Exterminate It! Antimalware

malpedia

Known threats:699,443 Last Update:August 10, 12:54

Testimonials

Hello, I wanted to say thanks for the time you guys spent on getting that Vundo trojan off my computer.

Thanks again, I am highly recommending your software to friends and partners because of the extra effort I know you went to.

Michael M.

FakeAlert- Registry Values List

This is a complete list of FakeAlert registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the FakeAlert - trojan,downloader,hoax.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROGRAM_FILES%]\sysconfig\sysdiag.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]System32=[%PROGRAM_FILESX86%]\sysconfig\sysdiag.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GoogleChrome="[%LOCAL_APPDATA%]\Google\Chrome\User Data\Application\chrome.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\HOME.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]93C3.tmp.exe=[%APPDATA%]\93C3.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]5F31.tmp.exe=[%APPDATA%]\5F31.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yaoffer50160=[%LOCAL_APPDATA%]\yaoffer50160\yaoffer50160.exe --start --client:50160
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\RENISHA.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROFILE%]\System32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell="[%APPDATA%]\Microsoft\Network\Local\zmUubsuws2ld.exe",explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]f5475339=[%COMMON_APPDATA%]\f5475339\f5475339.exe [%COMMON_APPDATA%]\f5475339\f5475339test.au3
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]d6c55643=[%COMMON_APPDATA%]\d6c55643\d6c55643.exe [%COMMON_APPDATA%]\d6c55643\test.au3
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%LOCAL_APPDATA%]\system32\system32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]d60933d5=[%COMMON_APPDATA%]\d60933d5\d60933d5.exe [%COMMON_APPDATA%]\d60933d5\test.au3
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3237e9b2=[%COMMON_APPDATA%]\3237e9b2\3237e9b2.exe [%COMMON_APPDATA%]\3237e9b2\test.au3
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]d8d2e310=[%COMMON_APPDATA%]\d8d2e310\d8d2e310.exe [%COMMON_APPDATA%]\d8d2e310\test.au3
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\SDC.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]defender=[%LOCAL_APPDATA%]\Windows Defender\Defender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=wscript.exe //B "[%PROFILE_TEMP%]\system32.vbs"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Ajeet.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Ajeet.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\DHAWAL.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]597A.tmp.exe=[%SYSTEM%]\597A.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]597A.tmp.exe=[%APPDATA%]\597A.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=wscript.exe //B "[%APPDATA%]\system32.VBS"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-cmmq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\NAVEEN.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%Temp%\Microsoft\wautlc.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE]7bde84a2-f58f-46ec-9eac-f1f90fead080=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\indian.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]93927096=[%COMMON_APPDATA%]\93927096\93927096.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]13917104=[%COMMON_APPDATA%]\13917104\13917104.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe, [%LOCAL_APPDATA%]\Microsoft\Windows\Explorer\Private\explorers.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32="[%APPDATA%]\svchost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\intel.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\taskmgr\taskmgr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\abc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Administrator.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\sriganesh.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE]f7c5da73-b4a5-4947-8f40-08f2871eb36b=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%STARTUP%]\Client.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\shreyas123.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Xbx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROGRAM_FILES%]\SYSCON~1\sysdiag.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Server.exe
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][%WINDOWS%]\SYSTEM\se.exe=[%WINDOWS%]\system\se.exe:*:Enabled:se
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\KARTHIK KUMAR.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROFILE_TEMP%]\SinDos v4.01.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROFILE_TEMP%]\SinDos v4.01.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ba03.tmp.exe=[%PROFILE_TEMP%]\ba03.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%APPDATA%\Microsoft\mstsc.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEM_DRIVE%]\WinBackup\Connexion WIFI.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\sujal.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\compaq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%DESKTOP%]\OneHitCF FAP Modz 2.7.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\admin.exe
  • [HKEY_CURRENT_USER\SOFTWARE]8636065b-fef0-4255-b14f-54639f7900a4=8636065b-fef0-4255-b14f-54639f7900a4
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32="[%SYSTEM%]\msdcsc.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Sanjeet.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]brastk=brastk.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=[%WINDOWS%]\karna.dat,[%SYSTEM%]\parajami.dll
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\hcl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-dtwe.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell="[%LOCAL_APPDATA%]\Microsoft\Windows Mail\supercopier.exe",Explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Owner.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEM%]\Microsoft\PB
