Exterminate It! Antimalware

malpedia

Known threats:700,086 Last Update:March 16, 12:51

Testimonials

Hello, I wanted to say thanks for the time you guys spent on getting that Vundo trojan off my computer.

Thanks again, I am highly recommending your software to friends and partners because of the extra effort I know you went to.

Michael M.

FakeAlert- Registry Values List

This is a complete list of FakeAlert registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the FakeAlert - trojan,downloader,hoax.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-yclg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATD100.tmp.exe=[%PROFILE_TEMP%]\DATD100.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]3BF0F7BD3F99BD2200083BF0EF897A44=[%COMMON_APPDATA%]\3BF0F7BD3F99BD2200083BF0EF897A44\3BF0F7BD3F99BD2200083BF0EF897A44.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wacukcer=[%LOCAL_APPDATA%]\sexwvcedd\oefuenashdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ufufqswp=[%LOCAL_APPDATA%]\eqvxvrqtm\onmdpxoshdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Utd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]5EF2ADAA503B388100A75EF206F17102=[%COMMON_APPDATA%]\5EF2ADAA503B388100A75EF206F17102\5EF2ADAA503B388100A75EF206F17102.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Prh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]7812A1665CA6D16B469272EC4F147CE7=[%COMMON_APPDATA%]\7812A1665CA6D16B469272EC4F147CE7\7812A1665CA6D16B469272EC4F147CE7.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bovmmkbb=[%LOCAL_APPDATA%]\eenefe\vrcksftav.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-lncb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Ill.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UO8KTAT1GY=[%PROFILE_TEMP%]\Ncx.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]{c5bf49a2-94f3-42bd-f434-3604812c897d}=mcb7uehuj3n8weuhejsw
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Xhp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSWINSCK.exe=[%PROFILE_TEMP%]\MSWINSCK.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=explorer.exe,[%APPDATA%]\ohydy.exe,[%APPDATA%]\antispy.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]secureapp70700.exe=[%APPDATA%]\E89DF8C910477BAA14A5A7CED09A1E72\secureapp70700.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcgonj0eldl=[%SYSTEM%]\lphcgonj0eldl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ciuxlcll=[%PROFILE_TEMP%]\pkvkniuyc\wowvaciusbs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATF7F5.tmp.exe=[%PROFILE_TEMP%]\DATF7F5.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]09615328=[%COMMON_APPDATA%]\09615328\09615328.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qackssmg=[%LOCAL_APPDATA%]\ppjqty\jxaksysguard.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=1465662019
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%WINDOWS%]\TEMP\Gw1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LKGGOPABUH=[%PROFILE_TEMP%]\Wdx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Win32load=[%APPDATA%]\c338c.exe -lds
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]patchsetup70700.exe=[%APPDATA%]\65C0CB464888A955DEB170BCBB07EBF6\patchsetup70700.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]f4f1cd1c-77e3-4cfc-8502-5d56e2f991dd_35="[%SYSTEM%]\rundll32.exe" "[%COMMON_APPDATA%]\f4f1cd1c-77e3-4cfc-8502-5d56e2f991dd_35.avi", DllUnregisterServer
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PERSONAL%]\.system32\system32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT746C.tmp.exe=[%PROFILE_TEMP%]\DAT746C.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT1C.tmp.exe=[%PROFILE_TEMP%]\DAT1C.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tVrzzNNxA0uSiDp8234A=[%APPDATA%]\Qd9hUCINy0FpGaQ\g6ddWK7fL9gTqYe.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rqqqhYYXwkUVlOt=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-lyou.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]{020487CC-FC04-4B1E-863F-D9801796230B}=Windows Installer Class
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]odb=[%WINDOWS%]\odb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]netzip=[%WINDOWS%]\svzip.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]IPC Configuration Utility=IPC Configuration Utility
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]netx=[%WINDOWS%]\svx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UO8KTAT1GY=[%PROFILE_TEMP%]\Lmd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT11CB.tmp.exe=[%PROFILE_TEMP%]\DAT11CB.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\a.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]U36VRSFLG6=[%PROFILE_TEMP%]\Qbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MNTK1K67YO=[%WINDOWS%]\Qselea.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATB023.tmp.exe=[%PROFILE_TEMP%]\DATB023.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT4AB9.tmp.exe=[%PROFILE_TEMP%]\DAT4AB9.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT6CA9.tmp.exe=[%PROFILE_TEMP%]\DAT6CA9.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CY08W456F0=[%PROFILE_TEMP%]\Ub0.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GAGEZ8R8ZB=[%WINDOWS%]\Ucacea.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT5263.tmp.exe=[%PROFILE_TEMP%]\DAT5263.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-lgpf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT61F3.tmp.exe=[%PROFILE_TEMP%]\DAT61F3.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATD221.tmp.exe=[%PROFILE_TEMP%]\DATD221.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-mwio.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT8B2E.tmp.exe=[%PROFILE_TEMP%]\DAT8B2E.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT1056.tmp.exe=[%PROFILE_TEMP%]\DAT1056.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-wjum.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT7A4F.tmp.exe=[%PROFILE_TEMP%]\DAT7A4F.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT2FB7.tmp.exe=[%PROFILE_TEMP%]\DAT2FB7.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATF8EE.tmp.exe="[%PROFILE_TEMP%]\DATF8EE.tmp.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT4069.tmp.exe=[%PROFILE_TEMP%]\DAT4069.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fsot.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-cynw.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SMrhcl9cj0endp=[%PROGRAM_FILES%]\rhcl9cj0endp\rhcl9cj0endp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Somefox=[%PROFILE_TEMP%]\103.