Virtumonde

From Wiki-Security, the free encyclopedia of computer security

Virtumonde Information
Type: Spyware
Analysis: Installs & gathers info from a PC without user permission.
Infection: By downloading freeware & shareware.
Symptoms: Changes PC settings, excessive popups & slow PC performance.
Detection Tool: >>> Download SpyHunter's Spyware Scanner <<<
Notice:






SpyHunter's spyware scanner is intended to quickly scan and identify spyware on your PC. If you wish to eliminate spyware from your PC and prevent future spyware attacks, we recommend you buy SpyHunter's spyware removal tool, which includes full technical support and a Spyware HelpDesk to tackle spyware that is uniquely affecting your PC.
IE Alert:


If you are using Internet Explorer and can not download SpyHunter, please use a different browser like Firefox or Chrome.

VirtuMonde, also known as Virtumundo, Vundo, and MS Juan is a Trojan Horse that has been infecting Windows-based computers since 2004. It was created by two people going by the names of "Hirishima" and "#[TTEH]Germany," apparently purely in order to do damage and cause chaos. VirtuMonde is still one of the most common Trojans causing infections, and over the years, it has become more and more dangerous and harder to remove. VirtuMonde has also branched out and turned into a sort of family of interrelated viruses, with varying degrees of severity and damage to the host system. VirtuMonde infections are almost exclusive to the United States, with only a very small percentage of cases occurring elsewhere.

VirtuMonde's Common Characteristics

The basic characteristics of VirtuMonde, common throughout its history and across its different versions, are its method of infection and its association with pop-up ads. VirtuMonde is downloaded without your knowledge, often by exploiting a weakness in your web browser or browser extensions. In particular, VirtuMonde targets Java, and it frequently infects outdated or older versions of Java. VirtuMonde can be hidden in almost any seemingly harmless download online, but plugins, codecs, and updates are common vectors because people typically download them without thinking twice. VirtuMonde is also known to spread through spam attachments, which may include an executable file but label it as something else, like a document or photo. Peer-to-peer file sharing networks can spread VirtuMonde, in disguise as an application.

The pop-ups that VirtuMonde causes can vary widely. In some cases, the pop-ups may be bogus warning messages that claim that a virus has been detected on the computer, and in order to remove it, the purchase of some rogue anti-virus software is recommended. VirtuMonde is known to promote WinAntiSpyware, SysProtect, and WinFixer in this way, along with countless other rogue anti-malware applications (which are ultimately scams). VirtuMonde can also cause constant pop-ups that are pornographic or advertise adult sites and services.

Other Possible Effects of VirtuMonde

The other symptoms of a VirtuMonde vary widely, and depend on which version of the Trojan is present. The symptoms might be relatively mild, and limited to irritating pop-ups that will not go away, or the symptoms can be extremely severe, involving serious damage to the operating system itself. Some symptoms are common in severe VirtuMonde infections, and these include the use of a rootkit in order to make VirtuMonde extremely hard to remove, disabling of Task Manager, msconfig, and the registry editor.

VirtuMonde is known to search for and delete Spybot Search & Destroy and Malwarebytes Antimalware, and it can disable certain functions in Norton Antivirus and then use Norton itself to download more malware instead of virus definition updates. VirtuMonde is widely reported to disable Windows Automatic Update and Windows Firewall, and to deny access to Google, Facebook, Gmail, Hotmail, and Myspace on the infected computer.

In the most severe cases, VirtuMonde can cause Explorer to crash and reboot in an infinite loop, or other crashes that can make the hard drive to cycle up and down indefinitely. Some attempts at removal of VirtuMonde can result in a Blue Screen of Death that cannot be bypassed or overcome, making a complete reinstall of Windows the only viable recovery option. VirtuMonde can delete the network connection icon in Network Places, and delete or modify a wide variety of other Windows settings, components and native applications. As VirtuMonde's programmers work to make it harder and harder to detect, let alone remove, it is getting more and more destructive.

What to Watch Out for and What to Do to Avoid VirtuMonde

An important thing to remember about VirtuMonde is that it does not advertise its presence. Although  VirtuMonde causes pop-ups and other symptoms that cannot be ignored, it never comes out and says that it is VirtuMonde. Furthermore, it is notoriously hard for anti-virus software to detect, and it is extremely unlikely that legitimate antivirus software will pick up on the presence of VirtuMonde in one of its new or highly-developed forms. This matters because there are several rogue security programs out there that will cause bogus pop-ups that warn that VirtuMonde has just been detected, and these pop-ups are an attempt to scare people into thinking they have to buy the fake software that claims to have found the threat. If you get a warning message that VirtuMonde has been detected, you need to look very carefully at what program claims to have found it, and make sure that the program is not a rogue. Chances are it is.

VirtuMonde is capable of being amazingly dangerous. In addition to using good anti-virus software, the best thing you can do in order to protect yourself is keep your operating system, browser, and plugins current and updated. When VirtuMonde infects your computer, all bets are off, so your focus has to be on prevention.

To check your computer for Virtumonde, download SpyHunter Spyware Detection Tool.

SpyHunter spyware detection tool is only a scanner meant to assist you in detecting Virtumonde and other threats. If you detect the presence of Virtumonde on your PC, you have the opportunity to purchase the SpyHunter removal tool to remove any traces of Virtumonde.

Contents

Detection of Virtumonde (Recommended)

Virtumonde is difficult to detect and remove. Virtumonde is not likely to be removed through a convenient "uninstall" feature. Virtumonde, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Virtumonde and other spyware, adware, trojans and viruses on your computer.

Run a Virtumonde scan/check to successfully detect all Virtumonde files with the SpyHunter Spyware Detection Tool. If you wish to remove Virtumonde, you can either purchase the SpyHunter spyware removal tool to remove Virtumonde or follow the Virtumonde manual removal method provided in the "Remedies and Prevention" section.