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\SONY.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT31.tmp.exe=[%PROFILE_TEMP%]\DAT31.tmp.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]popup="[%SYSTEM%]\MyTrayApp.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\svwkep.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]hvhtvfjx=[%LOCAL_APPDATA%]\kybdut\vadqsysguard.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Internet Security=[%APPDATA%]\indefender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Prabhu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROFILE_TEMP%]\Huzuni.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\SNEHA.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Ekl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%PROFILE_TEMP%]\Ekp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEM%]\system\system32.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=wscript.exe //B "[%PROFILE_TEMP%]\system32.vbs"
  • [HKEY_CURRENT_USER\software]2a422c91-6984-47e4-94be-04c4fad5f8d8=1
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=3
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_Hidden]Framework Windows=frmwrk32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\GMD.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\FACTOTUM.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%APPDATA%\Microsoft\facecall.exe,explorer.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]DllName=cryptnet32.dll
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Ronak Computers.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%AppData%\Microsoft\HeciServer.exe,explorer.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CTFMON=[%WINDOWS%]\Temp\_ex-08.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows]aim=0000000000004683
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\slrvmu.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{81705d67-3f73-4983-859b-97d0922e5abe}=00
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\ahmed.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell="[%LOCAL_APPDATA%]\Microsoft\Internet Explorer\StikyNot.exe" "[%LOCAL_APPDATA%]\Microsoft\Internet Explorer\55708114657577354" //E:JScript //B
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell="[%LOCAL_APPDATA%]\Microsoft\Media Player\explorer.exe" "[%LOCAL_APPDATA%]\Microsoft\Media Player\23319708598171744" //E:JScript //B
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NeoChronos=[%PROFILE_TEMP%]\d.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PUT2VIDQLG=[%PROFILE_TEMP%]\n.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%ANY_DRIVE%]\New folder\Spytech Spyagent Stealth 6.2\Spytech SpyAgent Stealth 6.2\Crack\sysdiag.exe
  • [HKEY_CURRENT_USER\SOFTWARE]24d1ca9a-a864-4f7b-86fe-495eb56529d8=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KUGHGZXAKT=[%PROFILE_TEMP%]\Yv1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%appdata%\microsoft\rundil64.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\sai.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\g3gn33gr\g3gn33gr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\JTIWARI-CMPDI.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe,[%APPDATA%]\Microsoft\Windows\shell.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\XnsVnsn3\XnsVnsn3.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROGRAM_FILES%]\Spytech Software\Spytech SpyAgent\sysdiag.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]braviax=[%SYSTEM%]\braviax.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell="[%APPDATA%]\Microsoft\FIxF8zUbCWYa.exe",explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe, "[%APPDATA%]\Microsoft\Windows\conhost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]atiglpxxv2=[%PERSONAL%]\atiglpxxv2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fkudnbmu=[%PROFILE_TEMP%]\lynfvrduv\kwifokitsbl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%WINDOWS%]\update.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=[%PROGRAM_FILES%]\SearchProtect\SearchProtect\bin\VC32Loader.dll cru629.dat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell="[%APPDATA%]\Microsoft\6UE5d57DdACj.exe",explorer.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YgTZqhYCwUrOtPy8234A=[%SYSTEM%]\p1ibD3onGaHsJfL.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jvsqaaxt=[%LOCAL_APPDATA%]\ekmatcjek\kemxclptssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Xtd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ROUA3O12PW=[%PROFILE_TEMP%]\Xtf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\Raziuddin.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sreldcsr=[%PROFILE_TEMP%]\bekchdkqx\otlbivhaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yttlrtme=[%PROFILE_TEMP%]\qqsdhkwwf\omqwcaqaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%WINDOWS%]\System32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\atbcdq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qwojdlhm=[%LOCAL_APPDATA%]\juolqbuxl\knychtutssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe, "[%APPDATA%]\Microsoft\Windows\consolehost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%APPDATA%\Microsoft\update.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%APPDATA%\Microsoft\cmdagant.exe,explorer.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows]vrsin=1219924622
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe, "[%COMMON_APPDATA%]\Microsoft\{191a8f16-71a5-6241-5a5f-7100534a6813}\{191a8f16-71a5-6241-5a5f-7100534a6813}.exe"
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=0
