Exterminate It! Antimalware

malpedia

Known threats:699,443 Last Update:August 10, 12:54

Testimonials

My browser was taking 10 to 15 seconds to load up instead of being instant. Three of the top anti spyware programs insisted all was well. However a few simple instructions from your team and the problem was magically solved.

Nelson S.

Banker- Registry Values List

This is a complete list of Banker registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the Banker - trojan,spyware.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DESKTOP=wscript.exe //B "[%PROFILE_TEMP%]\Desktop.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]System032=[%SYSTEM_DRIVE%]\installation\loader.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WIND=[%COMMON_APPDATA%]\TEMP\Microsoft\Windows\Sqm\Upload\WinRAR\wind.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]INTERNET EXPLORERR=[%SYSTEM_DRIVE%]\system33\window1.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]INTERNET EXPLORERR=[%ANY_DRIVE%]\system33\window1.vbs
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]File=[%PROFILE_TEMP%]\251020111053.cpl
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System032=[%SYSTEM_DRIVE%]\installation\loader.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][%PROFILE_TEMP%]\Ev~NeN^e.eXe=[%PROFILE_TEMP%]\Ev~NeN^e.eXe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\adwsfdvc\athuvwsd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\ujvffgcg\baciwacj.exe
  • [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]jid1-Sqj4NY0VG6TS9g@jetpack=[%APPDATA%]\Mozilla\Firefox\nf.xpi
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\sehhrvjg\harvsseu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\ctdwjgrv\fewcdsas.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\rhfsruej\rirhgbah.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]adobe=[%COMMON_APPDATA%]\adob\color.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\fwiwwcfb\brdabhbu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\uauasjic\iicberhh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\sarjgggb\ftecdfdg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\Microsoft\iaswgceh\daduscui.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=[%PROGRAM_FILES%]\Tencent\win.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SECURITYCENTER=[%PROFILE_TEMP%]\lkx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System=[%SYSTEM%]\1435\ooAd0Abt72ft\msdcsc.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HKLM=[%APPDATA%]\.Sysv\ctfmom.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]evx=regsvr32 /s "[%APPDATA%]\evx.r3x"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Google Chrome=[%PROGRAM_FILES%]\Google\Chrome\Application\chrome.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]adobe=[%COMMON_APPDATA%]\skype\color.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Flash=[%PROFILE_TEMP%]\qzwic.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SisPlugin=[%APPDATA%]\SisPlugin\SisPlugin.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CRHOME=[%APPDATA%]\Install\crhome.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]javahr=[%SYSTEM_DRIVE%]\path\javahr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]javahr2=[%SYSTEM_DRIVE%]\path\javahr2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AdobeUpdate=[%APPDATA%]\ADOBEU~1.EXE
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ASKLPro Startup=[%SYSTEMX86%]\config\1\1\2\3\1\1\wap.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ASKLPro Startup=[%DESKTOP%]\ProKAward\wap.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]V3Manager=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MsnMessenger.exe=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MediaX=[%APPDATA%]\TSPlayer\bxplay.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SECURITYCENTER=[%APPDATA%]\CenterPlay\xtp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Suporte4 - Host=[%APPDATA%]\Suporte4-host\Suporte4-host.EXE
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Wizard Install=[%APPDATA%]\Wizard Install\Rvhoot.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wood.exe=[%PROFILE%]\AppData\wood.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]desktopy="[%APPDATA%]\desktopy.ru\desktopy.exe" is_autoruned
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]adobe=[%COMMON_APPDATA%]\adobe\color.vbs
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MEDIACENTER=[%APPDATA%]\baset.exe
  • [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]jid1-Sqj4NY0VG6TS9g@jetpack=[%APPDATA%]\numberchangerfirefox.xpi