Method of Infection

There are many ways your computer could get infected with Virtumonde. Virtumonde can come bundled with shareware or other downloadable software.

Another method of distributing Virtumonde involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Virtumonde on your system. Virtumonde installs on your computer through a trojan and may infect your system without your knowledge or consent.

If you think you may already be infected with Virtumonde, use this SpyHunter Spyware dectection tool to detect Virtumonde and other common Spyware infections. After detection of Virtumonde, the next advised step is to remove Virtumonde with the purchase of the SpyHunter Spyware removal tool.

Symptoms

Virtumonde may attempt to change your computer's desktop, hijack your browser, monitor your Internet browsing activities, change system files, and can do this without your knowledge or permission. Therefore, it is strongly recommended to remove all traces of Virtumonde from your computer.

Remedies and Prevention

Virtumonde, as well as other Spyware, are constantly evolving and becoming more advanced to avoid detection. Virtumonde along with its variants can install in different locations and even when you try to uninstall it you find they reappear when you reboot your computer.

Install a good anti-spyware software

When there's a large number of traces of Spyware, for example Virtumonde, that have infected a computer, the only remedy may be to automatically run a Spyware scan from a good anti-spyware software designed to detect Virtumonde and other types of spyware.

Remove Virtumonde manually

Another method to remove Virtumonde is to manually delete Virtumonde files in your system. Detect and remove the following Virtumonde files:

Processes

  • windowsupd2.exe
  • winhost.exe
  • quicken.exe
  • editpad.exe
  • nwonknu.exe
  • rasrun.exe
  • psdrv.exe
  • svci.exe
  • unknown.exe
  • castlecops[1].exe
  • kopCFEWV.exe
  • nnx22011.exe
  • ces005dr.exe
  • Windows_XP_SP2_Professional_Edition_Corporate_serial_number.txt[2].exe
  • Nero_Burning_Rom_Ultra_Edition_6.6.0.6_serial_number.txt[1].exe
  • %SYSTEMROOT%\system32\iesvcmon.exe