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\a3gV3gps\a3gV3gps.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZagrebLand=[%PROFILE_TEMP%]\a.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZE18MW23GY=[%PROFILE_TEMP%]\Gfd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kdjbbwad=[%LOCAL_APPDATA%]\meubwh\askosysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kdjbbwad=[%LOCAL_APPDATA%]\meubwh\askosysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%APPDATA%]\system32\explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%AppData%\Microsoft\winlogon.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%APPDATA%]\SyS23\cszvrs23.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qluknddv=[%LOCAL_APPDATA%]\ovaafspnh\ovcrhjvtssd.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]AUDIODRIVER="[%PROGRAM_FILES%]\ATI\realtec.exe"
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=100
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=49
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=EXPLORER.EXE, "[%LOCAL_APPDATA%]\Microsoft\{125f8634-3755-9e26-36af-b462561917fc}\{125f8634-3755-9e26-36af-b462561917fc}.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fvdrledv=[%PROFILE_TEMP%]\jktialuhx\dvtigmqaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pjsieq=[%PROFILE%]\pjsieq.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-dviv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe, "[%APPDATA%]\Microsoft\Windows\comhost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pknvrdaj=[%LOCAL_APPDATA%]\nyxhgihsu\gutvqoktssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cvfjucak=[%LOCAL_APPDATA%]\cilntgrra\cfoghemtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wgqeijkh=[%LOCAL_APPDATA%]\ahiotnqxs\cxdwdyotssd.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xddELL8gRZhXwUV=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XYYCCekINt8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IaQHHsWWK7ELgTq8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]Security Protection=[%APPDATA%]\defender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3FWHZQA3LT=[%PROFILE_TEMP%]\Fxw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\aabypa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nmfvkbbp=[%PROFILE_TEMP%]\rgcbgdnby\aiqdlbxlanw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe, "[%APPDATA%]\Microsoft\comhost.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%APPDATA%\Microsoft\iobit.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wcccS11ibD8234A=[%APPDATA%]\aBBBtzzP0y\eccAA1ivvDonFp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Epd.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=karna.dat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]k70ccreloc.exe=[%APPDATA%]\999D903238EE8705B03ECD72BF9D8732\k70ccreloc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]18890329=[%COMMON_APPDATA%]\18890329\18890329.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT19E4.tmp.exe=[%PROFILE_TEMP%]\DAT19E4.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fanpuvxt=[%PROFILE_TEMP%]\cmsfmtbwb\xtdhsictsbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dgycbyhh=[%PROFILE_TEMP%]\okmwmewst\wpffbmdtsbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cyvqjgwb=[%PROFILE_TEMP%]\vjgkupusv\jvdfjggtsbl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CTFMON=[%APPDATA%]\Microsoft\Network\Connections\Pbk\_hiddenPbk\ctfmon.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Ldl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%WINDOWS%]\Branding\key.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]diedioh=[%PROFILE%]\diedioh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]0ESKOMO9JO=[%PROFILE_TEMP%]\Chq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcv0oj0e55f=[%SYSTEM%]\lphcv0oj0e55f.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%PROFILE_TEMP%]\Xhd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W1WIWQ1NPG=[%WINDOWS%]\Xjywoa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-jqrb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEMX86%]\Final Exam.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZE18MW23GY=[%PROFILE_TEMP%]\Agd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-mkdw.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\va9DngWa\va9DngWa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-jwgb.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=5
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]A9YA3MI1CF=[%PROFILE_TEMP%]\Nd0.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-wdbw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-mnwg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-ltng.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrSft=[%APPDATA%]\svc-lxuc.exe
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=0
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]smss32.exe=[%SYSTEM%]\smss32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]smss32.exe=[%SYSTEM%]\smss32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]Wallpaper=%SystemRoot%\system32\warnings.html
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]Wallpaper=%SystemRoot%\system32\ahtn.htm
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=453763
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%WINDOWS%]\explorer.exe,[%TEMPLATES%]\vmnethcp.exe
  • [HKEY_USERS\[%SVC_SYS_SID%]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%WINDOWS%]\TEMP\Rrh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Rmd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Rme.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\gsXgpnnV\gsXgpnnV.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\ntdeum.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]12002373=[%PROFILE_TEMP%]\12002373.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\guard-ycbq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]puoiw=[%PROFILE%]\puoiw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%AppData%\Microsoft\jushed.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Ggd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hookuufh=[%PROFILE_TEMP%]\pspmqgwhx\jbpabfesikk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GuardSoftware=[%APPDATA%]\guard-isli.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R8388QA8U8=[%SYSTEM_DRIVE%]\Temp\Ewk.exe
