Exterminate It! Antimalware

malpedia

Known threats:700,086 Last Update:March 16, 12:51

Testimonials

Hello, I wanted to say thanks for the time you guys spent on getting that Vundo trojan off my computer.

Thanks again, I am highly recommending your software to friends and partners because of the extra effort I know you went to.

Michael M.

FakeAlert- Registry Values List

This is a complete list of FakeAlert registry values collected by Exterminate It!. If you find any of these registry values on your PC, your computer is very likely to be infected with the FakeAlert - trojan,downloader,hoax.

IMPORTANT: Because the registry is a core component of your Windows system, it is strongly recommended that you back up the registry before you begin deleting keys and values. For information about backing up the Windows registry, refer to the Registry Editor online help.
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mmvvodsu=[%LOCAL_APPDATA%]\tcihkvigb\jjryokgtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ltjggjoj=[%LOCAL_APPDATA%]\sxpmjdclt\jxrrsdctssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]anjkricr=[%LOCAL_APPDATA%]\xtiqhuxcr\jdbgkuqtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SNJQ66R8MU=[%PROFILE_TEMP%]\Ikq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Fdf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Dfm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GHWAUC6NNZ=[%PROFILE_TEMP%]\Ejw.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CAB43F198B9D80
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Xdp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT14.tmp.exe=[%PROFILE_TEMP%]\DAT14.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LREC75DND7=[%WINDOWS%]\TEMP\c.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]E8WECRKKMV=[%WINDOWS%]\TEMP\b.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Irx.exe
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]Inspector=[%APPDATA%]\Protector-uhw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]plcoewnf=[%APPDATA%]\ttrpoxuxi\ppitedcshdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QNB2EB90WX=[%PROFILE_TEMP%]\Irx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KOO9RV9K4Z=[%PROFILE_TEMP%]\Ysr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]twfcyipq=[%LOCAL_APPDATA%]\rphabs\kyepsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Axh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UO8KTAT1GY=[%PROFILE_TEMP%]\Urw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mscj2=[%APPDATA%]\750015\mscj2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Rhv.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]73138022=[%COMMON_APPDATA%]\73138022\73138022.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LKGGOPABUH=[%WINDOWS%]\TEMP\Wmh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CY08W456F0=[%WINDOWS%]\TEMP\Wmh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]U36VRSFLG6=[%PROFILE_TEMP%]\Pfx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\bwduvs\rlymsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]1672178297=[%LOCAL_APPDATA%]\akp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]A9YA3MI1CF=[%PROFILE_TEMP%]\Tsg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ksndagci=[%PROFILE_TEMP%]\pmohiaerp\cjxjffhlajb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4231402159=[%LOCAL_APPDATA%]\qiq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Fmr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]enpfykhn=[%PROFILE_TEMP%]\wxnlkghvs\gprbjwssika.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]30656525=[%COMMON_APPDATA%]\30656525\30656525.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]77356937=[%COMMON_APPDATA%]\77356937\77356937.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Nns.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KYQ8ZBOAXR=[%PROFILE_TEMP%]\Nnr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mllsic70nb.exe="[%APPDATA%]\3EB962A1AC48FE07E11FC4F59FDA6D17\mllsic70nb.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]augokttu=[%LOCAL_APPDATA%]\jsqihnoap\hxlevdoshdw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HJRUDZ5DT2=[%WINDOWS%]\TEMP\Ej1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KOO9RV9K4Z=[%PROFILE_TEMP%]\Nnl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Win32load=[%APPDATA%]\c807.exe -lds
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Umj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hp32_nword=[%PROFILE%]\hp32_nword.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]arg70techsdk.exe=[%APPDATA%]\7CB2AE8AC11FE6A2476A85990AF29235\arg70techsdk.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=cru629.dat.