DLLs

  • lspak.dll
  • rulesak.dll
  • cidrules.dll
  • hrj6051se.dll
  • jtr0079me.dll
  • pmnno.dll
  • geebc.dll
  • ssttr.dll
  • SbCIe02b.dll
  • pmnlk.dll
  • iifddby.dll
  • ddcbabx.dll
  • awtqqnl.dll
  • sstrs.dll
  • mllkk.dll
  • vtuspmn.dll
  • nnnmmlk.dll
  • cbxxywx.dll
  • opnnljj.dll
  • khfcdaw.dll
  • mljkkhf.dll
  • sstur.dll
  • tuvwuss.dll
  • ddcyx.dll
  • khfcdba.dll
  • ljjgedc.dll
  • rqrppon.dll
  • vtsts.dll
  • wvursqn.dll
  • xxyxwxv.dll
  • ssqqomk.dll
  • pmnnm.dll
  • ddcca.dll
  • vtsss.dll
  • urstr.dll
  • jkhhf.dll
  • mllmm.dll
  • rqron.dll
  • byxurqq.dll
  • rqrssro.dll
  • vtuts.dll
  • mljhghe.dll
  • sstqq.dll
  • jiinhuyb.dll
  • geeby.dll
  • awtqopm.dll
  • bndsrsqo.dll
  • mljjk.dll
  • awtttqr.dll
  • pmnlj.dll
  • hggdefc.dll
  • ssqqn.dll
  • ssqnolm.dll
  • gebyxuu.dll
  • tuvvsrp.dll
  • cbxussr.dll
  • khffefd.dll
  • efcdaab.dll
  • ddcaaxu.dll
  • tuvutus.dll
  • nnlmn.dll
  • hgggdbx.dll
  • opnnlmn.dll
  • awtqomn.dll
  • jkhfe.dll
  • byxvs.dll
  • xxyvspp.dll
  • byxxy.dll
  • mljgh.dll
  • ddaya.dll
  • ssqopqo.dll
  • iifcyab.dll
  • efcbbcc.dll
  • ssqpq.dll
  • opnlm.dll
  • urqollm.dll
  • ssqpono.dll
  • fccdbab.dll
  • nnlif.dll
  • ddcawvv.dll
  • pmnlmnk.dll
  • gebabcd.dll
  • vtutron.dll
  • iiffgfd.dll
  • mljiggd.dll
  • opnnopq.dll
  • yayxuus.dll
  • ddayy.dll
  • ddcabya.dll
  • mljgf.dll
  • mljighf.dll
  • ljjhgee.dll
  • opnkjjg.dll
  • opnlifg.dll
  • pmnnn.dll
  • winsrc.dll
  • wvwxv.dll
  • temlxopqgdk.dll
  • kadpbbdr.dll
  • %SYSTEMROOT%\system32\mlJYpQjg.dll
  • %SYSTEMROOT%\system32\mmwotqsl.dll
  • %SYSTEMROOT%\system32\bkcosq.dll
  • %SYSTEMROOT%\system32\tzbgbt.dll
  • %SYSTEMROOT%\system32\vsdfgdqx.dll
  • %SYSTEMROOT%\system32\zpsdjn.dll
  • %SYSTEMROOT%\system32\oaisli.dll
  • %SYSTEMROOT%\system32\ehowpify.dll
  • %SYSTEMROOT%\system32\ahjvks.dll
  • %SYSTEMROOT%\system32\bindnvej.dll
  • %SYSTEMROOT%\system32\jpzzqm.dll
  • %SYSTEMROOT%\system32\vtUkjKba.dll
  • %SYSTEMROOT%\system32\drczbq.dll
  • %SYSTEMROOT%\system32\prnwlk.dll
  • %SYSTEMROOT%\system32\ucqrjj.dll
  • %SYSTEMROOT%\system32\mgjdax.dll
  • %SYSTEMROOT%\system32\jihacv.dll
  • %SYSTEMROOT%\system32\ddcCtsqQ.dll
  • %SYSTEMROOT%\system32\efccddCU.dll
  • %SYSTEMROOT%\system32\ufrxqr.dll
  • %SYSTEMROOT%\system32\xxywWpqR.dll
  • %SYSTEMROOT%\system32\skibqpxt.dll
  • %SYSTEMROOT%\system32\jtrwal.dll
  • %SYSTEMROOT%\system32\edljqdbo.dll
  • %SYSTEMROOT%\system32\tfpdhn.dll
  • %SYSTEMROOT%\system32\iyfgdvyy.dll
  • %SYSTEMROOT%\system32\jhvwulaq.dll
  • %SYSTEMROOT%\system32\ttyiplei.dll
  • %SYSTEMROOT%\system32\jajepkfx.dll
  • %SYSTEMROOT%\System32\emgnzr.dll
  • %SYSTEMROOT%\system32\dsekqy.dll
  • %SYSTEMROOT%\System32\xxydwc.dll
  • %SYSTEMROOT%\System32\bcmlvh.dll
  • %SYSTEMROOT%\system32\exqwxcji.dll
  • %SYSTEMROOT%\system32\ysdbsq.dll
  • %SYSTEMROOT%\system32\pmnmnLEX.dll
  • %SYSTEMROOT%\system32\vrzbdi.dll
  • %SYSTEMROOT%\system32\zatvky.dll
  • %SYSTEMROOT%\system32\riuosl.dll
  • %SYSTEMROOT%\system32\grzquz.dll
  • %SYSTEMROOT%\system32\eauuah.dll, mppzqf.dll, lmvvgenc.dll
  • %SYSTEMROOT%\system32\axqnlt.dll
  • %SYSTEMROOT%\system32\tfvkod.dll
  • %SYSTEMROOT%\system32\jsfoig.dll
  • %SYSTEMROOT%\system32\scpxmz.dll
  • %SYSTEMROOT%\system32\vsiots.dll
  • %SYSTEMROOT%\system32\uituyc.dll
  • %SYSTEMROOT%\system32\erqfnx.dll
  • %SYSTEMROOT%\system32\xmmjlipj.dll
  • %SYSTEMROOT%\system32\gtkbbs.dll
  • %SYSTEMROOT%\system32\rcggbwks.dll
  • %SYSTEMROOT%\system32\qkqtodyv.dll
  • %SYSTEMROOT%\system32\knkkeu.dll