  • [HKEY_CURRENT_USER\software\msx]004=1
  • [HKEY_CURRENT_USER\software\msx]111=9773455
  • [HKEY_CURRENT_USER\software\msx]545=[%PROGRAM_FILES%]\MSX\MSx.exe
  • [HKEY_CURRENT_USER\software\msx]546=5498
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=karina.dat
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\3Xlsa9np\3Xlsa9np.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]iqqxvdmm=[%LOCAL_APPDATA%]\vxxtcwkil\acvekgutssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\ngpipr33\ngpipr33.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\gaag7pgg\gaag7pgg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]MSS="[%COMMON_APPDATA%]\9c98623\MySecurityShield.exe" /s
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\X77vniXV\X77vniXV.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\gsa3Xn7n\gsa3Xn7n.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\iVlXnlXU\iVlXnlXU.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=101
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]98153935=[%COMMON_APPDATA%]\98153935\98153935.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\6XvngaD3\6XvngaD3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AntiVirus System 2011="[%APPDATA%]\AntiVirus System 2011\AntiVirus__System__2011.exe" /STARTUP
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Mlx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Mlx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ypcvprrf=[%LOCAL_APPDATA%]\yqvoig\mdunsysguard.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\7a7gX3ga\7a7gX3ga.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\V7haDUn3\V7haDUn3.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\nX9gngX3\nX9gngX3.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]eiioxuis="[%LOCAL_APPDATA%]\naanvbqr.exe"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\3ssda3gp\3ssda3gp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\gX3ga333\gX3ga333.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\ahrpDn37\ahrpDn37.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GoogleChrome=[%PROFILE_TEMP%]\buuso.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wotroawr=[%LOCAL_APPDATA%]\qaxsqksqc\reqytfjtssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\6annpggn\6annpggn.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\nV3arn37\nV3arn37.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\3XggVXnn\3XggVXnn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%AppData%\Microsoft\taskhost.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SMH2B46TDP=[%PROFILE_TEMP%]\Csn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KOO9RV9K4Z=[%PROFILE_TEMP%]\Csl.exe
  • [HKEY_USERS\[%SVC_SYS_SID%]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LKGGOPABUH=[%WINDOWS%]\TEMP\Icd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\nX3gX3ga\nX3gX3ga.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\haDUsaDn\haDUsaDn.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\haDUngXg\haDUngXg.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\6pDXgl33\6pDXgl33.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\n9nXrn37\n9nXrn37.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BMIMZMHMFM=[%PROFILE_TEMP%]\Csl.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\gXDnn69r\gXDnn69r.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\hXggpDgp\hXggpDgp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\lprVnpn3\lprVnpn3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]INTERNET SECURITY=[%APPDATA%]\mwdefender.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\sprDVrXd\sprDVrXd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]osmcrlin=[%PROFILE_TEMP%]\ddwjouevj\axcrgihyhsn.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\gDVnsXn3\gDVnsXn3.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\iVr7p333\iVr7p333.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]E02063BEFDBE0D860000E01F83A2101C=[%COMMON_APPDATA%]\E02063BEFDBE0D860000E01F83A2101C\E02063BEFDBE0D860000E01F83A2101C.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\spgn3pgn\spgn3pgn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Cvl.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\6DppUpWX\6DppUpWX.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\3Xsa3333\3Xsa3333.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\7Xl3Xrns\7Xl3Xrns.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\67a3dRg3\67a3dRg3.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\3Xgp9nn3\3Xgp9nn3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]INTERNET SECURITY=[%COMMON_APPDATA%]\bsprotection.exe /min
  • [HKEY_USERS\[%SVC_SYS_SID%]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]EWABQAF7KL=[%WINDOWS%]\TEMP\Mjh.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\Uprn373Q\Uprn373Q.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\dpnnpns3\dpnnpns3.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]AS2014=[%COMMON_APPDATA%]\Xl3Vrn37\Xl3Vrn37.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\wjcrey.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]chhdkjfh=[%PROFILE_TEMP%]\oguwpjflu\hwthcpulajb.exe
  • [HKEY_USERS\[%SVC_SYS_SID%]\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%WINDOWS%]\TEMP\Xph.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Internet Security=[%COMMON_APPDATA%]\isecurity.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Ejx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\dell.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JDK5SWFMZY=[%PROFILE_TEMP%]\Gpl .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\jjstvh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]INTERNET SECURITY="[%APPDATA%]\Microsoft\Auozya\auozya.exe" /c [%APPDATA%]\itdefender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]644A03CA6A030042000064499F86057D=[%COMMON_APPDATA%]\644A03CA6A030042000064499F86057D\644A03CA6A030042000064499F86057D.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]DE0F9E40C2D5702D0000DE0EC036749F=[%COMMON_APPDATA%]\DE0F9E40C2D5702D0000DE0EC036749F\DE0F9E40C2D5702D0000DE0EC036749F.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]FCDFFAA48AF5C4F00000FCDEFDC9C92C=[%COMMON_APPDATA%]\FCDFFAA48AF5C4F00000FCDEFDC9C92C\FCDFFAA48AF5C4F00000FCDEFDC9C92C.exe