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]urptlipf=[%LOCAL_APPDATA%]\cylavs\jofhsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]brastk=[%SYSTEM%]\brastk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yeayel=[%PROFILE%]\yeayel.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ASH24SXZ9S=[%PROFILE_TEMP%]\Ssy.exe
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=238
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cellOBBtzP0c8234A=[%SYSTEM%]\AV Security 2012v121.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Ffr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OUU6KC5WPX=[%PROFILE_TEMP%]\Hhd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QNB2EB90WX=[%PROFILE_TEMP%]\Imx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mTTjjwIVrONtPub8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Afh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4276912764=[%LOCAL_APPDATA%]\tlt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Zpr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DD1APJEZAI=[%WINDOWS%]\Zqihye.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wow64main.exe=[%PROFILE_TEMP%]\wow64main.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xwgipdvn=[%LOCAL_APPDATA%]\bdriivhaw\ytivunutssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ouswlwsp=[%LOCAL_APPDATA%]\vojjittxd\yukgylxtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Fqd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Fqd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]5DR8ZAD8GX=[%PROFILE_TEMP%]\Mwm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Qhx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sfEL8gTZqYwIrO8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\kukcfp\uvtwsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MALWARE PROTECTION=[%COMMON_APPDATA%]\defender.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Adobe\plugs\KB17716254.exe
  • [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]MSS="[%COMMON_APPDATA%]\06f882f\MySecurityShield.exe" /s
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]p22ibFG5aQHdK7R=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Lf8gTZqhwkUrxP=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]w1uD2obF4msJdKf8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]T7PKEYSDPX=[%WINDOWS%]\TEMP\Gml.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cjmyqoui=[%PROFILE_TEMP%]\puwqiusfc\rxvcegysjmo.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]65911224=[%COMMON_APPDATA%]\65911224\65911224.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3738358613=[%LOCAL_APPDATA%]\eew.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]846133144=[%LOCAL_APPDATA%]\rsg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Usf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZagrebLand=[%PROFILE_TEMP%]\b.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]upd32.exe=[%PROFILE_TEMP%]\upd32.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OUU6KC5WPX=[%PROFILE_TEMP%]\Upz.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JDK5SWFMZY=[%PROFILE_TEMP%]\Lgl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DIY5DFZ5LO=[%WINDOWS%]\TEMP\Vl3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]T7PKEYSDPX=[%WINDOWS%]\TEMP\Vl2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OHCFC34QK3=[%WINDOWS%]\TEMP\Vl3.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]brcedano=[%PROFILE_TEMP%]\ngnofpwbe\tqgkxxnuerb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]U36VRSFLG6=[%PROFILE_TEMP%]\Lwh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NeoChronos=[%PROFILE_TEMP%]\c.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Fwp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Fwm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Lh2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Klx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HJRUDZ5DT2=[%PROFILE_TEMP%]\Ppn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]core700extrasetup.exe=[%APPDATA%]\CCCDD6A4E6D9305E93EFDA34E844278F\core700extrasetup.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lqcbuiwn=[%PROFILE_TEMP%]\xvyenpliq\aqnikdetsbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\An1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphcgjcj0e7bl=[%SYSTEM%]\lphcgjcj0e7bl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32="[%APPDATA%]\logon.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WmmGG5aaQJ6WKfR=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Cq0.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KOO9RV9K4Z=[%PROFILE_TEMP%]\Ovr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Ohd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tklmywrj=[%PROFILE_TEMP%]\esglunvos\wqpxwhgusbs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]msclr=[%COMMON_APPDATA%]\mswd\mswd.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QK9G0Z54EX=\QK9G0Z54EX.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W1WIWQ1NPG=[%WINDOWS%]\Yfezed .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]QK9G0Z54EX=\QK9G0Z54EX.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ellOONtxA0ucbFp=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Cw1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]odby=[%WINDOWS%]\odb.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CAAE3E63C10A22