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-aetw.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jsvq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATDC7D.tmp.exe=[%PROFILE_TEMP%]\DATDC7D.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jpux.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATB6AA.tmp.exe=[%PROFILE_TEMP%]\DATB6AA.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Aqx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT8FE1.tmp.exe=[%PROFILE_TEMP%]\DAT8FE1.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-pnph.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Ddr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Ob1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qxvqrjgf=[%LOCAL_APPDATA%]\fcfanj\aidlsftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sxtooalm=[%LOCAL_APPDATA%]\lqbclp\ajoqsftav.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-akse.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-sbpe.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nrqh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT3542.tmp.exe=[%PROFILE_TEMP%]\DAT3542.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT453E.tmp.exe=[%PROFILE_TEMP%]\DAT453E.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATB4B2.tmp.exe=[%PROFILE_TEMP%]\DATB4B2.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-huvm.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ynno.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ethg.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nbot.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-einm.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nmcn.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ideg.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ovmb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT32DD.tmp.exe=[%PROFILE_TEMP%]\DAT32DD.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\dcvwcl.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-faom.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nruv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Zzh.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ooqp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fbti.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-rcpa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]34416624=[%COMMON_APPDATA%]\34416624\34416624.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qcag.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jdqh.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-gnbo.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-homj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]U36VRSFLG6=[%PROFILE_TEMP%]\Bqm.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ikco.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-tidj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%WINDOWS%]\TEMP\Yd0.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT2BC2.tmp.exe=[%PROFILE_TEMP%]\DAT2BC2.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-knea.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-vgam.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xsvr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nkuc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NordBull=[%WINDOWS%]\msa.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-syek.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ufapgfpk=[%PROFILE_TEMP%]\qkhnofkhq\uyxqtokaffm.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-lhlk.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-htrt.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-tjqv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT30C0.tmp.exe=[%PROFILE_TEMP%]\DAT30C0.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xssm.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qheh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT499D.tmp.exe=[%PROFILE_TEMP%]\DAT499D.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-pwgy.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\sqndmg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\b.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Cwy.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Cwx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]B60JHDGR6V=[%WINDOWS%]\Czofaa.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ueag.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]zeazem=[%PROFILE%]\zeazem.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Zlh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\5501.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%APPDATA%]\Wintool.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-dqwt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT8EA8.tmp.exe=[%PROFILE_TEMP%]\DAT8EA8.tmp.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]{ba934431-76af-4c99-93c2-c3d21944a72e}=gey
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wuyfsywf=[%PROFILE_TEMP%]\tdlovoykt\phvhqiyaffm.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\sufcjy\qnoosysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QNB2EB90WX=[%PROFILE_TEMP%]\Fwh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Llr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3682773375=[%LOCAL_APPDATA%]\tut.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WEK9EMDHI9=[%WINDOWS%]\Ldurub.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-plwf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT35FE.tmp.exe=[%PROFILE_TEMP%]\DAT35FE.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\839A.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bgqo.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT62B0.tmp.exe=[%PROFILE_TEMP%]\DAT62B0.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT5054.tmp.exe=[%PROFILE_TEMP%]\DAT5054.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT8C09.tmp.exe=[%PROFILE_TEMP%]\DAT8C09.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Rsv.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jydr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-wlss.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-vdaj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gcdwvgdp=[%LOCAL_APPDATA%]\muxplqvmh\obmllnctssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-orer.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]78308127=[%COMMON_APPDATA%]\78308127\78308127.