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=14
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]oayavmrx=[%LOCAL_APPDATA%]\tppyvx\cdjysftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MALWARE PROTECTION=[%APPDATA%]\defender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LKGGOPABUH=[%PROFILE_TEMP%]\Cdx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QNB2EB90WX=[%PROFILE_TEMP%]\Vfh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]osfrktdx=[%PROFILE_TEMP%]\deroympxe\ilnnbwhlajb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]7C3F44C5A51D115500007C3EC88D1790=[%COMMON_APPDATA%]\7C3F44C5A51D115500007C3EC88D1790\7C3F44C5A51D115500007C3EC88D1790.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bavckdl70.exe="[%APPDATA%]\E09AB2C9D39AF14113C70D149AC3093C\bavckdl70.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Kw0.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]00D06049E21E6EB1000000D05F7D72A1=[%COMMON_APPDATA%]\00D06049E21E6EB1000000D05F7D72A1\00D06049E21E6EB1000000D05F7D72A1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Urf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]5CCC9AB8FF40CC3500005CCC3DF6D64A=[%COMMON_APPDATA%]\5CCC9AB8FF40CC3500005CCC3DF6D64A\5CCC9AB8FF40CC3500005CCC3DF6D64A.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]88E2AB2D9EDC8778000088E222528E8A=[%COMMON_APPDATA%]\88E2AB2D9EDC8778000088E222528E8A\88E2AB2D9EDC8778000088E222528E8A.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]187A9ED3D65C5BEB0000187A865F61FD=[%COMMON_APPDATA%]\187A9ED3D65C5BEB0000187A865F61FD\187A9ED3D65C5BEB0000187A865F61FD.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%APPDATA%\Microsoft\wautlc.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ascnghmp=[%LOCAL_APPDATA%]\fvretwldu\affeyhgshdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UO8KTAT1GY=[%PROFILE_TEMP%]\Pjg.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Internet Security=[%APPDATA%]\isecurity.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sjtutpnv=[%LOCAL_APPDATA%]\jjfgsn\chhksftav.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=cru629.dat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\tjujwt.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-eenk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]2E4801080B7D6C8100002E47D2C470B9=[%COMMON_APPDATA%]\2E4801080B7D6C8100002E47D2C470B9\2E4801080B7D6C8100002E47D2C470B9.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT22DD.tmp.exe=[%PROFILE_TEMP%]\DAT22DD.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=%APPDATA%\Microsoft\volbi.exe,explorer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KUGHGZXAKT=[%WINDOWS%]\TEMP\Pf1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]A243FF01E3629E840000A2435CC2A2A0=[%COMMON_APPDATA%]\A243FF01E3629E840000A2435CC2A2A0\A243FF01E3629E840000A2435CC2A2A0.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]03874569874596=[%COMMON_APPDATA%]\gwr\rwg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]7A6B950707CCC14700007A6B1AA6CC26=[%COMMON_APPDATA%]\7A6B950707CCC14700007A6B1AA6CC26\7A6B950707CCC14700007A6B1AA6CC26.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe, "[%APPDATA%]\Microsoft\Windows\msshell.exe"
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=688
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]ACED051F3EEF46520000ACEC58384BB7=[%COMMON_APPDATA%]\ACED051F3EEF46520000ACEC58384BB7\ACED051F3EEF46520000ACEC58384BB7.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]0F1D388161BF245B00000F1D296E2E51=[%COMMON_APPDATA%]\0F1D388161BF245B00000F1D296E2E51\0F1D388161BF245B00000F1D296E2E51.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]3AE4EF8824F6F2C800003AE4B4A7F74F=[%COMMON_APPDATA%]\3AE4EF8824F6F2C800003AE4B4A7F74F\3AE4EF8824F6F2C800003AE4B4A7F74F.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]CC9DC81D357730F20000CC9CFB8737F0=[%COMMON_APPDATA%]\CC9DC81D357730F20000CC9CFB8737F0\CC9DC81D357730F20000CC9CFB8737F0.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=1632552
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3fc00de1-70d2-40bb-9afa-c961c8ed390b=rundll32.exe "[%COMMON_APPDATA%]\3fc00de1-70d2-40bb-9afa-c961c8ed390b.dat", ywjihodeavbjmj
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]E89434589D2455470000E8934BCF5F55=[%COMMON_APPDATA%]\E89434589D2455470000E8934BCF5F55\E89434589D2455470000E8934BCF5F55.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jtdyvjsu=[%PROFILE_TEMP%]\aevbhbxla\rjiywfdhmof.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]2A7AB6A826EA78C900002A7A8C3883B2=[%COMMON_APPDATA%]\2A7AB6A826EA78C900002A7A8C3883B2\2A7AB6A826EA78C900002A7A8C3883B2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]2C810BC3563092CA00002C80DF4696EA=[%COMMON_APPDATA%]\2C810BC3563092CA00002C80DF4696EA\2C810BC3563092CA00002C80DF4696EA.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]3A80407B156FE98B00003A800602F16D=[%COMMON_APPDATA%]\3A80407B156FE98B00003A800602F16D\3A80407B156FE98B00003A800602F16D.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fyvlyoku=[%LOCAL_APPDATA%]\fvqhjalfj\irgrwrmshdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]piuuiipg=[%LOCAL_APPDATA%]\gufyiv\cgiysysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]28E8FA9A9D7AB7D3000028E8D1B6BCC4=[%COMMON_APPDATA%]\28E8FA9A9D7AB7D3000028E8D1B6BCC4\28E8FA9A9D7AB7D3000028E8D1B6BCC4.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]D0140BAD6ECACD8F0000D0133B9DD12D=[%COMMON_APPDATA%]\D0140BAD6ECACD8F0000D0133B9DD12D\D0140BAD6ECACD8F0000D0133B9DD12D.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]AEA500C4288CBB820000AEA45222BE6A=[%COMMON_APPDATA%]\AEA500C4288CBB820000AEA45222BE6A\AEA500C4288CBB820000AEA45222BE6A.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]A2553EEE8408EC580000A2549CA2F566=[%COMMON_APPDATA%]\A2553EEE8408EC580000A2549CA2F566\A2553EEE8408EC580000A2549CA2F566.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]egeqeovl=[%LOCAL_APPDATA%]\lhanfqamy\nywsfmbtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]E0D84CFD5163B45F0000E0D76C2DBC36=[%COMMON_APPDATA%]\E0D84CFD5163B45F0000E0D76C2DBC36\E0D84CFD5163B45F0000E0D76C2DBC36.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=1868852841