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Security=[%APPDATA%]\flashp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dmn=regsvr32 /s "[%APPDATA%]\ADRIANO-PC.jpg"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winlog=wscript.exe //B "[%PROFILE_TEMP%]\winlog.vbs"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WINDOWS FIREWALL CPL=[%TEMPLATES%]\7lXH7Ypi.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MICROSFT WINDO=[%APPDATA%]\svchat.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Trolltech=[%APPDATA%]\hdaibfaw\radrried.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DFOPDJGJA=[%LOCAL_APPDATA%]\diagnosticsgb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]safepause=[%LOCAL_APPDATA%]\resultado.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HKLM=[%SYSTEM%]\Windir\svchost1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IXPLORERSTART=[%PROGRAM_FILES%]\Internet Explorer\iexplore.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]servieca.vbe="[%PROFILE_TEMP%]\servieca.vbe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wmplayer=[%COMMON_APPDATA%]\MessengerPlus\mplayer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaWinSystem86=[%COMMON_APPDATA%]\gldsys\javarec86.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Firewall Cpl=[%PROFILE%]\Microsoft\WindowsUpdate\rundll32.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wuaclts=[%APPDATA%]\wuaclt\wuaclt.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]adobe=[%COMMON_APPDATA%]\Adobe\DB11230.vbs
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sys=[%SYSTEM%]\Microsoft1\sys.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sys=[%SYSTEM%]\Microsoft1\sys.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SKYPE32=[%SYSTEM%]\skype32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]safepause=[%LOCAL_APPDATA%]\systecomplet.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ASKLPro Startup=[%PROGRAM_FILES%]\ProKAward\wap.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ASKLPro Startup=[%ANY_DRIVE%]\wap.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wmplayer=[%SYSTEM_DRIVE%]\MessengerPlus\mplayer2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Firewall=[%PROFILE_TEMP%]\Windows Firewall\Windows Firewall.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BACKUP=[%SYSTEM_DRIVE%]\apple_box\lekyverso.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]atualizadorlista=[%COMMON_STARTUP%]\lista.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Java Sun=[%APPDATA%]\Java\javasun.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Java Sun=[%APPDATA%]\Java\javasun.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]KOREANPROC=[%PROGRAM_FILES_COMMON%]\0.9586386188043852.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KOREAONCE=[%PROGRAM_FILES_COMMON%]\0.9586386188043852.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]update=[%APPDATA%]\update.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]temps=[%WINDOWS%]\temps.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]javahl=[%SYSTEM_DRIVE%]\CommonFiles\javahl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Plugin Face=[%APPDATA%]\driver_obwtq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]inicializar=[%LOCAL_APPDATA%]\viewer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]6080A04DFA31E9=[%LOCAL_APPDATA%]\viewer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]RAVBG=[%SYSTEM%]\truesuite.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AUTOPACUPDATE=[%APPDATA%]\avcheck.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BatExec=[%SYSTEM%]\AutoExec.bat
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ASKLPro Startup=[%PROGRAM_FILES%]\PROKAW~1\wap.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MF.EXE=[%SYSTEM_DRIVE%]\windowsf\mf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WXS.EXE=[%SYSTEM_DRIVE%]\windowsf\wxs.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BTStacLrj=[%SYSTEMX86%]\BTStacLrj.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BTStacFrr=[%SYSTEMX86%]\BTStacFrr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winpro.exe="[%PROGRAM_FILES%]\Ares\WebPro.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]npnp=[%COMMON_PROGRAMS%]\java.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mf.exe=[%SYSTEM_DRIVE%]\wina\mf.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]XXXXXXCA4E3087=[%WINDOWS%]\XXXXXXCA4E3087\svchsot.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSN Skype=[%LOCAL_APPDATA%]\{FGW87EMG-ZE1I-BOG7-MZVX-VMLHJ5E5RG3E}\nd58icge3uxa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl22289985475=[%PROFILE_TEMP%]\844735566.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl22617684653=[%PROFILE_TEMP%]\247833991.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl221139916317=[%PROFILE_TEMP%]\309944689.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl22479966851=[%PROFILE_TEMP%]\1351024009.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl221476551995=[%PROFILE_TEMP%]\225016233.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl221489448555=[%PROFILE_TEMP%]\511218762.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl221211611144=[%PROFILE_TEMP%]\253473632.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rundl22=[%PROFILE_TEMP%]\844735566.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]0ATmgr=[%COMMON_APPDATA%]\atls.