  • %SYSTEMROOT%\system32\vqivmg.dll
  • %SYSTEMROOT%\system32\aglydi.dll
  • %SYSTEMROOT%\system32\ferskkrw.dll
  • %SYSTEMROOT%\system32\dedyfg.dll
  • %SYSTEMROOT%\system32\sxvaedyd.dll
  • %SYSTEMROOT%\system32\mlJArpOh.dll
  • %SYSTEMROOT%\system32\mlJAsTll.dll
  • %SYSTEMROOT%\system32\nrlvkj.dll
  • %SYSTEMROOT%\system32\jfewhfce.dll
  • %SYSTEMROOT%\system32\efcDVnNG.dll
  • %SYSTEMROOT%\system32\nosemdos.dll
  • %SYSTEMROOT%\system32\pifgzo.dll
  • %SYSTEMROOT%\system32\ddcCSMdc.dll
  • %SYSTEMROOT%\system32\sdjomk.dll
  • %SYSTEMROOT%\system32\vbtqveed.dll
  • %SYSTEMROOT%\system32\qyyrxbhh.dll
  • %SYSTEMROOT%\system32\qkojjk.dll
  • %SYSTEMROOT%\system32\emwggtak.dll
  • %SYSTEMROOT%\system32\ngcsqxjk.dll
  • %SYSTEMROOT%\system32\oxodam.dll
  • %SYSTEMROOT%\system32\mwktggcj.dll
  • %SYSTEMROOT%\system32\rgkvne.dll
  • %SYSTEMROOT%\system32\ybhwxj.dll
  • %SYSTEMROOT%\system32\uxqpfk.dll
  • %SYSTEMROOT%\system32\zgwlue.dll
  • %SYSTEMROOT%\system32\frcdmhox.dll
  • %SYSTEMROOT%\system32\jpjehkmn.dll
  • %SYSTEMROOT%\system32\vhsttu.dll
  • %SYSTEMROOT%\system32\wnhvnxjb.dll
  • %SYSTEMROOT%\system32\tbrxbxbw.dll
  • %SYSTEMROOT%\system32\tqwtqs.dll
  • %SYSTEMROOT%\system32\nnnlkkhg.dll
  • %SYSTEMROOT%\system32\labkne.dll
  • %SYSTEMROOT%\system32\bqjdrh.dll
  • %SYSTEMROOT%\system32\awtsPJcA.dll
  • %SYSTEMROOT%\system32\yayxyvwx.dll
  • %SYSTEMROOT%\system32\pfqjbewx.dll
  • %SYSTEMROOT%\system32\fdswmgss.dll
  • %SYSTEMROOT%\system32\efcASmKd.dll
  • %SYSTEMROOT%\system32\vtUkhETm.dll
  • %SYSTEMROOT%\system32\wowoxx.dll
  • %SYSTEMROOT%\system32\vtUmNGwX.dll
  • %SYSTEMROOT%\system32\zntdkn.dll
  • %SYSTEMROOT%\system32\vtUmmNFw.dll
  • dsnltn.dll
  • %SYSTEMROOT%\system32\rqRJDwvU.dll
  • %SYSTEMROOT%\system32\dsnltn.dll
  • %SYSTEMROOT%\system32\pmnoMgEw.dll
  • %SYSTEMROOT%\system32\iifefeBt.dll
  • %SYSTEMROOT%\system32\mzqlig.dll
  • %SYSTEMROOT%\system32\rqRIbArq.dll
  • %SYSTEMROOT%\system32\tqabkkhc.dll
  • %SYSTEMROOT%\system32\cssifsik.dll
  • %SYSTEMROOT%\system32\jwijhtyf.dll
  • %SYSTEMROOT%\system32\ltyolghw.dll
  • %SYSTEMROOT%\system32\zwpmbd.dll
  • %SYSTEMROOT%\system32\qoMfdaWQ.dll
  • %SYSTEMROOT%\system32\khfcBQjk.dll
  • %SYSTEMROOT%\system32\ssqrSMee.dll
  • %SYSTEMROOT%\system32\aecggnuj.dll
  • %SYSTEMROOT%\system32\mojbopil.dll
  • %SYSTEMROOT%\System32\gcufkcko.dll
  • lemaba.dll
  • %SYSTEMROOT%\system32\cycsls.dll
  • %SYSTEMROOT%\system32\lemaba.dll
  • %SYSTEMROOT%\system32\efcBSMFY.dll
  • %SYSTEMROOT%\system32\efcARkHA.dll
  • %SYSTEMROOT%\system32\ubhkrk.dll
  • %SYSTEMROOT%\system32\beuijety.dll
  • %SYSTEMROOT%\system32\jkkhifec.dll
  • %SYSTEMROOT%\system32\xxywVlLC.dll
  • %SYSTEMROOT%\system32\ssjaug.dll
  • %SYSTEMROOT%\system32\syadnduq.dll
  • %SYSTEMROOT%\system32\hoxxogah.dll
  • %SYSTEMROOT%\system32\pcdkykes.dll
  • %SYSTEMROOT%\system32\adrfzi.dll
  • %SYSTEMROOT%\system32\yvkydy.dll
  • %SYSTEMROOT%\system32\mroobnpg.dll
  • %SYSTEMROOT%\system32\uuayib.dll
  • %SYSTEMROOT%\system32\nedotfwb.dll
  • %SYSTEMROOT%\system32\diriedfk.dll
  • %SYSTEMROOT%\system32\ojxpmd.dll
  • %SYSTEMROOT%\system32\vakqbbpn.dll
  • %SYSTEMROOT%\system32\rkwoirys.dll
  • %SYSTEMROOT%\system32\ugptyq.dll
  • %SYSTEMROOT%\system32\mudapy.dll
  • %SYSTEMROOT%\system32\xxyaxvUN.dll
  • %SYSTEMROOT%\system32\kmsdglpm.dll
  • %SYSTEMROOT%\system32\frljnq.dll
  • %SYSTEMROOT%\system32\tqywtr.dll
  • %SYSTEMROOT%\system32\pbiduh.dll
  • %SYSTEMROOT%\system32\trsjpbyp.dll
  • %SYSTEMROOT%\system32\jitgrwvq.dll
  • %SYSTEMROOT%\system32\awtqoMfc.dll
  • vumer.dll
  • cmutils.dll