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]126117AE9C84C0FD000012610555C92F=[%COMMON_APPDATA%]\126117AE9C84C0FD000012610555C92F\126117AE9C84C0FD000012610555C92F.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]9886EEDB194EB9E9000098865661C6ED=[%COMMON_APPDATA%]\9886EEDB194EB9E9000098865661C6ED\9886EEDB194EB9E9000098865661C6ED.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]ABCE72FBEB1A9D6A0000ABCDC732A1E8=[%COMMON_APPDATA%]\ABCE72FBEB1A9D6A0000ABCDC732A1E8\ABCE72FBEB1A9D6A0000ABCDC732A1E8.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]784B799093CF0B060000784B014B1084=[%COMMON_APPDATA%]\784B799093CF0B060000784B014B1084\784B799093CF0B060000784B014B1084.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]788F9494991C0E7E0000788F1C091213=[%COMMON_APPDATA%]\788F9494991C0E7E0000788F1C091213\788F9494991C0E7E0000788F1C091213.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]1005674685=[%LOCAL_APPDATA%]\css.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%APPDATA%]\DarkMinecraft.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bwcpxfgt=[%PROFILE_TEMP%]\bqnqwmgob\wrsavejtsbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]unkqtjcy=[%PROFILE_TEMP%]\ptyntyepd\fvwxqxstsbl.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Dfq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QNB2EB90WX=[%PROFILE_TEMP%]\Jgg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]CC7CCCE373534EFE0000CC7C007057E3=[%COMMON_APPDATA%]\CC7CCCE373534EFE0000CC7C007057E3\CC7CCCE373534EFE0000CC7C007057E3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]316C61CF1BEC73FC0000316C30657687=[%COMMON_APPDATA%]\316C61CF1BEC73FC0000316C30657687\316C61CF1BEC73FC0000316C30657687.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-aeti.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]DC9D0402336228D50000DC9C276B2DF7=[%COMMON_APPDATA%]\DC9D0402336228D50000DC9C276B2DF7\DC9D0402336228D50000DC9C276B2DF7.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]658511030=[%LOCAL_APPDATA%]\uyv.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=[%SYSTEM%]\karna.dat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BSK91O3T6D=[%PROFILE_TEMP%]\Mzh.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=453775
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]U36VRSFLG6=[%PROFILE_TEMP%]\Jxl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Internet Explorer=[%PROGRAM_FILES%]\Internet Explorer\vlcas.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bwawrgle=[%PROFILE_TEMP%]\dilscuybd\rwowqsbxsik.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vgpitoqt=[%PROFILE_TEMP%]\yvdqwjjrf\yjtrhvxlajb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]braviax=braviax.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]63194730=[%COMMON_APPDATA%]\63194730\63194730.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]42164522=[%COMMON_APPDATA%]\42164522\42164522.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{10b9e92f-421e-44b2-a093-9de0f3fab2bc}=(EMPTY)
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ApmG5sQJ6E8R9Yw8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MigAutoPlay="[%COMMON_APPDATA%]\MigAutoPlay.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]77007122=[%COMMON_APPDATA%]\77007122\77007122.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Knr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]6223F29EA2F61D640000622390812375=[%COMMON_APPDATA%]\6223F29EA2F61D640000622390812375\6223F29EA2F61D640000622390812375.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]2F043C7A524B8E7F00002F040D7C94CF=[%COMMON_APPDATA%]\2F043C7A524B8E7F00002F040D7C94CF\2F043C7A524B8E7F00002F040D7C94CF.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEM%]\back\sysdiag.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%APPDATA%]\system32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]2934947207=[%LOCAL_APPDATA%]\wwp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]437545536=[%LOCAL_APPDATA%]\yky.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe [%SYSTEM%]\microsoft\Login.scr
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]642291B6FB28C687000064222D9ED08A=[%COMMON_APPDATA%]\642291B6FB28C687000064222D9ED08A\642291B6FB28C687000064222D9ED08A.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]51634726=[%COMMON_APPDATA%]\51634726\51634726.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fd087f02-1fd8-453b-9f2b-a9041acbf609=rundll32.exe "[%COMMON_APPDATA%]\fd087f02-1fd8-453b-9f2b-a9041acbf609.dat", ypknaoutxnu
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Ghd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]38D896A0C0A741F8000038D85DCC45DB=[%COMMON_APPDATA%]\38D896A0C0A741F8000038D85DCC45DB\38D896A0C0A741F8000038D85DCC45DB.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]E033405D468031020000E032602F3551=[%COMMON_APPDATA%]\E033405D468031020000E032602F3551\E033405D468031020000E032602F3551.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=[%COMMON_APPDATA%]\browse~2\261095~1.52\{c16c1~1\browse~1.dll karna.dat
