%]\Windows Update Service0\ywtrkuoss.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]userinit=[%WINDOWS%]\userinit.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%WINDOWS%]\Temp\61D4.tmp /autorun
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]scheck="[%APPDATA%]\SCheck\SCheck.exe" check
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSIdll=[%SYSTEMX86%]\rundll32.exe msigqy32.dll,NxBLlywhYZk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iehelper="javaw -jar [%PROFILE%]\Downloads\boot.jar"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]taskmngr=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Classes=[%APPDATA%]\Microsoft\tsavcgur\dvjhfvvi.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=[%SYSTEM%]\dllcache\play.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Installer=[%PROFILE_TEMP%]\is-USLSS.tmp\51492.exe /autorun
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winlogon.exe=[%WINDOWS%]\winlogon.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lsass=[%WINDOWS%]\system\1sass.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CSRSS=[%COMMON_APPDATA%]\csrss.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]services=[%COMMON_APPDATA%]\services.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]test=wscript.exe //B "[%APPDATA%]\test.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\Win.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows=[%APPDATA%]\Win.exe