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CAF1DE43DEC6AC
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEM%]\system32\winlog.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Gvf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Qk0.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R8388QA8U8=[%WINDOWS%]\TEMP\Fdl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Security Monitor 2012 Security=[%APPDATA%]\Security Monitor\securitymanager.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fa529f11-b221-4cbe-ad11-1ea191c82628_37="[%SYSTEM%]\rundll32.exe" "[%COMMON_APPDATA%]\fa529f11-b221-4cbe-ad11-1ea191c82628_37.avi", DllUnregisterServer
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\shellserviceobjectdelayload]systemcheck2=1329876553
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IkkUUVellOtzPyA8234A=[%SYSTEM%]\AV Security 2012v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dtejtbtb=[%LOCAL_APPDATA%]\ysyttxolm\kpwdssmtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Cognac=[%PROFILE_TEMP%]\c.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ColdWare=[%WINDOWS%]\msb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Rwk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CL2GFOKBC9=[%WINDOWS%]\Rzexib.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pmbtapxk=[%PROFILE_TEMP%]\quapnldgx\ynchepaaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%WINDOWS%]\TEMP\Psd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]17262290=[%PROFILE_TEMP%]\17262290.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ljpelxvh=[%PROFILE_TEMP%]\ouabxnvqk\qneooupxsik.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]likqisge=[%LOCAL_APPDATA%]\kdxjenmge\kdeymjntssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]0ESKOMO9JO=[%PROFILE_TEMP%]\Urh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]2EOETFM3W2=[%WINDOWS%]\Ukaqya.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3XQZ6EO4AP=[%WINDOWS%]\Utafaa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]asp70vdviss.exe=[%APPDATA%]\5E376F4A7E37BDA45E2DF737A0BC03FB\asp70vdviss.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]noyedgud=[%PROFILE_TEMP%]\kkkscidhk\wrafefayhsn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT933B.tmp.exe=[%PROFILE_TEMP%]\DAT933B.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT56DB.tmp.exe=[%PROFILE_TEMP%]\DAT56DB.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%PROFILE_TEMP%]\Szj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gohquuyw=[%LOCAL_APPDATA%]\suovlmhke\vhjajobtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gjqsypxn=[%LOCAL_APPDATA%]\sgqwlbsyi\urjxxgatssd.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pllIBrrzPyxp8jO=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FGIuQReAV6CNi6k=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hFW8Yl0vp7RwIc2=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]No5EqVz1nQ8YeNv=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pSKeuaTO3LViKC0=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]H8RZ9hTXwClBzNA=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kZZ9hTTXwClBzNA=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IQ6KfZZ9TXUeIzN=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BQ6KfZZ9TXUeIzN=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Q2o4msJE9wj=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]eGQ6KfZ9TXUeIz=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TvvDDo4ms=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XvvDDo4msJ=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]uQ8XlyS35dfqkzA=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]aG68hjlzASF568h=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YyuomQ8XlyS35df=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nz12psEZXCByuom=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]s2n45JEgZhwUzcv=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CSDasdqwlzADFH7=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sKf9Tjk0SiFp5Q=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NttxA00S2ibpn4a=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dCCCekkIVrzN=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XqqhhYXXwkVelBz=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]iJJ77dELLgRZq=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KWWWJJ7dEL8gZ=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jJJJ66dW8RhTj=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]VcSS22ibD=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vA00uuvS2ibFp=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]X2oonnF4pm=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]VNttxPP0u=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZCekkIBrz=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]i9YYXwwUVe=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KhhYYXwkUVelBtP=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NccSS2iibDpnGaQ=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ghhTTXwjjCelIr=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GamHH5sWWJ=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UHddWWK7fRL9TXj=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