Other Files

  • 2chkdsk
  • gf1.0.0.2
  • cbgzgdqt
  • 904598c7
  • %SYSTEMROOT%\system32\c00488D9.mat
  • %SYSTEMROOT%\system32\__c00a2080.dat
  • %USERPROFILE%\locals~1\temp\__70.tmp

Registry Keys

  • HKEY_CLASSES_ROOT\atlevents.atlevents
  • 13589181-4f0d-4553-b9f8-b4b72172c139
  • HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\*winlogon
  • HKEY_CURRENT_USER\software\microsoft\windowsupd
  • HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\catw
  • HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\psdrv
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windowsupd
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\*catw
  • HKEY_LOCAL_MACHINE\software\targetsoft
  • D01C9902-73AF-47FF-B784-05FDB6604FCF
  • 1B34D3EC-4AC7-41EC-ACC8-C9A2C0CBA2E5
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnno
  • 68616403-4FFB-4B19-B360-0B0B1F55D5EC
  • 22B271AB-3D0A-4CCB-8AD9-DD08183C356A
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssttr
  • D714A94F-123A-45CC-8F03-040BCAF82AD6
  • Software\Microsoft\Internet Explorer\Explorer Bars\83B28A74-640D-48F4-9F51-E80EED7CC7E0
  • 83B28A74-640D-48F4-9F51-E80EED7CC7E0
  • 2FCAB754-0535-470E-8F80-BACB6CA1ACC1
  • Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
  • D38439EC-4A7F-42b4-90C2-D810D7778FDD
  • 6148028B-D532-4417-8C0B-5A4A0B745393
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\6148028B-D532-4417-8C0B-5A4A0B745393
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iifddby
  • A05DA7E0-383C-4E99-A72A-742050A152A2
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\A05DA7E0-383C-4E99-A72A-742050A152A2
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcbabx
  • B763C083-57E0-4993-B058-13008952DF68
  • C78658B2-CDE5-4FD1-B73B-B9FF478DBE54
  • 662BB3E3-204F-44FA-A827-143B8AB4B036
  • SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnno
  • SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssttr
  • 9CF8EE9B-0B2E-464A-9700-D7B46142BD99
  • B2030C9A-DE59-457D-A042-D827AD69C8F3
  • F00EFDF5-0042-4F5E-9F20-C688409CF918
  • F73AF695-229D-4549-B1A0-20DA99A81F19
  • 22E58089-6DB5-45D9-BF87-6C8975246D26
  • 3F82D203-999F-4FF4-9F07-5F9EBFCCE20F
  • 5A4A2D56-931A-4733-9121-033A2D95A274
  • 1FB63E52-4D6E-48C1-A08F-F630FE50F337
  • 01ABD624-98FE-4B37-81F2-4E5B41799B6B
  • 05029E1B-4C41-4681-8F7F-2AEC346136F4
  • 59B5C788-4D95-4610-B1ED-AD9DC7CD86E0
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\nnnmmlk
  • E4EEFFED-93CD-4CF0-A0F3-50D139121FEE
  • 8410970E-714C-4F14-AA6B-B3B2F3246827
  • 82412A22-FFED-4A67-B37D-4127EBA1BB02
  • 095514BB-363E-451D-9BAE-A054E51BD0B0
  • 34FB86FC-74AC-4AC4-BACE-D9E929C6F9E3
  • 41D495B7-9E31-4637-A0AC-5BB4C4F4E8C9
  • 27534EA2-AF0A-4405-9143-8837572099BC
  • 28DD5FA9-7526-4463-A548-BD2877B2710A
  • 57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\57D6708C-88E2-4CAB-9FA4-78BB8CA3A3C4
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khfcdaw
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljkkhf
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvwuss
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\sstur
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvursqn
  • 44218730-94E0-4b24-BBF0-C3D8B2BCE2C3
  • 855879EC-968C-4480-976B-870669F5F95A
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnnm
  • 1f9137dc-0b86-43e1-a596-8b2b49125124
  • 719C7140-463A-45CB-BA90-828B11FCF5A4
  • F9C57A10-3FFE-4E94-924E-264713738291
  • 5A04F1F7-C0A5-41A1-8C23-7A96894B9002
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\keycpl
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcca
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtsss
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvtut
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebbawt
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnlk
  • 35B868E9-614B-47BA-81F7-841B8B055247
  • F40114E6-51D4-4EE4-9F38-2E979AF84593
  • D6A00137-3F93-44D3-BBB8-A3BF01F57F0E
  • FA2C0BCD-918D-46C7-BD03-F96CAB3E164F
  • C3352FCD-CFE5-4F35-831A-19C68DDB7CF4
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urstr
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\jkhhf
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqron
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxurqq
  • 53D52C90-6F7B-49D9-8102-7E5CF7F5C14F
  • B7672BAF-E9A3-49B6-86B2-C81719A18A4C
  • 837B45D6-BF85-457D-AABF-6D2E7815F791
  • 45B20293-5C68-4271-B4FD-F43A4075A2E3
  • 89AD4D75-2429-462e-BD4E-443F233F6033
  • 538DBDB9-C3BC-4ADA-AAA1-E6A6B3DB1E15
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqopm
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccbccd
  • C4F4DBBD-4A4C-4B40-97DA-2FE06DBB2901
  • 4E35C785-B803-471E-AF03-74BDE42EA65A
  • 53ABEA8C-703F-4CC0-9EFB-97257CCB5E41
  • 6980D6C1-F025-4067-B8B8-F12029EA0CD2
  • 2AD3123A-16FF-404E-92E5-47128E40D281
  • CBD708EF-2ADC-47F4-BC1C-50E1A7AA4265
  • 1B2E9329-C933-4A5D-908C-9A8251D1B7C6
  • 9DC8B477-C55C-4373-953D-8913334A8D8B
  • A3DA48A6-8C7B-43CB-B31B-F28005EF8DFD
  • DA0053C8-1501-48C6-BD86-167AA3DEC119
  • 2D04C025-C1A3-4DC1-81D8-A10EFEAFA699
  • 90375CC7-C153-4D5C-B81D-C4011A3C16D3