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dmn=regsvr32 /s "[%APPDATA%]\ALMURABIT-HP.jpg"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Nvidia Driver=[%APPDATA%]\nvdisp.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]Nvidia Driver=[%APPDATA%]\nvdisp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]STARTWINDOWS=[%APPDATA%]\WindowsStart\ShellWindows.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dmn=regsvr32 /s "[%APPDATA%]\USUARIO-PC.jpg"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dmn=regsvr32 /s "[%APPDATA%]\NOTE_JULIANO.jpg"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]evx=regsvr32 /s "[%APPDATA%]\evx.r3x"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]STARTWINDOWS=[%APPDATA%]\Inicial.344AE782\Windows_Start.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dmn=regsvr32 /s "[%APPDATA%]\DESIGN-PC.jpg"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%LOCAL_APPDATA%]\ctfmonn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wmplayer=[%SYSTEM%]\mplayer2.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]servieca.vbe="[%PROFILE_TEMP%]\servieca.vbe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Alternativo=[%SYSTEM_DRIVE%]\COPA.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Firewall=[%APPDATA%]\Windows Firewall.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]aceat=[%SYSTEM%]\acrobat.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Diks32=[%WINDOWS%]\Diks32.cmd
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]XXXXXXD1A5A08C=[%WINDOWS%]\XXXXXXD1A5A08C\svchsot.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]XXXXXX8BCFEA1E=[%PROFILE%]\WINDOWS\XXXXXX8BCFEA1E\svchsot.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Form1=[%STARTUP%]\JobDescription.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HistoryFeeds.exe=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XPERIA.EXE=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Explorer64bt=[%SYSTEM%]\Qc5sON9rRNHfRMKsBcLuPG
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]MsnHott=[%SYSTEM%]\PcnXSsXmR3CoBcLuPG
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wq1=[%APPDATA%]\[%PC_NAME%]\wq1.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wq3=[%APPDATA%]\[%PC_NAME%]\wq3.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]taskmgrs=[%APPDATA%]\taskmgrs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Puxpop=[%COMMON_APPDATA%]\explore.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings]bec=06
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings]lwh=http://suocanta.com
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]CIPA=[%WINDOWS%]\Boot.com
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]update=[%SYSTEM%]\Update\Update.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]0AAVST=[%COMMON_APPDATA%]\vstray1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Persistence ! System=[%SVC_SYS_PROFILE%]\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\spoolsvr32.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DEFENCERGBA=[%COMMON_STARTUP%]\Defencer2012.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DEFENCERGBA=[%SYSTEM_DRIVE%]\windowsh\Defencer2012.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]File=[%PROFILE_TEMP%]\141220111255.cpl
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tenthas=[%WINDOWS%]\tenthas.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wx6=[%APPDATA%]\[%PC_NAME%]\wx6.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Iexplorenet=[%COMMON_APPDATA%]\iexplorenet.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]My Document=[%PERSONAL%]\Application_Pack[1]\Application Pack\ApplicationForm.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DefencerGBA=[%STARTUP%]\Kernelbases.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Persistence ! System=[%STARTUP%]\spoolfsvs.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DefencerGBA=[%PROFILE%]\AppData\LocalFiles\KernelBases.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wx6=[%APPDATA%]\USER-5A50B023CA\wx6.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wx7=[%APPDATA%]\USER-5A50B023CA\wx7.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wx1=[%APPDATA%]\USER-5A50B023CA\wx1.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wx2=[%APPDATA%]\USER-5A50B023CA\wx2.cpl
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]ICompXpSp=[%LOCAL_APPDATA%]\01U79NB5DE2G2T2\Cap.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Intel Display Driver=[%SYSTEM%]\igfxman32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wq2=[%APPDATA%]\[%PC_NAME%]\wq2.cpl
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GlobalFlagimglog1=[%PERSONAL%]\ssmss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaUpdatecda9=[%SYSTEM_DRIVE%]\systeam\reaction\cssrs.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]attc.exe=[%SYSTEM_DRIVE%]\windowsd\attc.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]iac.exe=[%SYSTEM_DRIVE%]\windowsd\iac.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]mc.exe=[%SYSTEM_DRIVE%]\windowsd\mc.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings]lwh=http://sqvnanta.com