YzNyxxA1uvSob=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]eqhhYXXwkUe=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]akIVrzONtx0c2bp=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OBBttzPPNyc1uD2=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ffffELL8gTZqY=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]EYCekkIVrzONx=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]c00ycA1iiD2on4m=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GDD3ppnG4aQHsW7=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yddEEK88fR9hTwU=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yYXwwkkUVelBtPy=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mzOONNtxA0uc2iD=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LuvvD2oobF4mGs=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pHH66sWJ7fELgTq=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mhTTXqqjUCekBrO=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]APPPNyycA1uD2bF=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]RuuccS1i3on4aH=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WUCCeelIBrzPyx1=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nRRZZqhYYXkUVlB=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yzOONNtxA0uc2iD=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AoobbFF3pmGaQ6W=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]t55ssWJJ7dL8RZh=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IddWKK7fRL9g=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JFF44pmmH5QJdE8=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ifEEL88gTZqYCkU=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wmmmG55aQJdWKfR=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GJJ77dELLgRZhYw=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yjjYYCekkVrzOtA=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]bsQQJJ7dEK8gZ9Y=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WL88gTZqhYCkUrl=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sCCCekkIBrzNyA=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tlOOBtPPyA=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]RqjYYCeekIVzOt=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sKK88fRZ9hTXjU=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]konnF4pmH5s=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hvvSS2iibFpnGaH=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KyycS1iiv3on4H5=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jiibF3pnQ6W7L=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rUVeelIBtzNy=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UTXUCekIBzNA0vS=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HgTXqjYCkIztAc=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GH5ssQJ77EK8RZh=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tgTTZZqhYCwkVrO=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PrrzOONyxA0vSiF=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dzzPP0ycA1iD=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]F44aaQH66WK7fLg=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]n8ffRZZ9hTXwUCl=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YtzPP0ycc1iv2oF=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]O6ssKK7fEL=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hJ66ddEK8fZ9TXj=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XhhhYCwwkUrlOtP=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FeellIBrP=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FcS1iD3on4m5W7L8234A=[%SYSTEM%]\QRLLTqUCekByuSi.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Xyc1voFpHsJdK8234A=[%SYSTEM%]\drNx0c2b3.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]uWWKK7fRL9gTXjC8234A=[%SYSTEM%]\WSS22ibbF3pG5QH.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rcSS1ivD3on48234A=[%SYSTEM%]\ohYYCwkkUVlOBxP.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xtdttpqr=[%LOCAL_APPDATA%]\pujconilx\iinxngotssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lrjfaumw=[%LOCAL_APPDATA%]\fatcyirdw\kpxbqbwtssd.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]f4c555a1-a61b-4c24-83b5-e878913adba8_34="[%SYSTEM%]\rundll32.exe" "[%COMMON_APPDATA%]\f4c555a1-a61b-4c24-83b5-e878913adba8_34.avi", DllUnregisterServer
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]f4c555a1-a61b-4c24-83b5-e878913adba8_34="[%SYSTEM%]\rundll32.exe" "[%COMMON_APPDATA%]\f4c555a1-a61b-4c24-83b5-e878913adba8_34.avi", DllUnregisterServer
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JDK5SWFMZY=[%PROFILE_TEMP%]\Jwd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]U36VRSFLG6=[%PROFILE_TEMP%]\Sq1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]slpmcdja=[%LOCAL_APPDATA%]\pclmfaiqs\qddqhartssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cognac=[%PROFILE_TEMP%]\5.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Somefox=[%PROFILE_TEMP%]\video0.cfg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Zs1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]settdebugx.exe=[%PROFILE_TEMP%]\settdebugx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%WINDOWS%]\TEMP\Ntm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Ntl .exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Vkd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Vxh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W1WIWQ1NPG=[%WINDOWS%]\Vbirya.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Gwz.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]B7GGEY1ZRR=[%WINDOWS%]\TEMP\Okr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]5SK3BLHWHC=[%WINDOWS%]\TEMP\Okq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HJRUDZ5DT2=[%PROFILE_TEMP%]\Sbr.exe