  • B1F4D9B0-7300-408A-B70A-677CC7276EF6
  • 429E0606-5905-4CCD-998A-9D2C29DE6F33
  • 582C46EE-9E66-4DE0-92A5-34B971099C0C
  • 6730A59E-FBA3-4EEC-B564-5F05EF8EF39C
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\837B45D6-BF85-457D-AABF-6D2E7815F791
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtttqr
  • 3385764C-85FC-45CC-B290-E97646306BB2
  • 90624170-D668-409E-A2F5-C0710044760F
  • A93EE73A-8FEB-47CD-BDF1-E75A0B6BEF8C
  • 232D2677-68EE-4FA1-B988-279EBC8969ED
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\geebc
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggdefc
  • C408EC5B-CC5E-451D-B831-6DB83DA47244
  • 634BBAB7-3F60-4426-944F-A62B9007F67F
  • AB30E818-2B0F-4336-BB29-35D245598EDB
  • 01CD0B31-9154-45F2-9414-F5D64B74EAF6
  • 200D0AAD-71B1-51C9-DDB0-092BA4662A54
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqnolm
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebyxuu
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvvsrp
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxussr
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\khffefd
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcdaab
  • 2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B
  • A288996D-94BC-4C73-8CC7-A20F8A435A98
  • 46523B68-2656-4D4D-B415-20907B8E649A
  • F95B14B7-B316-49DA-972C-1225025AFB7A
  • AEBF6926-DBA6-4100-A838-1CED0169AB78
  • 9D88DD0F-5C78-417D-9E48-DDE4BCC53E9F
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrsss
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcaaxu
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmkjj
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\tuvutus
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hgggdbx
  • 6551122A-4DEB-4949-8ABF-72972775F028
  • 88741C23-A892-4B7E-8F89-4A69CB12DA67
  • F9491793-47BB-4F3C-9B1A-08A8E4F88D0D
  • 3FABB570-CFE9-43FB-82F4-F065466077B4
  • 326F7029-5B4F-4D02-8D77-F16322C282C1
  • A47BD9A5-EF81-4E2D-B5D8-A5AF7099683E
  • 817A8844-1AF6-4093-B74A-DD91676A179E
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtqomn
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdcdd
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\xxyvspp
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\byxxyay
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\qommlii
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxvusr
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlmjh
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqopqo
  • DB1F1927-3FFC-4313-82AD-6A75758E5D32
  • 6A30EED0-7D3E-40AC-946D-CF769A3ACDF5
  • 506602EA-3290-416C-84E7-B2B331D2DFA2
  • 81182B58-0DB8-4671-A345-BD9B20E6FC72
  • 6A061FA1-352D-4902-94FB-46BD37FD7FAF
  • 259B6215-70A2-4789-9978-64CD33632682
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\urqollm
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifcyab
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ssqpono
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\efcbbcc
  • 9DEC9A9D-E4F1-4081-A06E-76601F998EB4
  • CBFA0E8E-7489-4A16-8D6E-0D58BFFB6134
  • 47A21439-A069-4BC1-BB70-54C9ED60691F
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\fccdbab
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuspmn
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcawvv
  • 1A4318F1-865F-43A0-88A6-22666DDB6F47
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\rqolkll
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\pmnlmnk
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\vtutron
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\gebabcd
  • 5AAF23D8-4489-43D8-A064-319D1254ABCA
  • CA28FAC6-6381-4F89-9090-F399BBAFC26C
  • 415D402F-A6FC-4CA2-927B-2323BAAFB966
  • 49D63E18-33B1-46F2-82C2-39431FB94794
  • 98663E21-9CCE-4CF6-863C-911A9523A66F
  • 7F96901E-BEB4-4316-B165-5C4F2D6314CA
  • C3A84C81-8E37-4EAA-8E6C-C4FF35A67F96
  • D604A3C9-1BDF-48AA-8CB3-80C2752FB6C5
  • F7608A7B-DB2D-4CF1-8930-708A32896876
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnnopq
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\yayxuus
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\hggeeee
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljiggd
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiffgfd
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iifdaxu
  • 20EC205F-3300-4013-A537-69DDC176CF42
  • 7D7F29A5-8D07-44FE-89B6-A8F4DFFD03FB
  • 24C61C09-62C0-42ED-B640-53F7FEC9098A
  • 64C8EADA-5CDB-4A79-9213-F3F68E851D56
  • DB7BB42E-456D-4203-ADCF-C0B999112DA0
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcabya
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\wvuuutt
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\iiigefg
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\awtrqon
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mljighf
  • FA6E43E6-F825-4317-BBCC-EC8462D1F3A5
  • 7de1e3d1-c102-4dca-bd3d-43cbe8303ee5
  • BCB279E3-2BB4-4A4B-90C5-3CEBACC6B15C
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcawvu
  • E180F496-8A4B-44E2-9FE0-0364E345DB7F
  • D81BE140-D159-4732-BCE8-185C9210E38E