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]XXXXXX7AD78C06=[%WINDOWS%]\XXXXXX7AD78C06\svchsot.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Explorador de Windows=[%SYSTEM%]\explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%SYSTEM_DRIVE%]\Project1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaUpdatecdr=[%SYSTEM_DRIVE%]\programfiles\JavaUpdatecdr.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System64.exe=[%APPDATA%]\System64.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pikitos=[%WINDOWS%]\pikitos.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Persistence ! System=[%PROFILE%]\AppData\LocalFiles\spoolfsvs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pjct4=[%APPDATA%]\pjct4.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pjct2=
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pjct6=[%SYSTEM_DRIVE%]\xUSUARIO-C6CF4CA\pjct6.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]arquivo1=[%SYSTEM%]\arquivo1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winnew=rundll32 "[%LOCAL_APPDATA%]\winexe.dll",run
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MsgrUpd=[%SYSTEM%]\MsgrUpd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pjct1=[%APPDATA%]\pjct1.cpl
  • [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]WINNTR1=[%SYSTEM_DRIVE%]\winnt_\winntR1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%WINDOWS%]\Tcp_IP.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]goolgeiscan.exe=[%STARTUP%]\iscan.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSNCore=[%LOCAL_APPDATA%]\upNext.exe --i
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winupdate32.exe=[%WINDOWS%]\Temp\winupdate32.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lsass32=lsass32.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Mscore=[%PROGRAM_FILES%]\Adobe\AcroBroker.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pjct2=[%APPDATA%]\WRT-VAIO.lnk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pjct2=[%APPDATA%]\HEVENILTON-PC.lnk
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]XXXXXX1A258F7F=[%WINDOWS%]\XXXXXX1A258F7F\svchsot.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]modpro.exe=[%PROFILE%]\AppData\modpro.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winpro.exe=[%PROFILE%]\AppData\winpro.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]SUROWND=[%WINDOWS%]\Boot.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hotmail=[%SYSTEM%]\pingweb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]process=[%SYSTEM%]\pingkil.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]firefox=[%SYSTEM%]\pingits.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HKAVGLRJ=[%PROFILE%]\HkAvgLrj.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]Ferramenta do Office=[%PROFILE_TEMP%]\ctfmon.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]File=[%PROFILE_TEMP%]\290220120207.cpl
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SynNglp=[%SYSTEM%]\SynNglp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BTStacFrr=[%SYSTEM%]\BTStacFrr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BTStacLrj=[%SYSTEM%]\BTStacLrj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Internet=rundll32.exe "[%PROFILE%]\renewnetwork.dll",reader
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification post=[%APPDATA%]\WPpost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Explorer=[%SYSTEM%]\internetx.com
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]ICompXpSp=[%LOCAL_APPDATA%]\ServicePack\Snt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MsgrUpd=[%PROFILE%]\MsgrUpd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]winit.exe=[%SYSTEM%]\winit.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]dtcGep=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Go
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Glbvm=[%COMMON_APPDATA%]\tskvm.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSNGround=[%PROFILE%]\netbeans_db\tmp\MsnGround.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mac=[%SYSTEM_DRIVE%]\[%PC_NAME%]\mac.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]File=[%PROFILE_TEMP%]\250120120145.cpl