  • [HKEY_CURRENT_USER\SOFTWARE]8636065b-fef0-4255-b14f-54639f7900a4=0
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Dvw.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]RF4pmG5sQ6E8R98234A=[%SYSTEM%]\ijUVelIBtPyAuDo.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]1012129311=[%LOCAL_APPDATA%]\cpx.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YQJJ6ddWK8fZ9=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DATC6E9.tmp.exe=[%PROFILE_TEMP%]\DATC6E9.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LosAlamos=rundll32.exe [%SYSTEM%]\sshnas.dll,AddConsoleAliasAW
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Pvx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WHMDNR9LKK=[%WINDOWS%]\Pxonaa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%PROFILE_TEMP%]\Ycw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FXWD6M2DFK=rundll32.exe [%SYSTEM%]\sshnas21.dll,GetHandle
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SQ4DY0FH7F=[%PROFILE_TEMP%]\Gwh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\rerpjt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JDK5SWFMZY=[%PROFILE_TEMP%]\Unl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Z4amH5LgqYwUlt0=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]xwkIVrlONx0c1b3=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GelIBtzPNc1v2b4=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gy1SFmad89qCBNA=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WBtxP0ycSiDoFaH=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]V5sQJ6dfR9IrPyA=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HnFsWJdELgZYwPy=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IvD2onF4pHsJ=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BnG4aQH6sK8234A=[%APPDATA%]\njUCkrzySGHWf9T\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mCCCekIIrzONx8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]EwkUVrlOBx8234A=[%APPDATA%]\jVrlONtxPuSiDoG\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PnF4amH5s7E8RqY8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Otyi3nmsdgqwV8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OS2ibD3pn4TjCIr8234A=[%APPDATA%]\QS2ibF3pn5Q6W7R\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]eH6WK7fEgZjwIrO8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphc7pej0e10l=[%SYSTEM%]\lphc7pej0e10l.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Qtl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]209K1I9HN8=[%WINDOWS%]\Qnolab.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%WINDOWS%]\TEMP\Js1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Qnv.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]80725123=[%COMMON_APPDATA%]\80725123\80725123.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEM%]\lowinplay.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%SYSTEM%]\lowinplay.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]J8RPLTROBQ=[%PROFILE_TEMP%]\c.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LosAlamos=rundll32.exe [%SYSTEM%]\sshnas.dll,AddAtomAW
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dskqxpay=[%PROFILE_TEMP%]\oseohqlie\lvkdnarlajb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Crk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rqebxmyn=[%PROFILE_TEMP%]\ermrapefx\fvbvbpmdlta.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]isWK7fEL9TqYwIr=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DucS2ibD3n4Q6W78234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]87325328=[%COMMON_APPDATA%]\87325328\87325328.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]aHH55sWJ7dELgRq=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]oVVrrlOBtxP0ySi8234A=[%APPDATA%]\u444ammH6sWJfE8\AV Protection 2011v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wCeellIBrzPyx8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cprnntdd=[%LOCAL_APPDATA%]\sabtprrdo\mwrqhmitssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%PROFILE_TEMP%]\Hlr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W1WIWQ1NPG=[%WINDOWS%]\Hmogya.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Rhj.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\yvsyfi\taocsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System tool=[%PROGRAM_FILES%]\yvsyfi\taocsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]3241274365=[%LOCAL_APPDATA%]\uvc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XMZH42I4GI=[%WINDOWS%]\Ysukab.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Yqf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]F5JMWNZTHI=[%PROFILE_TEMP%]\Kbb.exe