  • FFF29BE4-24AC-4E31-B99B-45238B764111
  • 571A01F0-FBF2-4411-A41B-BBB3CE6189E4
  • 037C7B8A-151A-49E6-BAED-CC05FCB50328
  • 5A7CFD83-8907-460B-88C5-8CBAD95F1CF1
  • 9543B1E1-5B66-4DFA-B579-0B392D0BB33C
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\cbxyvwu
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ddcbaxw
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\ljjhgee
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnkjjg
  • MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\opnlifg
  • 9FEA8F43-D4ED-458C-B727-B667025676A0
  • B0BCDD0D-1EC9-4EA4-A013-5642B9598271
  • A98D0065-7326-41B5-B8D9-C5B692CDB82F
  • F2A65CD2-0CDE-4E63-B8F3-16D90EF77603
  • 63AB48C9-01A8-495C-8194-A715DB8A37A2
  • 4C16CAB4-7053-2AD8-5166-2C00BAB3D8BE
  • 59FEDA57-3BE1-450E-B368-F93067B94C86
  • B82F29E4-8368-4B14-9C00-5138C0D94034
  • B5FAC233-228C-4106-BB63-3031B84E2AB9
  • 5550F659-4DE0-497D-B8A2-3E1AFB973784
  • 12C71A70-09ED-4515-A39C-99E973B8E9F7
  • 826A5ED9-1316-4EFD-87F8-AA400C5D551A
  • 3A0909EF-95E0-47B3-B117-FA03D9FDDBD1
  • AA8DFF57-1E4B-4A01-9681-AB25E1CF6532
  • 3BE9150C-E2ED-4294-8F70-4CCA872A7BB3
  • 90696A05-6C9A-488F-957D-4D4A3D5F61C2
  • 2FEAE5F7-1F4D-A231-30D1-04759E1C1FCB
  • 7FDF7614-0DF6-4A84-9041-2D873AB5C2C5
  • 24E9519B-3F70-429B-99BC-4B2B49B96F66
  • 965585E8-9537-45FE-952F-DDE5BE10AE52
  • ea3f2b22-4a94-4b29-8101-881882e0d8b9
  • f4ececf2-73d0-474e-06da-11f818303327
  • 6bffbb42-ac73-4d2f-8109-562f11353e93
  • 3DB7BCD6-5AB2-4224-9D5C-91596FDA31B9
  • 3CAB59B4-55A3-4737-9FD5-B93C6430BF75
  • 963db810-b29b-4595-aea0-649db6103abc
  • 0f70b574-9236-469c-bb21-9654dac1f67d
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfDtUno
  • 9F24CE12-437E-4413-BA41-0BF61D67EC80
  • 9B5D62CC-A31F-41E6-AB67-9D51D48B5C07
  • B1FFEAF8-F7C8-445D-98FE-9AD04897C6AE
  • a1e653d7-374b-4f3c-aa1d-fd259c751c11
  • 82B8E0B5-45F5-4779-966A-C474164F8F7F
  • 956677BE-F493-4F74-ACD6-E5A0E62904A5
  • 9D9294A6-8FB0-4206-AD93-5E9A9EF0B517
  • EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\EEC73EA5-1367-49D1-93F4-CA1D8C22E9F9
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtsRjhg
  • 684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
  • CB5A3EDC-08DA-48D4-BD49-AC53308B64DC
  • 8B522498-4803-4A8D-A297-46AE273C44A6
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\684BFE7F-F5B2-4AB3-A95E-EB5036A2D286
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcYpmkK
  • 59148BE8-B764-447A-9302-4AEB7187D3CB
  • D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
  • 9936EFFC-4A2C-4F1B-BB68-DEDC6916EE19
  • 03F408E7-0903-46E1-9284-EC56550C3597
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\D0DC2547-DF58-4CF2-8FA2-25DEE29426F6
  • 4846D90B-B1ED-402A-A718-91E88C6E2839
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnoPGXp
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrrsPH
  • a7ef6dba-8a53-4f52-bd9a-01a6a4e083c0
  • 60ABF6AC-BAE2-4400-8936-0593C3C9A8A8
  • 77e00874-1b7e-41c6-ba97-43e2463efada
  • 499E5F81-EBE0-4D08-818D-3E88B0A13542
  • 71A4297F-F337-45B4-9B5C-4D6EE32AC45B
  • fc796ded-5fa6-4a4b-8473-3636b0fe9d1b
  • cdfbb87c-0d5f-48b3-bf4a-2f5c3db9b0de
  • D7336D32-62F7-43B5-8B8C-3963C72CA498
  • 32E451A3-6C66-412C-8F6E-65778F016BC6
  • 804B913C-F0BD-4FC0-8D86-2A8DE2F682B2
  • 135B4804-7728-4137-B6D8-5CC590110C9D
  • F24F5951-B29D-49B0-9BB3-BE6818CA6940
  • 32D0CCCB-4D89-4510-BAF7-028BC11E60DB
  • EB338DB6-EC2C-456B-B5AD-ED97FB489684
  • 71e40ee5-71ae-4e0d-8324-949376d44774
  • 0c294220-1a9d-476a-a918-53f2da2571e4
  • 4CAFAF0C-C38F-43C1-8080-390E776254DE
  • 04e6699f-53a0-4c02-aefd-7bfff3835ea2
  • 84178bfa-b729-48a8-af52-836f668dc7e8
  • f06718dd-b23e-4c0f-bcd8-24bcdc5e2df4
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\135B4804-7728-4137-B6D8-5CC590110C9D
  • SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\dtseqrxk
  • E2F6A304-81C0-4A91-A2A2-DBB4505FAEDC
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUmjhIY
  • BB7EA5A7-A6AE-4575-96A3-098A577D4765
  • b72df2c1-1205-4f44-b188-8dda6f84e30b
  • 5850d2e6-6e49-4d0a-bb2e-a49e8fa2eee6
  • 4EF267EE-D1A4-4C92-85A9-B51B58A53BE4
  • 60EDCEE2-B6AF-4F2E-BB15-14F101364B47
  • 0955079E-3A5E-4FF7-A7C9-2A65CAAE1EF2
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\60EDCEE2-B6AF-4F2E-BB15-14F101364B47
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyywTMD
  • 7B0FCA45-023B-452A-B893-D007523A9ED8
  • 0b27b1d3-b168-4d26-a135-9f44ae91793f
  • 90a0468b-3120-48fc-8aa1-378d2a4228db
  • 4c23403e-346b-40b4-8fe8-b80516c8ada9
  • f6473971-cbf4-49ab-96a1-74b92d63f718
  • 0a7a4957-9298-4605-9872-24da8a514db6
  • 1764AF3F-400C-415E-9A92-67A7D55C2C71
  • 45e6b878-e844-4765-81dc-7bc1bc01b2b0
  • e43f6db8-d6dd-40b0-bfce-80a032475332
  • 90b7bdb9-8798-4b86-a3c7-c3ba8069b2eb
  • 71fd4dba-7b71-4919-b15a-2ca0f68cd384
  • 11ece6bb-8155-4e05-bacf-a452151107af
  • 4caf47ba-df5a-4ebf-b5f5-9965d8060939
  • ec8020d0-89dc-4531-9200-c9cefe301e90
  • 242fe30b-f264-49b8-9ac1-3095389fba03
  • 8a2fa032-bb09-4ef3-9ec0-bafb1412cb8e
  • 9E91EF7B-6846-45C3-A8AB-67CF7C900783
  • 35843B6D-FA05-42C7-BBF3-6343F011D444
  • AD72687B-CF83-4463-8E95-2CB3198CA5F6