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ndwq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT6472.tmp.exe=[%PROFILE_TEMP%]\DAT6472.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bewabbho=[%LOCAL_APPDATA%]\tofaxbuie\rmjwuhotssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-sgub.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nxjs.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-dbdj.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]19374684=[%COMMON_APPDATA%]\19374684\19374684.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-kgeo.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SMrhcl5tj0epe3=[%PROGRAM_FILES%]\rhcl5tj0epe3\rhcl5tj0epe3.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcg5tj0epe3=[%SYSTEM%]\lphcg5tj0epe3.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ltrx.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-hyfy.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-gmci.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-mdpv.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-cqye.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-yjss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Hrf.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-gwva.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-oldo.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-epwy.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fpto.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sjsjbbat=[%PROFILE_TEMP%]\ebsepuepa\ecanhowagnz.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yqdprppt=[%PROFILE_TEMP%]\cltkkfmtk\jdmwpqhagnz.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-furi.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-njxu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSS="[%COMMON_APPDATA%]\ccb19d\MSccb_284.exe" /s
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-kwhh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GHWAUC6NNZ=[%WINDOWS%]\TEMP\Gvr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-wxnu.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jlcc.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xvti.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-owql.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-yidr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bqju.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xhcn.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xoro.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-loap.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-dgkf.exe
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][%WINDOWS%]\SYSTEM\se.exe=[%SYSTEM%]\se.exe:*:Enabled:se
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bstuctpd=[%LOCAL_APPDATA%]\llwmyl\expnsysguard.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-winf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General]Wallpaper=%SystemRoot%\system32\critical_warning.html
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]T7PKEYSDPX=[%WINDOWS%]\TEMP\Kpr .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Fvk.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-waun.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-drwt.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-higs.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-trxr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ukla.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]iqueavtd=[%LOCAL_APPDATA%]\xoivnngdo\nldarsjtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jcaxivdp=[%LOCAL_APPDATA%]\sghudlunm\rddumhltssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vqwisaaf=[%LOCAL_APPDATA%]\qjyljwbql\gdkhrkftssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xkun.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YmGG5sQJ6EK8R=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qTXwjUCelBzNx1v=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]uffRL9hTXjUCkBz8234A=[%APPDATA%]\cjUUCelIr\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ehhYXwjUVeI8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]f6dWK7fRLgXjCkV8234A=[%APPDATA%]\BpmG5aQJ6W8R9Tq\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xVelIBtzPyA8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bnho.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fhjr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-srky.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3FWHZQA3LT=[%PROFILE_TEMP%]\Kke.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mainfull70707.exe=[%APPDATA%]\C6B37609D86849442B2E9543936D6121\mainfull70707.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nxtf.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fpqd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bvugqdef=[%LOCAL_APPDATA%]\njylhnqno\ojumglmuqiw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Gtd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-oqep.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ooij.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Bkg.exe
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=266
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R4B1ZAOPF5=[%PROFILE_TEMP%]\Gt1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%INTERNET_CACHE%]\Content.IE5\[%RANDOM_NAME%]\8229a3485163f87857b742631affcee9[1]
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Ck1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZU6RKI1ONY=[%WINDOWS%]\TEMP\Ck0 .exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-odou.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-egws.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ldfv.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-udjw.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jyff.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qlrq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QNB2EB90WX=[%SYSTEM_DRIVE%]\Temp\Vjx.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ohae.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-adig.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ofjg.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-dvge.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jiet.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-tfyd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-uqjk.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ettk.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qlaj.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-enbp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-pwsf.