  • [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]brastk=brastk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wbeexqvl=[%PROFILE_TEMP%]\corhjivvr\lmyaaraaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ngrokvmj=[%LOCAL_APPDATA%]\ltxxdvtyn\xgqvtkftssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wxxfwroo=[%LOCAL_APPDATA%]\pfjadcfdq\xynhrvytssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KUGHGZXAKT=[%WINDOWS%]\TEMP\Lmk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Ogv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fjqkxvqq=[%LOCAL_APPDATA%]\rmsbmbuhg\sqlfacqtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]MSFox=[%PROFILE_TEMP%]\a.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mserv=[%APPDATA%]\seres.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]svchost=[%APPDATA%]\svcst.exe
  • [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls]pb=[%APPDATA%]\Live Security Suite\db\pb.dll
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YDZ1QVAGOJ=[%ANY_DRIVE%]\Temp\Vtk.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W6sW7fEL8TqYwUr="[%APPDATA%]\dwme.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UHsWJ7fELgZhCUr="[%APPDATA%]\dwme.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]s6dWK7fRLgXjCk="[%APPDATA%]\dwme.exe"
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WrzONyxA0v2b3n5="[%APPDATA%]\dwme.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]Y3pnG4aQHsKf98234A=[%APPDATA%]\dS2ibFpnGa6W7Lg\AV Protection 2011v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OkIBzONyxu2pGfT8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jbbbFF4pmG5s68234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KNycA1uvDo8234A=[%APPDATA%]\YA1ivD2on4m5Q7E\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]15208218=[%PROFILE_TEMP%]\15208218.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]D1T2EUR7FZ=[%PROFILE_TEMP%]\Ukw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W1WIWQ1NPG=[%WINDOWS%]\Yvuwya.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R4B1ZAOPF5=[%PROFILE_TEMP%]\Ys1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fEYVyD4QK9=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gQfXeO0bnH79CrA8234A=[%APPDATA%]\tcD4sLqUxSo5E\Cloud AV 2012v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8JE5UHC6FZ=[%PROFILE_TEMP%]\Isi.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZE18MW23GY=[%PROFILE_TEMP%]\Ism.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Isq.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Isp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WHMDNR9LKK=[%WINDOWS%]\Ivajua.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%WINDOWS%]\TEMP\Spd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tr700lqqcore.exe=[%APPDATA%]\A80E2C951AE261915B54DB40140F9911\tr700lqqcore.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Adr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R8388QA8U8=[%PROFILE_TEMP%]\Ndj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SNJQ66R8MU=[%PROFILE_TEMP%]\Tdv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZE18MW23GY=[%PROFILE_TEMP%]\Fk1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]foprubuu=[%PROFILE_TEMP%]\wpcihgnqm\tnfbihhtsbl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]vncgrurv=[%PROFILE_TEMP%]\rbtjheaos\tohlmfltsbl.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=[%PROGRAM_FILES%]\IMESHA~1\MediaBar\Datamngr\datamngr.dll [%PROGRAM_FILES%]\IMESHA~1\MediaBar\Datamngr\IEBHO.dll karna.dat
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]wek9emdhi9=[%WINDOWS%]\Xdyhea.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]NtWqIVLZEWZU=[%PROFILE_TEMP%]\Ndi.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fbbvdcso=[%LOCAL_APPDATA%]\ytjhus\xdlqsftav.exe
  • [HKEY_CURRENT_USER\software]1099ce4a-ff51-4a8d-ab3c-c74b9c06e46f=304
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]hL99ggTXqjYCkIr8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]M5T8QL3YW3=[%WINDOWS%]\TEMP\Rvd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Dtl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]byfapjgs="[%LOCAL_APPDATA%]\phddbj\htymsysguard.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]byfapjgs="[%LOCAL_APPDATA%]\phddbj\htymsysguard.exe"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]lphc1vej0e973=[%SYSTEM%]\lphc1vej0e973.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]nHHH6ssWJ7fE=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]D666d88fRZ9TXjU8234A=[%APPDATA%]\ZUVVeelIBtzPyc1\AV Protection 2011v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]jJJ66dWKK8RL9Tq8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qcAA11ivD2on4pH8234A=[%APPDATA%]\AXXwwkUUV\AV Protection 2011v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YFFF4ppmG5QJ6E88234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]1774817348=[%LOCAL_APPDATA%]\dou.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R4B1ZAOPF5=[%PROFILE_TEMP%]\Zg1.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]UJJJ7ddEK8gR9hX8234A=[%APPDATA%]\iXXwwkUUVelBt\AV Security 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kmHH66sWJ7fE8gZ8234A=[%SYSTEM%]\AV Security 2012v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LosAlamos=rundll32.exe [%SYSTEM%]\sshnas21.dll,AttachConsoleA