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ggitlhpy=[%PROFILE_TEMP%]\riekmukoi\texepyjlajb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KUGHGZXAKT=[%PROFILE_TEMP%]\Wnr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]72292F855876713C00007228BD607516=[%COMMON_APPDATA%]\72292F855876713C00007228BD607516\72292F855876713C00007228BD607516.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tispswyv=[%LOCAL_APPDATA%]\ybvttk\becosftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Wrr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZU6RKI1ONY=[%WINDOWS%]\Wkipec.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]6604ACF05FD3F8F80000660446F400E0=[%COMMON_APPDATA%]\6604ACF05FD3F8F80000660446F400E0\6604ACF05FD3F8F80000660446F400E0.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-rlfp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]tmp=[%APPDATA%]\defender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Zzd.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CBA09293DEE49E
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]H3O8CABBPI=[%WINDOWS%]\Zrevua.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bjqkvqri=[%PROFILE_TEMP%]\hityfiyii\omcdhsfaffm.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xakdohtk=[%LOCAL_APPDATA%]\unkakiadm\emcxbwtshdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xakdohtk=[%LOCAL_APPDATA%]\unkakiadm\emcxbwtshdw.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROGRAM_FILES%]\System32\System32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Bsl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Adobe ARM="[%COMMON_APPDATA%]\ifgxpers.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rkrtebcg=[%PROFILE_TEMP%]\cntnsbltn\gbdjmhusika.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Krp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\gmfwjt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]74762C49EBD8B77000007475B7DCBFFC=[%COMMON_APPDATA%]\74762C49EBD8B77000007475B7DCBFFC\74762C49EBD8B77000007475B7DCBFFC.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4089812355=[%LOCAL_APPDATA%]\umi.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ixqm.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]braviax=[%SYSTEM%]\braviax.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]newsecureapp70700.exe=[%APPDATA%]\ABBCD873F5018EE35A8DF8FFACAF3AD5\newsecureapp70700.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]C0E6DF54C86800960000C0E61E7506F3=[%COMMON_APPDATA%]\C0E6DF54C86800960000C0E61E7506F3\C0E6DF54C86800960000C0E61E7506F3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Www.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]frlohiql=[%LOCAL_APPDATA%]\khevrqqnk\shdjobltssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATACE1.tmp.exe=[%PROFILE_TEMP%]\DATACE1.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZE18MW23GY=[%WINDOWS%]\Temp\Asq.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-rgpw.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jjue.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Zeldar=[%PROFILE_TEMP%]\c.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4VDD85L8NF=[%WINDOWS%]\msa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LosAlamos=rundll32.exe [%SYSTEM%]\sshnas.dll,NvTaskbarInit
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Adobe ARM="[%APPDATA%]\ifgxpers.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gotnewupdate000.exe=[%APPDATA%]\01C64D2340A6CB1BB99CAAA17C6F401B\gotnewupdate000.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]E6W0KD3FRD=[%WINDOWS%]\TEMP\Twc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]12557828=[%COMMON_APPDATA%]\12557828\12557828.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=708240
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT51B7.tmp.exe=[%PROFILE_TEMP%]\DAT51B7.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]44936B45B291342B0000449326B839D9=[%COMMON_APPDATA%]\44936B45B291342B0000449326B839D9\44936B45B291342B0000449326B839D9.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]eyurfshm=[%PROFILE_TEMP%]\pdrteimjb\xopehustsbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Xhk.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-pqua.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]860D9A5B0678BC510000860D1455C423=[%COMMON_APPDATA%]\860D9A5B0678BC510000860D1455C423\860D9A5B0678BC510000860D1455C423.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Vzl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATA5A1.tmp.exe=[%PROFILE_TEMP%]\DATA5A1.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Ive.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IJKUK66HMN=[%PROFILE_TEMP%]\Cs1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Gpv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZU6RKI1ONY=[%WINDOWS%]\TEMP\Gpw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]06402644007B79D100000640200A8071=[%COMMON_APPDATA%]\06402644007B79D100000640200A8071\06402644007B79D100000640200A8071.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dwme=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT3A27.tmp.exe=[%PROFILE_TEMP%]\DAT3A27.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KOO9RV9K4Z=[%WINDOWS%]\TEMP\Gx1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT704E.tmp.exe=[%PROFILE_TEMP%]\DAT704E.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%COMMON_APPDATA%]\VISHWANATH.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]asp70vdviss.exe=[%APPDATA%]\641547F729A815DD4A0DC4C3E9740EE8\asp70vdviss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lpxjongr=[%PROFILE_TEMP%]\jgffmdkqw\hqsejqcaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]72E51BD68A580528000072E4A8FF1259=[%COMMON_APPDATA%]\72E51BD68A580528000072E4A8FF1259\72E51BD68A580528000072E4A8FF1259.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]46A7D83D2FE5F2F5000046A79198F64D=[%COMMON_APPDATA%]\46A7D83D2FE5F2F5000046A79198F64D\46A7D83D2FE5F2F5000046A79198F64D.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]81945330=[%COMMON_APPDATA%]\81945330\81945330.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]945569A9AB1B890A00009454D5598DC2=[%COMMON_APPDATA%]\945569A9AB1B890A00009454D5598DC2\945569A9AB1B890A00009454D5598DC2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]A20FBDD1CC000FC90000A20F1BCD1A33=[%COMMON_APPDATA%]\A20FBDD1CC000FC90000A20F1BCD1A33\A20FBDD1CC000FC90000A20F1BCD1A33.