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winsyst_Ob=[%SYSTEM_DRIVE%]\rvedc\xtb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winsyst_On=[%SYSTEM_DRIVE%]\rvedc\xtn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Jusched=[%PROFILE_TEMP%]\kjghsad.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Spol Works]Inc.=[%SYSTEM%]\spolxsis.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]goolgeLive.exe=[%SYSTEM_DRIVE%]\Userlog\Live.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]goolgesvhostx.exe=[%SYSTEM_DRIVE%]\Userlog\svhostx.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]File=[%PROFILE_TEMP%]\50120120142.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ImportantWinFile=[%LOCAL_APPDATA%]\Winssys.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GlobalFlagimglog8=[%PERSONAL%]\imglog.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GNV=[%SYSTEM_DRIVE%]\Temp\DDP.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]My Document=[%STARTUP%]\ApplicationForm.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Windows Eight Plugin=[%WINDOWS%]\win08.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]update=[%PROGRAM_FILES%]\drivers\update.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SysCom=[%SYSTEM%]\msnmsgr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Network=rundll32.exe "[%PROFILE%]\connect32.dll",connect
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]File=[%PROFILE_TEMP%]\11120111132.cpl
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Persistence ! System=[%COMMON_STARTUP%]\spoolfsvs.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]avg antivirus=[%SYSTEM%]\icpldrvx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Win Service Pack=[%SYSTEM_DRIVE%]\win1ks\msnmsgra.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Win Explorer=[%SYSTEM_DRIVE%]\win1ks\msnmsgrb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IExplUpd=[%SYSTEM%]\iexplupd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Google_Tool_Bar_Notification056.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, Machine Works]Inc.=[%SYSTEM%]\aecces.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]ICompXpSp=[%LOCAL_APPDATA%]\01U79N~1\Cap.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GlobalFlagimglog5=[%PERSONAL%]\imglog.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GlobalFlagimglog2=[%PERSONAL%]\hostsystem.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BTSTACPGN=[%SYSTEM%]\BTStacPgn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSSecurity="[%PROFILE_TEMP%]\avgnt2.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GBDN Security="[%PROFILE_TEMP%]\HBDN.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchosts="[%PROGRAM_FILES_COMMON%]\Microsoft Shared\DAO\PCD\SVCHOST.EXE"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Network=rundll32.exe "[%PROFILE%]\network64.dll",connect
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSDGSDG.EXE=[%COMMON_APPDATA%]\Msdgsdg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Google_Tool_Bar_Notification060.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]intelcontrol=[%SYSTEM%]\fsrun.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]zip32=[%APPDATA%]\System\Zip32.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DefencerGBA=[%COMMON_STARTUP%]\Kernelbases.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Askplug=[%SYSTEM%]\Askplug.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Askfisc=[%SYSTEM%]\Askfisc.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Askjust=[%SYSTEM%]\Askjust.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Askjust=[%SYSTEM%]\Askjust.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vGF=[%SYSTEM_DRIVE%]\systemfiles\microsoft\getafe.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings]prd=http://tpstneuknash.com
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wificompressor=[%SYSTEM%]\fsrun.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]ROXIO SHARED=[%PROGRAM_FILES_COMMON%]\Roxio Shared\9.0\DLLShared\setup.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Pollicie=[%SYSTEM%]\system\winits.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]SUROWND=[%SYSTEM_DRIVE%]\Boot.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Google_Tool_Bar_Notification059.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ob=[%SYSTEM_DRIVE%]\oteox\ob.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]on=[%SYSTEM_DRIVE%]\oteox\on.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]or=[%SYSTEM_DRIVE%]\oteox\or.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Mozila Firefox=[%PROGRAM_FILES%]\Application\firefox.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msnmsgr.exe=[%PERSONAL%]\Downloads\Programs\msnmger.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaUpdatecdy16=[%SYSTEM_DRIVE%]\programfiles\JavaUpdatecdy.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaUpdatecdx16=[%SYSTEM_DRIVE%]\programfiles\JavaUpdatecdx.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaUpdatecdre=[%SYSTEM_DRIVE%]\programfiles\JavaUpdatecdre.cpl
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wmplayer=[%ANY_DRIVE%]\MessengerPlus\mplayer2.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Msn=regsvr32 /s [%WINDOWS%]\Winetwork.dll