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jlna.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-mcdy.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector="[%APPDATA%]\Protector-jlna.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT990E.tmp.exe=[%PROFILE_TEMP%]\DAT990E.tmp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-htio.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bacj.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nsex.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nled.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fxcy.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qdug.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-acjc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jhjmhitw=[%LOCAL_APPDATA%]\arcltrwqe\jqnswngtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]753423387=[%LOCAL_APPDATA%]\yfm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATF4FE.tmp.exe=[%PROFILE_TEMP%]\DATF4FE.tmp.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kupycbkh=[%LOCAL_APPDATA%]\jnohnv\ejqmsftav.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kxxbvjtd=[%LOCAL_APPDATA%]\owyxsm\utjpsftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kupycbkh=[%LOCAL_APPDATA%]\jnohnv\ejqmsftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kxxbvjtd=[%LOCAL_APPDATA%]\owyxsm\utjpsftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vptughwp=[%PROFILE_TEMP%]\oxqwxlema\wgwnnmcyhsn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xglneldi=[%PROFILE_TEMP%]\cwtxxkdku\whpdqtmyhsn.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-junn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vxtbedkf=[%PROFILE_TEMP%]\tqmnthgpb\hjefvogsjmo.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bvev.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Zj3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XMZH42I4GI=[%WINDOWS%]\Zkufog.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Zjr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ruvl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R8388QA8U8=[%PROFILE_TEMP%]\Hxd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jnca.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Mvd.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Kbq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ROUA3O12PW=[%WINDOWS%]\msa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]F5JMWNZTHI=[%PROFILE_TEMP%]\Ffh.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-aqut.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-vjah.exe
  • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][%WINDOWS%]\SYSTEM\dop.exe=[%SYSTEM%]\dop.exe:*:Enabled:se
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-hyjb.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]s3pmG5sQJdKgZhX8234A=[%SYSTEM%]\B9gTZqjYCkVzNx0.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yQH6sWK7fLgXje8234A=[%SYSTEM%]\DkUVelOBtPySiD.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PTXqjYCeIrOyAuS8234A=[%SYSTEM%]\cP0cS1ivDoGaHsK.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LZ9hTXwjUeItPy8234A=[%SYSTEM%]\B0cSibF3pJ.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]ProductId=VIRUS ALERT!
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nvcy.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ilnv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wegtvdud=[%LOCAL_APPDATA%]\gsxhrj\dbffsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wegtvdud=[%LOCAL_APPDATA%]\gsxhrj\dbffsysguard.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xuji.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-hbiu.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-mwpw.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-hdcv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O="[%PROFILE_TEMP%]\Gnh.exe"
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ohls.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R8388QA8U8=[%PROFILE_TEMP%]\Esr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3053613103=[%LOCAL_APPDATA%]\mlm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]0ESKOMO9JO=[%PROFILE_TEMP%]\Vvk.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]{020487cc-fc04-4b1e-863f-d9801796230b}=Windows Installer Class
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Qfw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]9a8aa042-f2e6-4bcb-992f-1375457c892e=rundll32.exe "[%COMMON_APPDATA%]\9a8aa042-f2e6-4bcb-992f-1375457c892e.dat", zubwdnzeg
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]icuvcnuk=[%LOCAL_APPDATA%]\xtdkmb\qpylsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hpuggdfi=[%LOCAL_APPDATA%]\ajvjltgyl\tpxytbjshdw.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-lfsn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Jbd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-rrcl.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-evtb.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-tets.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Xhd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vooneavn=[%LOCAL_APPDATA%]\awpejc\gocfsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wowmlwoh=[%LOCAL_APPDATA%]\tkgnjv\ggxgsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yniwwssj=[%LOCAL_APPDATA%]\nqbote\grjjsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ynjkxieb=[%LOCAL_APPDATA%]\laiihp\graosysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]anhjvdhq=[%LOCAL_APPDATA%]\ohtvgs\gssesysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dmsggkab=[%LOCAL_APPDATA%]\keheep\gfocsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]anhvuouy=[%LOCAL_APPDATA%]\qxmdsh\gscysysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cmdhqpnn=[%LOCAL_APPDATA%]\xdblec\guxysysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dmbfnhsu=[%LOCAL_APPDATA%]\drxndj\gwjdsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]elpqclsp=[%LOCAL_APPDATA%]\rjwnpk\ghjbsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kkeloblp=[%LOCAL_APPDATA%]\opiukl\gnfusysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mjaijnrm=[%LOCAL_APPDATA%]\wlpkiu\gpkpsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]njwtfplb=[%LOCAL_APPDATA%]\eqettp\grfosysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pidslhgl=[%LOCAL_APPDATA%]\algqsm\gktgsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qiadhjya=[%LOCAL_APPDATA%]\hruyei\gmpfsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rixdgfbq=[%LOCAL_APPDATA%]\kygnel\gniusysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]shncuynd=[%LOCAL_APPDATA%]\wamgdx\gxyxsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sheokiki=[%LOCAL_APPDATA%]\ikarpw\ghghsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]thlnsfdc=[%LOCAL_APPDATA%]\bxpbpp\gybisysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]thcaiobg=[%LOCAL_APPDATA%]\miemco\giiqsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]thkarprj=[%LOCAL_APPDATA%]\doiicf\gykdsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wgwkdlvl=[%LOCAL_APPDATA%]\wuejmm\glwgsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]uhqyximt=[%LOCAL_APPDATA%]\yjkfbb\grytsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xgcvhofd=[%LOCAL_APPDATA%]\tgxnxx\geursysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xgevjsdn=[%LOCAL_APPDATA%]\rymayu\gdbcsysguard.