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZE18MW23GY=[%PROFILE_TEMP%]\Hmi.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Qf1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tcwcphyp=[%LOCAL_APPDATA%]\xnsxdtwsd\vwxsolyshdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\jvpayi.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcn81j0eebe=[%SYSTEM%]\lphcn81j0eebe.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YVIBBBHA8C=[%PROFILE_TEMP%]\Ftx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GoogleChrome=[%PROFILE_TEMP%]\asknpavbb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]DE56B027857CD1850000DE55D1D5D5A7=[%COMMON_APPDATA%]\DE56B027857CD1850000DE55D1D5D5A7\DE56B027857CD1850000DE55D1D5D5A7.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]C4CC436EDC4507E80000C4CB7EAB0F9A=[%COMMON_APPDATA%]\C4CC436EDC4507E80000C4CB7EAB0F9A\C4CC436EDC4507E80000C4CB7EAB0F9A.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Cxd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GoogleChrome=[%PROFILE_TEMP%]\0011a708.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]{d5bf49a2-94f1-42bd-f434-3604812c807d}=FGYbf743iujndsfAfsdfd
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]38097384B6CD3B82000038093B83434A=[%COMMON_APPDATA%]\38097384B6CD3B82000038093B83434A\38097384B6CD3B82000038093B83434A.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]3C45C00AD6D2CA8B00003C4583CAD008=[%COMMON_APPDATA%]\3C45C00AD6D2CA8B00003C4583CAD008\3C45C00AD6D2CA8B00003C4583CAD008.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]12364064=[%COMMON_APPDATA%]\12364064\12364064.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]13464844=[%COMMON_APPDATA%]\13464844\13464844.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]A8E9B5EDFA7D242F0000A8E90D0E2D6F=[%COMMON_APPDATA%]\A8E9B5EDFA7D242F0000A8E90D0E2D6F\A8E9B5EDFA7D242F0000A8E90D0E2D6F.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]260B6F4661821B3A0000260B49402042=[%COMMON_APPDATA%]\260B6F4661821B3A0000260B49402042\260B6F4661821B3A0000260B49402042.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Ljj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3XQZ6EO4AP=[%PROFILE_TEMP%]\Ljh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]0069D56247BFA29300000069D4FAA4C5=[%COMMON_APPDATA%]\0069D56247BFA29300000069D4FAA4C5\0069D56247BFA29300000069D4FAA4C5.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]18C42BFA1EBEFE84000018C4133F0780=[%COMMON_APPDATA%]\18C42BFA1EBEFE84000018C4133F0780\18C42BFA1EBEFE84000018C4133F0780.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphc1m1j0e143=[%SYSTEM%]\lphc1m1j0e143.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GyyccS11ivDon4a8234A=[%APPDATA%]\toonnG44amHsW\b777fEEL8gTZhYw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Bbu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Bbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]905D594F53FCDDA70000905CC8FAE602=[%COMMON_APPDATA%]\905D594F53FCDDA70000905CC8FAE602\905D594F53FCDDA70000905CC8FAE602.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rssevvsw=[%PROFILE_TEMP%]\ccpikgjtj\hahkdgdsika.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jbfrvmks=[%LOCAL_APPDATA%]\kqdogesay\uqvvipotssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]5889CB93D302B990000058897311C0F1=[%COMMON_APPDATA%]\5889CB93D302B990000058897311C0F1\5889CB93D302B990000058897311C0F1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{cf66f9ab-dc55-4ab6-a73a-985bc0f7ccfb}=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]351618311=[%LOCAL_APPDATA%]\tab.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]A0C760E65CCCDB640000A0C6C024E0A8=[%COMMON_APPDATA%]\A0C760E65CCCDB640000A0C6C024E0A8\A0C760E65CCCDB640000A0C6C024E0A8.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Jsm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%PROFILE_TEMP%]\Jsl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W1WIWQ1NPG=[%WINDOWS%]\Jvihoa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]B0DEFAFC443EC74A0000B0DE4A22CC1C=[%COMMON_APPDATA%]\B0DEFAFC443EC74A0000B0DE4A22CC1C\B0DEFAFC443EC74A0000B0DE4A22CC1C.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]5E2E1088308E653D00005E2DB2626D2C=[%COMMON_APPDATA%]\5E2E1088308E653D00005E2DB2626D2C\5E2E1088308E653D00005E2DB2626D2C.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]0EA45547FD7B740D00000EA446AA7AD1=[%COMMON_APPDATA%]\0EA45547FD7B740D00000EA446AA7AD1\0EA45547FD7B740D00000EA446AA7AD1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Metropolis=rundll32.exe [%PROFILE_TEMP%]\sshnas21.dll,GetHandle
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CB8F8080A06780
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Jd1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IKXGVMFZHI=[%WINDOWS%]\TEMP\Hdq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]9ED4A560C1A80FC000009ED406901318=[%COMMON_APPDATA%]\9ED4A560C1A80FC000009ED406901318\9ED4A560C1A80FC000009ED406901318.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]5C603CAB2F6366F600005C5FE0506C13=[%COMMON_APPDATA%]\5C603CAB2F6366F600005C5FE0506C13\5C603CAB2F6366F600005C5FE0506C13.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JDK5SWFMZY=[%PROFILE_TEMP%]\Akd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XA5RJ9EADJ=[%PROFILE_TEMP%]\Akd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lwhlmfnv=[%LOCAL_APPDATA%]\wiqwgxppc\sfgootxtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]F4598A6D376C1DCC0000F458961C2550=[%COMMON_APPDATA%]\F4598A6D376C1DCC0000F458961C2550\F4598A6D376C1DCC0000F458961C2550.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GoogleChrome=[%PROFILE_TEMP%]\luem7ra.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\~tmpb.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]msfox=[%PROFILE_TEMP%]\yyy12913.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Metropolis=rundll32.exe [%SYSTEM%]\sshnas21.dll,GetHandle