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]00Bf.exe=[%WINDOWS%]\00Bf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Google_Tool_Bar_Notification057.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Ati2vexx=[%WINDOWS%]\diabolick\rndll.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SEG PLUGIN=[%WINDOWS%]\seg-plugin.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=rem [%WINDOWS%]\win.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]update=[%APPDATA%]\update\update.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Mscore=[%WINDOWS%]\w32tms.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Activity..exe=[%PROFILE%]\IE\Activity..exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]avguix=[%SYSTEM%]\avguix.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]CIPA=[%SYSTEM_DRIVE%]\Unnisttall.exe
  • [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]Dolby® HD Audio Digital=[%WINDOWS%]\Media\DolbyAudioHD.exe
  • [HKEY_CURRENT_USER\SOFTWARE\TS\EXPLORER\Run]IMSCMig=Rundll32.EXE [%LOCAL_SETTINGS%]\help.dll,MM
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]IMSCMig=Rundll32.EXE [%LOCAL_SETTINGS%]\help.dll,MM
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]zblowz.exe=[%COMMON_APPDATA%]\zblowz.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Christ=[%PROFILE%]\svtpost.scr
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wmplayer=[%SYSTEM_DRIVE%]\[%PC_NAME%]\mplayer2.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]syrcts.exe=[%WINDOWS%]\syrcts.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]antivirus=[%WINDOWS%]\ctfmonn.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]load=[%WINDOWS%]\firewalls.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jix05.exe=[%SYSTEM_DRIVE%]\systems32\jix05.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jix04.exe=[%SYSTEM_DRIVE%]\systems32\jix04.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jix01.exe=[%SYSTEM_DRIVE%]\systems32\jix01.exe
  • [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]IEXPLORER=[%PROFILE_TEMP%]\pk\iexplorer.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]premium=[%SYSTEM%]\igfxtrai.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msnmsgr=[%SYSTEM_DRIVE%]\Temp\taskmgr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%LOCAL_APPDATA%]\wap.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Avira="[%PROFILE_TEMP%]\avgnt2.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchosts=[%SYSTEM%]\svchosts.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GlohJun=[%SYSTEM%]\interne.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Avguix Securiti=[%LOCAL_APPDATA%]\Builder.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Sistema Operacional=cmd.exe /c %tmp%/aaa.bat
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msnmsgr.exe=[%SYSTEM_DRIVE%]\WINDOWS:ALCMTR.EXE
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]en=[%SYSTEM_DRIVE%]\rvedc\en.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]er=[%SYSTEM_DRIVE%]\rvedc\er.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Microsoft Windows Debug=[%SYSTEM_DRIVE%]\DRIVERS\WINNTK.lnk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mdliepl.exe=[%SYSTEM%]\mdliepl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mdliesound.exe=[%SYSTEM%]\mdliesound.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mdlmp3.exe=[%SYSTEM%]\mdlmp3.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PowerPointView=[%SYSTEM_DRIVE%]\PowerPointView.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win service pack 3=[%SYSTEM_DRIVE%]\win3ks\iexplorea.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%LOCAL_APPDATA%]\ctfmom.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]prohard.exe=[%COMMON_APPDATA%]\prohard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]suchost=[%SYSTEM_DRIVE%]\log\suchost.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]filerum.exe=[%PROGRAM_FILES%]\FileSystem\FileRum.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSNGS=[%LOCAL_APPDATA%]\msmsgs.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KKOU=[%SYSTEM%]\KKOU.EXE
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZonesSecurityUpgradeDone=[%COMMON_APPDATA%]\Roaming\mxcavi32.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Winsock=[%SYSTEM_DRIVE%]\Arquivo de programas\atlsys2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Google_Tool_Bar_Notification050.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hunteremail.exe=[%SYSTEM%]\hunteremail.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msnmsgr=[%ANY_DRIVE%]\Temp\ctfmon.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Google_Tool_Bar_Notification040.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NoNaMexD=[%SYSTEM%]\Project1_autorun.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Persistence ! System=[%PROFILE%]\InstallShield Installation Information\{A5BA14E0-7384-5991B8648CBE70A4}\spoolsvr32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]liamtoh.exe=[%SYSTEM%]\liamtoh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JavaUpdatecda9=[%SYSTEM_DRIVE%]\programfiles\reaction\cssrs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Googlee Tooll Bar Notification Env=[%APPDATA%]\Google_Tool_Bar_Notification043.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]javahl=[%SYSTEM_DRIVE%]\path\javahl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]filerum.exe=[%SYSTEM%]\FileRum.