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-emwf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lygfvyyy=[%LOCAL_APPDATA%]\gdgrrbdxg\jlhenthtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Rjw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ldbpdykk=[%PROFILE_TEMP%]\dkjnvlnen\weabsuulajb.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nesd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qdisvdis=[%LOCAL_APPDATA%]\xcsfof\oysnsftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\qhfino.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-yqvo.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bggf.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-klul.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-wpaq.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-nffd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-vygt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]c06272e5-c762-4001-87d7-4bc073897b0f=rundll32.exe "[%COMMON_APPDATA%]\c06272e5-c762-4001-87d7-4bc073897b0f.dat", vgfauphxk
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NordBull=[%WINDOWS%]\temp\991745.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UO8KTAT1GY=[%WINDOWS%]\TEMP\Ybj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%WINDOWS%]\TEMP\Ybm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%WINDOWS%]\TEMP\Ybl .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WHMDNR9LKK=[%WINDOWS%]\TEMP\Ybj .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MFJJEC0A1L=[%WINDOWS%]\TEMP\Ybj .exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jgub.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-wand.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-wssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-eitr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mediafix70700en02.exe=[%APPDATA%]\2EAC261F6C86B62CA0B676FF45DA5DDA\mediafix70700en02.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-marv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]0ESKOMO9JO=[%PROFILE_TEMP%]\Twe.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xbsn.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]t7dEK8gRZhXkVlB8234A=[%PROGRAM_FILES%]\Internet Explorer\plugins\iexplore.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]uF4pmH5sQ7E8RqY8234A=[%SYSTEM%]\drivers\svhost.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qjvw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yxcmospt=[%PROFILE_TEMP%]\ewsonqmxt\nctpthrsjmo.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bpox.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UNrcJcrVSu.exe=[%PROFILE_TEMP%]\UNrcJcrVSu.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-sokq.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-krvf.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-tpnn.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Wkm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Wfl.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-hvxd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-line.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Ssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QNB2EB90WX=[%WINDOWS%]\TEMP\Acx.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-mnjy.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-mxpl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BSK91O3T6D=[%PROFILE_TEMP%]\Hsh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\oxrpxp.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-iyre.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]utjxttjj=[%PROFILE_TEMP%]\fvjiwdknl\bppqaesyhsn.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qfsa.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-kjqc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Wsr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%SYSTEM_DRIVE%]\Temp\Um1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OO1310T0QS=[%WINDOWS%]\Ytiwia.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SNJQ66R8MU=[%PROFILE_TEMP%]\Yst.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%WINDOWS%]\sysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sddrynju=[%LOCAL_APPDATA%]\ylghmm\jwcosftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sddrynju=[%LOCAL_APPDATA%]\ylghmm\jwcosftav.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-vxfo.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-cvot.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CY08W456F0=[%PROFILE_TEMP%]\Ewz.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]k70ccreloc.exe=[%APPDATA%]\A7C5F04F0694169B5E0F6DE59F5C1EC6\k70ccreloc.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fuda.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qyex.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]apnnmsmm=[%LOCAL_APPDATA%]\ngflwnlya\ydkpadhtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sfusthno=[%LOCAL_APPDATA%]\cvkgbmggy\vrodxvatssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fjek.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-xuvr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-klpd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Ig1.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-lftb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BMIMZMHMFM=[%PROFILE_TEMP%]\Gs2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WS9E3IQBKY=[%PROFILE_TEMP%]\Gs1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\antispy.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]U36VRSFLG6=[%PROFILE_TEMP%]\Jhv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TRSIN24POB.EXE=[%APPDATA%]\C545D0E1C3A27CF136514C5D524B5A6D\trsin24pob.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-ngdd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bkey.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CAE78CB1AEBEDC