  • A51F62AE-D855-44B8-BB71-352C69FBF257
  • A1C50067-D883-45F4-B991-D5FAAAA4CAB1
  • FFA0E487-277F-4C2D-A509-EE12E51D03EC
  • 7252d783-5e03-4621-b9dc-29c2e6da8086
  • f55bcd71-47e0-4c7b-81ae-53e197293088
  • 866d26cd-56b2-4a3f-84ba-825ea199099b
  • 29681927-b22c-4eea-b7c0-4a34fb62529e
  • 5FCD13AC-B899-4EF7-BD3E-C959EFBFB753
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\AD72687B-CF83-4463-8E95-2CB3198CA5F6
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\5FCD13AC-B899-4EF7-BD3E-C959EFBFB753
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fccbBRKD
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvUnNgGx
  • 2AABD0C3-1B64-4DE0-AE17-BBBE806197F2
  • e43f1b7c-71ac-4ecb-a398-36faf7513768
  • 87bbb91d-3535-44ff-b209-91b49ca8e1fa
  • e2dd9458-f71a-42cf-8706-a694f147e8a8
  • 9b2bb67d-12d6-49b8-a186-2eec081a548e
  • 7a03a593-de50-4edb-b682-a5d5e9d3d967
  • f9f2d698-4bb7-4b32-9059-e9b7bb328337
  • 4d58f285-10b4-48d5-a378-63102081359e
  • 5d89cb9c-f2a1-43a5-a6fd-bdbf3688747b
  • 55900762-469d-421f-9268-162d00bc2ab3
  • 4b58dd09-080f-4417-8dc4-2d19bbe49fc7
  • 75ABCF92-9764-4DFA-A83F-5142C3905052
  • 03b9c36c-139b-40df-a510-c3224aedf48f
  • 93350c7e-163b-4a3b-96e5-154b58d33d6a
  • 92f69757-bae4-4c71-9dae-3298ed7c11aa
  • 3f30d137-f50e-4b40-927e-b40ec125a068
  • 299B5FAC-2168-4A5D-A67D-AA4C8F8055DA
  • 237873d9-d1b9-42b6-987b-f086140b383e
  • 62D1390B-75E8-445C-A99D-3340E08FD4C5
  • 037E77C2-A153-4A29-8D9A-16A031629FFd
  • 49a5d05d-e4a9-4670-8c4d-4099031c1453
  • 11EDF9E4-A3CE-44B8-8DBB-64948F77B808
  • AFFCBA64-651F-43DD-97BC-684C179618A5
  • CB5DC5A5-F162-4B48-BBF6-3DDC62836285
  • 14315df3-d035-49e2-949b-ae8c2a23c739
  • 4cab59b4-55a3-4737-9fd5-b93c6430bf76
  • C31C05B4-0A01-4DC2-8E5E-0315459F508E
  • 519AD75B-6F4F-4E48-B7C9-3793CE64B509
  • ca00c181-714f-4d26-acb0-b0f33c6439e5
  • 7be88cbc-6d7b-4a98-857e-6c65523b813f
  • B0B3393C-62D1-44D8-ABF5-08E0F067F29E
  • A63E645F-13BD-45ED-B15F-6E8C1BD57279
  • 0524B01A-F7AF-4665-8BE1-BE460478A4FF
  • 3c7e20d1-e787-4e3b-8dac-a7687d1899ff
  • 505964f0-9ad9-41a7-9ffb-49c060d720ce
  • a6cefe49-8b87-471d-a1ce-495714b78b80
  • 01178AD0-E0BA-4624-A2A7-2FF828A80844
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\AFFCBA64-651F-43DD-97BC-684C179618A5
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnmKDtU
  • 7DDB071D-FE54-4B5C-B577-380F3DDFF000
  • E7683750-B89A-402F-8F22-EBF3DA3F70C2
  • 5102b002-845b-4545-8c80-fdf9cf4a910b
  • a2a4374d-86be-4a53-96aa-de8d5c353558
  • f92a2961-c48e-48f9-94c4-9b16f66b2e05
  • 1326b103-1a17-4dcd-a1e9-d7444462b3f5
  • f29ac8c0-9bf7-49f6-89a6-56f4a920a9ac
  • b299062f-1444-40af-b413-1b0b0d774129
  • 03ce200e-8abf-4048-a20e-fdec08f7c2b1
  • a42c261d-6894-412d-a472-326f7d6208d9
  • 2c09d555-e7ea-44d7-aa02-77fa0c8c5637
  • bef5aa5e-1743-4644-bc53-d9051958a72b
  • SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\E7683750-B89A-402F-8F22-EBF3DA3F70C2
  • Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\037C7B8A-151A-49E6-BAED-CC05FCB50328
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\efcCrRIy
  • 5248db72-612a-4475-b7c8-275de6aec6cb
  • b759fdbe-71e0-48b3-8d24-698371c66e6c
  • AF209DB6-29BB-4F8B-84E8-2056EA999610
  • fb55919c-72fa-4b2c-8e11-c563d0268004
  • d76ea4c0-5b1b-4ceb-b265-140e51c6b012
  • e8b78529-d710-4e8b-957e-897ecfda658d
  • 111479C2-D213-4ACA-899F-DDC6FE2A637B
  • 17E9C4F4-43D5-41FF-9BE8-8847AFC260C4
  • 87C4EC40-45E0-4795-8468-ED8F87056A59
  • 084677b7-fc41-4e07-9c41-08d2d3697b0c
  • ed43d6be-defb-4730-97c0-da140791547d
  • ec201117-1dbc-441f-9b43-539c0d451d2e
  • 178d586e-b3d6-4548-b34c-7c1ffbfcdca7
  • Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtusqQk
  • 472c09de-3502-414d-b39b-0afd6efa4bca
  • 965f4cc8-42a4-45e5-b0ed-8677fb675aa4
  • 9d0e88ac-5012-43a4-8f3d-cfc5d9ad685d
  • 38637efe-db1a-483c-a98c-b94df9c8c130
  • d8d0722e-445a-444e-a614-6dafb600d78b
  • 3f6cf36c-f0e1-45e8-83f3-6b47bd627cdd
  • 88e08cea-356c-47ac-9c50-d5c82f50da13
  • 0B014B81-4E12-46F9-806F-55867AF8FD3C
  • 2502BBD0-D73B-11DD-B4EC-CEBF56D89593
  • Microsoft\Windows\CurrentVersion\Ext\Stats\0B014B81-4E12-46F9-806F-55867AF8FD3C
  • b2c92af1-09fe-4ef9-a6c3-5be47f3e7ec4
  • A14F7F83-6C53-46E9-943B-67CDB7BC64F7
  • 5AF36D53-E172-430C-931E-4A4C73998713

External links

If you believe your computer is infected with spyware,
Wiki-Security highly recommends SpyHunter's spyware detection tool to detect the latest spyware threats.



Disclaimer Information
This website, its content or any portion of this website is NOT affiliated with, connected to, or sponsored by Virtumonde or its creators in any way. This website does not advocate the actions or behavior of Virtumonde and its creators. Our objective is to provide Internet users with the know-how to detect and remove Virtumonde and other Internet threats.

The readers of this article should not mistake, confuse or associate this article to be an advertisement or a promotion of Virtumonde in any way. The content provided on this website is intended for educational or informational purposes and is provided "AS IS" with no warranties, and confers no rights.
Views
Navigation