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ieplorj=[%SYSTEM%]\ieplorj.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ieplorj=[%SYSTEM%]\ieplorj.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vnet=[%WINDOWS%]\winsys.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ieploref=[%SYSTEM%]\ieploref.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]iiplorerp=[%SYSTEM%]\iiplorerp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]huntermails.exe=[%SYSTEM%]\huntermails.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Modulo_Ad_Autorizador=[%PROGRAM_FILES%]\messenge\Nvsvc32.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Modulo_Ad_bne=[%PROGRAM_FILES%]\messenge\Aswebsrv.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Modulo_administrativo=[%PROGRAM_FILES%]\messenge\Asdiph.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QuickShock=[%WINDOWS%]\Media\AvMsUpd.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sys=\sys.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%PROFILE%]\AppTime\Date\pgflex.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Technology NT=[%SYSTEM%]\mydpla.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msdoc=[%SYSTEM%]\bios.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Mscore=[%WINDOWS%]\smsTx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AVG Internet Security=[%LOCAL_APPDATA%]\avguix.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Builder Security=[%LOCAL_APPDATA%]\Builder.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Jumper=,[%PROGRAM_FILES%]\Internet Explorer\Activity.exe,
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZonesSecurityUpgradeDone=[%COMMON_APPDATA%]\WinSxS\XMLTread.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tyune=[%SYSTEM%]\tyune.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tyubdn=[%SYSTEM%]\tyubdn.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tyuplu=[%SYSTEM%]\tyuplu.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%LOCAL_APPDATA%]\explore.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svb10-2.exe=[%WINDOWS%]\svb10-2.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hotmail=[%SYSTEM%]\loadweb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msnmsgr.exe=[%SYSTEM%]\msnmsgr.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]windows movie maker=[%SYSTEM%]\sys32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Internet=rundll32.exe "[%PROFILE%]\url32.dll",network
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msgrmsn=[%SYSTEM_DRIVE%]\drivers\explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hotsendd=[%SYSTEM%]\wandshgt.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vRM=[%SYSTEM_DRIVE%]\marinet\coisanova\remote.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vGF=[%SYSTEM_DRIVE%]\marinet\coisanova\getafe.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xservicex=[%LOCAL_APPDATA%]\21.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hotsendd=[%SYSTEM%]\wordpadd2.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xservicex=[%SYSTEM%]\winn1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xservicex=[%LOCAL_APPDATA%]\13.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]IMSCMig=Rundll32.EXE [%LOCAL_SETTINGS%]\help_32.dll,MM
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]scpLg=[%APPDATA%]\scpLg.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nonep=[%PROFILE_TEMP%]\tmp0c0b6e90\KillEXE.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ashDip.exe=[%SYSTEM%]\ashDip.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nonep=[%PROFILE_TEMP%]\tmp2f003a06\crypt_KillEXE.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nonep=[%PROFILE_TEMP%]\tmp621b6a89\crypt_KillEXE.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xservicex=[%LOCAL_APPDATA%]\17.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nonep=[%PROFILE_TEMP%]\tmp8e886ec0\KillEXE.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchosts=[%WINDOWS%]\SVCHOST.vbs
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nonep=[%PROFILE_TEMP%]\tmpdb62bed7\KillEXE.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=[%WINDOWS%]\win.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xservicex=[%LOCAL_APPDATA%]\7.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings]bec=05
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings]lwh=http://ffcsanta.com
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AVG Internet=[%LOCAL_APPDATA%]\nod32.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ProxFile.exe=[%SYSTEM%]\ProxFile.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GoogleUpdate=[%SYSTEM%]\wilogon.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Google Chrome=[%PROGRAM_FILES%]\Application\chrome.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xservicex=[%SYSTEM%]\windows1.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]windows movie maker=[%PROGRAM_FILES%]\cftmom.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sshhib11=[%WINDOWS%]\sshhib11.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DualCore.exe internacional=[%WINDOWS%]\DualCore.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xservicex=[%SYSTEM%]\xservicesx1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%WINDOWS%]\ctfmom.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchosts=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msnmsgr.exe=[%ANY_FOLDER%]\claw.JPG .scr