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XMZH42I4GI=[%WINDOWS%]\Ylasea.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Ykc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%WINDOWS%]\TEMP\Cl1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Kjg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]2484462760=[%LOCAL_APPDATA%]\wco.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]F5JMWNZTHI=[%PROFILE_TEMP%]\Qnf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Dlx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]sumnmcjc=[%PROFILE_TEMP%]\lftjadthk\xnsjvaqaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%PROFILE_TEMP%]\Ufh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]krprpfyv=[%PROFILE_TEMP%]\kinkpfswl\cywlwocaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Yth.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\Mm1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]XBV6RD5SZF=[%PROFILE_TEMP%]\Tvk.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]cpgtnqff=[%LOCAL_APPDATA%]\mfblkw\uqivsysguard.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]eokerorn=[%LOCAL_APPDATA%]\nxgdvl\ukywsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ZjUUCeelI=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]System32=[%APPDATA%]\csrss.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]PdddEKK8fRZhTwj=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LWJJ77fEL8gTqhC=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]pA11uvvD28234A=[%APPDATA%]\b888gRRZ9hY\AV Security 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]FqjjjYCwkIVr8234A=[%SYSTEM%]\AV Security 2012v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]IJKUK66HMN=[%PROFILE_TEMP%]\Qqh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]2694769232=[%LOCAL_APPDATA%]\eht.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yP0ycS1iv3n4m5W8234A=[%SYSTEM%]\AV Security 2012v121.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]23058321=[%COMMON_APPDATA%]\23058321\23058321.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]24595025=[%COMMON_APPDATA%]\24595025\24595025.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]29085428=[%COMMON_APPDATA%]\29085428\29085428.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]oIIIVrrlONtx0uS8234A=[%SYSTEM%]\uG44aaQH6sW7fLg.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]gfkjkoxh=[%LOCAL_APPDATA%]\wfrurx\stcdsysguard.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]OHCFC34QK3=[%PROFILE_TEMP%]\Yb1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4ECYTQ9SIC=[%PROFILE_TEMP%]\Qkb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\nyhqeu.exe
  • [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]AppInit_DLLs=karna.dat [%SYSTEM%]\guard32.dll
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]AntiVirus System 2011="[%APPDATA%]\AntiVirus System 2011\AntiVirus_System_2011.exe" /STARTUP
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YXE7DXCQ37=[%PROFILE_TEMP%]\Stu.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]20104310=[%COMMON_APPDATA%]\20104310\20104310.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CB94338DF07982
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]tvhckchx=[%PROFILE_TEMP%]\llgwqmfaq\uukysalaffm.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]47324525=[%COMMON_APPDATA%]\47324525\47324525.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]95330828=[%COMMON_APPDATA%]\95330828\95330828.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]68241829=[%COMMON_APPDATA%]\68241829\68241829.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]12706521=[%COMMON_APPDATA%]\12706521\12706521.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]92451829=[%COMMON_APPDATA%]\92451829\92451829.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]64655531=[%COMMON_APPDATA%]\64655531\64655531.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]uG4amH6sW7E8TqY=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]l5aQH6dWKfLgXjC=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Hjg.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GnGG4amHHsWKf=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]q2iibbF3pmGaQ6d8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]2023901951=[%LOCAL_APPDATA%]\btt.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]D88ggTZZqjYwkVr=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]97271026=[%COMMON_APPDATA%]\97271026\97271026.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Dwz.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Ngl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R8388QA8U8=[%WINDOWS%]\TEMP\Eh7.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]5GUTNY6MFK=[%WINDOWS%]\TEMP\Eib.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]iKK88fRL9hTXj=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CCCeekIBBzPNyA=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yxPP00ucS1ib3Gm=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]y3oonG4am6sW7E=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]SfTXIBzyxAuvo=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]muvvS2obFpmGaJd8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]c3e3e6b6-0de7-403a-b64b-122040b9b2d6=rundll32.exe "[%COMMON_APPDATA%]\c3e3e6b6-0de7-403a-b64b-122040b9b2d6.dat", vgfauphxk