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-gchs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Cbd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lqqtqgnw=[%LOCAL_APPDATA%]\syblnxpom\thlgftctssd.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-coqc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]1184311003=[%LOCAL_APPDATA%]\dsu.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-litf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]braviax=(EMPTY)
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UO8KTAT1GY=[%PROFILE_TEMP%]\Xd0.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jjoy.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Halo2=rundll32.exe [%PROFILE_TEMP%]\sshnas21.dll,GetMainWnd
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%PROGRAM_FILES%]\PCHealth\Spytech SpyAgent\sysdiag.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Qp1.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]APCS=[%PROFILE_TEMP%]\scandsk107f_8020(1).exe /cs:1
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%WINDOWS%]\win32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Isv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JDK5SWFMZY=[%PROFILE_TEMP%]\Frl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]VRZJ8K91NT=[%WINDOWS%]\Flisoa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mediafix70700en02.exe=[%APPDATA%]\18A0958E839D15376FD7AF8F7BF18528\mediafix70700en02.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\T1p.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XMZH42I4GI=[%WINDOWS%]\Tnisai.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Tvr.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]msfox=[%PROFILE_TEMP%]\video1140.cfg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Mzh.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-fsjx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]F5JMWNZTHI=[%PROFILE_TEMP%]\Aqd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Lxq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Eq1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Obr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DD1APJEZAI=[%WINDOWS%]\Odelea.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-pleb.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-bpu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]oobnntrq=[%PROFILE_TEMP%]\nrmkstfgi\yyqsfmosika.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SNJQ66R8MU=[%PROFILE_TEMP%]\Pxr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-hnm.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-cmc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kuivjunf=[%LOCAL_APPDATA%]\kdlwhistt\vxoxcbltssd.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SMrhc7t0j0ev1a=[%PROGRAM_FILES%]\rhc7t0j0ev1a\rhc7t0j0ev1a.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dddEEK8gR=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%LOCAL_SETTINGS%]\[%PROFILE_TEMP%]\Rzx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KOO9RV9K4Z=[%PROFILE_TEMP%]\Qcl.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-iex.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]APCS="[%PROFILE_TEMP%]\scandsk107i_8020 (1).exe" /cs:1
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%PROFILE_TEMP%]\Mpr.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-cjt.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-qpy.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-jpl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YXE7DXCQ37=[%PROFILE_TEMP%]\Pnj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\aarwup.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tlxfkjub=[%LOCAL_APPDATA%]\avsukr\vvjwsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ASH24SXZ9S=[%PROFILE_TEMP%]\Gfe.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JCFSE7V7Z1=[%PROFILE_TEMP%]\Gfc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Pcz.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KUGHGZXAKT=[%WINDOWS%]\TEMP\Prr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KCSCPW1HKH=[%WINDOWS%]\TEMP\Prq.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]brastk=[%SYSTEM%]\brastk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nficunkk=[%PROFILE_TEMP%]\tkkntleeh\bslfmocuerb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gotnewupdate000.exe=[%APPDATA%]\E327AC430FA7D9F85FF436204AC3E89F\gotnewupdate000.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Win32load=[%APPDATA%]\be180.exe -lds
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-smu.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tmmGG5ssQJdEKfR8234A=[%SYSTEM%]\yyyccA11uv2ob4.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TONNttu1ibDn4aH8234A=[%SYSTEM%]\WqqqjYYCwkIr.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]errzzOyx0uSFp58234A=[%SYSTEM%]\xGG5aQJd8RLXjU.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]C6ddEK8fRZ9hXwU8234A=[%SYSTEM%]\e1uuvD2ob4mG5Q.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TaaQQH6ss8234A=[%SYSTEM%]\qxxAA0uccSibDpG.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QXXqqjUCekIBzOy8234A=[%SYSTEM%]\DWKK88fRL9h.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]iEKKgZYwjVeItzN8234A=[%SYSTEM%]\PmmHH5sQJ7d.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FTjwVltPc1Dn8234A=[%SYSTEM%]\YgqCIztASb3na6K.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]j66dKRZhjeIrPyA8234A=[%SYSTEM%]\evDD2oobF4pm5s.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HTTTZqqhYCkUVl8234A=[%SYSTEM%]\TonnGG4amH6WJfE.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OW1T3CYG7T=[%WINDOWS%]\TEMP\Uvw.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1C95CAF59F94D74
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Wwv.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CA6D3ACE02F70
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=15
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dfumlqkk=[%LOCAL_APPDATA%]\jjsfoygbu\xrchhmutssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pyqmuhjb=[%LOCAL_APPDATA%]\mmuuodurb\jmjjivdtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rvvpjqmj=[%LOCAL_APPDATA%]\yhfbmioup\jcdqovktssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bjnjaimf=[%LOCAL_APPDATA%]\cfrdldlow\jfbaaadtssd.exe