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Explorer64bt=[%SYSTEM%]\acrobatflashhplayer.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]er=[%ANY_FOLDER%]\er.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ProxiFile.exe=[%SYSTEM%]\ProxiFile.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Spooler de Impress?o=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]autx32=[%APPDATA%]\autx32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winsyst_On=[%SYSTEM_DRIVE%]\rvedc\xtn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winsyst_Or=[%SYSTEM_DRIVE%]\rvedc\xtr.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]Sidebr=[%PROGRAM_FILES%]\Sidebar\new.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]msnmsr=[%PROGRAM_FILES%]\Sidebar\new.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ctmon2=[%PROGRAM_FILES%]\Sidebar\new.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Explorer64bt=[%SYSTEM%]\sunjava32bs.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]YAKUS=[%SYSTEM_DRIVE%]\WiinUpdate\svhosts.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings]lwh=http://acusstug.com
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dllhosts.exe=[%COMMON_APPDATA%]\dllhosts.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%WINDOWS%]\Atualizada.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]javahr2=[%SYSTEM_DRIVE%]\CommonFiles\javahr2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]autx32=[%SYSTEM_DRIVE%]\ghelp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nyet.exe=[%COMMON_APPDATA%]\Nyet.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, Machine Works]Inc.=[%SYSTEM%]\MsTecs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Msnnet=[%SYSTEM_DRIVE%]\ProgramLog\Hottrat.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]MsnHott=[%SYSTEM%]\acrobat64instupdate.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Winnet=[%SYSTEM_DRIVE%]\Arquivos de programa\Adobe\PhotoShop\Unistall\csrrs.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]prn1=[%SYSTEM_DRIVE%]\sys32\prn1.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]MsnHott=[%SYSTEM%]\exceloffice64b.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]winlogne=[%SYSTEM%]\winlogne.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mdl12pa.exe=[%COMMON_APPDATA%]\mdl12pa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]win=[%SYSTEM%]\webspas.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]flammentos.exe=[%PROGRAM_FILES%]\Internet Explorer\flammentos.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]spools=[%PROFILE%]\spools.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Winsyst_Or=[%SYSTEM_DRIVE%]\rvedc\xtr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchosts="[%ANY_FOLDER%]\monitoramento\SVCHOST.EXE"
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings]lwh=http://qmkaanta.com
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mdl12pa=[%SYSTEM%]\mdl12pa.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]plpa288.exe=[%COMMON_APPDATA%]\plpa288.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run](default)=[%WINDOWS%]\xtreme.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]GoldFinger=[%SYSTEM%]\RunDll.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gbpkm=[%PROFILE%]\KL.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]{f86369d9-52d7-4ca1-bf3c-34b173e51222}=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Spol Works]Inc.=[%PROFILE_TEMP%]\spolxsis.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Shockwave Flash=[%PROFILE_TEMP%]\flashcxz.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Spooler de Impressгo=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TelVoip=[%SYSTEM%]\secavasting.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WinetWork=[%WINDOWS%]\Media\WinetWork.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Update=rundll32.exe "[%PROFILE%]\winprocess32.dll",work
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NvcCpl=[%SYSTEM%]\NvCcpl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msnloge.exe=[%WINDOWS%]\Msnloge.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]szxfis=[%SYSTEM%]\szxfis.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gbplugln=[%SYSTEM%]\GbPlugln.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pr2=[%SYSTEM_DRIVE%]\sys32\pr2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WebSonic.exe=[%WINDOWS%]\WebSonic.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gbplugln=[%WINDOWS%]\GbPlugln.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] services process=(EMPTY)