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]oQQQJ66dEK8fZ98234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dPNyxA1uv=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]dlOBtxP0ySiDoFa=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ciorrxbh=[%LOCAL_APPDATA%]\coiiexwso\upsepmauqiw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%WINDOWS%]\TEMP\Wfl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KUGHGZXAKT=[%WINDOWS%]\TEMP\Wfn.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Wfl.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]kwptxvep=[%LOCAL_APPDATA%]\fcmhrwvpi\qphcuvwtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]fyoxddkq=[%LOCAL_APPDATA%]\mcjqwnxqj\oproaxetssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]flsgqnho=[%LOCAL_APPDATA%]\llouvgghw\ouriqybtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ujftngeq=[%LOCAL_APPDATA%]\gxgvverfd\ovusuxetssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]TOY5KNQ8OC=[%PROFILE_TEMP%]\1\Dbj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]EBUNWVLUMV=[%PROFILE_TEMP%]\Cbx.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DAT5FEB.tmp.exe=[%PROFILE_TEMP%]\DAT5FEB.tmp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Azh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]W5E7SH31DG=[%WINDOWS%]\TEMP\Uhd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GAGEZ8R8ZB=[%WINDOWS%]\TEMP\Uhc.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]qklhxsdt=[%LOCAL_APPDATA%]\lvmovq\ltkvsftav.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R8388QA8U8=[%PROFILE_TEMP%]\Kxh.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1C962BA74F16AEC
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]JP595IR86O=[%PROFILE_TEMP%]\Ifr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4157428741=[%LOCAL_APPDATA%]\ydg.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]yxxxP00ucS1bDon=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]mscj2=[%APPDATA%]\744511\mscj2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]wgsvsfgq=[%LOCAL_APPDATA%]\luxcaqgvs\evgbjqbtssd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]163472745=[%LOCAL_APPDATA%]\fhs.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]4069790557=[%LOCAL_APPDATA%]\kfl.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]ROBtxP0yc1b3n4Q8234A=[%SYSTEM%]\AV Security 2012v121.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1CB70E3E71F28
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]209K1I9HN8=[%WINDOWS%]\Rnujyb.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]822732922=[%LOCAL_APPDATA%]\ojj.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]2455340714=[%LOCAL_APPDATA%]\laf.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]A9YA3MI1CF=[%PROFILE_TEMP%]\Wrh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R4B1ZAOPF5=[%PROFILE_TEMP%]\Pbv.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]HBBBtzzPNyc1iD2=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]GhhYYCwkUVrlNtP8234A=[%SYSTEM%]\AV Protection 2011v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]757134825=[%LOCAL_APPDATA%]\svk.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Xbr.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KUGHGZXAKT=[%WINDOWS%]\TEMP\Qhd.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\jcbtaa.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer]idstrf=1-1C97F55F7F897E0
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]1056339026=[%LOCAL_APPDATA%]\stv.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%PROFILE_TEMP%]\Egp.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]999016310=[%LOCAL_APPDATA%]\rir.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]LREC75DND7=[%PROFILE_TEMP%]\c.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]E8WECRKKMV=[%WINDOWS%]\msa.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]BMIMZMHMFM=[%PROFILE_TEMP%]\g.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]YVIBBBHA8C=[%PROFILE_TEMP%]\Fgh.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]2512695740=[%LOCAL_APPDATA%]\gbu.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]829060443=[%LOCAL_APPDATA%]\mad.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]CE8SIIFGSU=[%WINDOWS%]\Temp\Lt2.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]VXEG3ZNNE5=[%WINDOWS%]\Temp\Lt6.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]R4B1ZAOPF5=[%WINDOWS%]\Temp\Lt1.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]DVYHI42JUG=[%WINDOWS%]\Temp\Lt0.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]q9gTZqjYC=[%APPDATA%]\dwme.exe
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]rG5aQJ6dW8R9TwU8234A=[%SYSTEM%]\Cloud AV 2012v121.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]Shell=[%APPDATA%]\Microsoft\kkxask.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]0977fe84-8606-4542-9ddb-12e21bce7f14_42=rundll32.exe "[%APPDATA%]\0977fe84-8606-4542-9ddb-12e21bce7f14_42.avi", start
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]drrzzONyx=[%APPDATA%]\dwme.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]8DDYX0ZBPZ=[%WINDOWS%]\TEMP\Dxy.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]KYQ8ZBOAXR=[%WINDOWS%]\TEMP\Dxw.exe
  • [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]WEK9EMDHI9=[%WINDOWS%]\Fxicaa.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]wek9emdhi9=[%WINDOWS%]\Fxicaa.exe
  • [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]yvibbbha8c=[%PROFILE_TEMP%]\Fgh.exe