Ransom:MSIL/Ryzerlo.A (Microsoft); GenericRXGT-RC!DB7A667FE198 (McAfee); HEUR:Trojan-Spy.MSIL.KeyLogger.gen (Kaspersky); Mal/Bladabi-S (Sophos)

 Plataforma:

Windows

 Classificao do risco total:
 Potencial de dano:
 infecção relatada:
Baixo
Medium
Alto
Crítico

  • Tipo de grayware:
    Ransomware

  • Destrutivo:
    Não

  • Criptografado:
     

  • In the Wild:
    Sim

  Visão geral


  Detalhes técnicos

Tipo de compactação: 301,056 bytes
Tipo de arquivo: EXE
Residente na memória: Sim
Data de recebimento das amostras iniciais: 05 novembro 2019

Installation

Schleust die folgenden Eigenkopien in das betroffene System ein:

  • F:\NViDiaDisplay.Container.exe

Fügt die folgenden Prozesse hinzu:

  • %User Temp%\svchosts.exe

(Hinweis: %User Temp% ist der Ordner 'Temp' des aktuellen Benutzers, normalerweise C:\Dokumente und Einstellungen\{Benutzername}\Lokale Einstellungen\Temp unter Windows 2000(32-bit), XP und Server 2003(32-bit) und C:\Users\{Benutzername}\AppData\Local\Temp unter Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) und 10(64-bit).)

Erstellt die folgenden Ordner:

  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1
  • %AppDataLocal%\Microsoft_Corporation
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj

Autostart-Technik

Fügt folgende Registrierungseinträge hinzu, um bei jedem Systemstart automatisch ausgeführt zu werden.

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
40f1abfeb160a5f5393e777877aaa6e4 = "{malware path and file name}.exe"

Einschleusungsroutine

Schleust die folgenden Dateien ein:

  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.newcfg
  • %User Temp%\svchosts.exe
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\user.config
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.newcfg
  • F:\wlines.zip.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.tmp
  • F:\mail_client.exe.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.newcfg
  • %AppDataLocal%\GDIPFONTCACHEV1.DAT
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.tmp

(Hinweis: %User Temp% ist der Ordner 'Temp' des aktuellen Benutzers, normalerweise C:\Dokumente und Einstellungen\{Benutzername}\Lokale Einstellungen\Temp unter Windows 2000(32-bit), XP und Server 2003(32-bit) und C:\Users\{Benutzername}\AppData\Local\Temp unter Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) und 10(64-bit).)

  Solução

Mecanismo de varredura mínima: 9.850

Step 1

Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.

Step 2

Im abgesicherten Modus neu starten

[ Saber mais ]

Step 3

Dateien erkennen und deaktivieren, die als Ransom_Ryzerlo.R002C0DI919 entdeckt wurden

[ Saber mais ]
  1. Für Windows 98 und ME Benutzer: Der Windows Task-Manager zeigt möglicherweise nicht alle aktiven Prozesse an. Verwenden Sie in diesem Fall einen Prozess-Viewer eines Drittanbieters, vorzugsweise Process Explorer, um die Malware-/Grayware-/Spyware-Datei zu beenden. Dieses Tool können Sie hier.
    2. herunterladen.
  2. Wenn die entdeckte Datei im Windows Task-Manager oder Process Explorer angezeigt wird, aber nicht gelöscht werden kann, starten Sie Ihren Computer im abgesicherten Modus neu. Klicken Sie auf diesen Link, um alle erforderlichen Schritte anzuzeigen.
  3. Wenn die entdeckte Datei nicht im Windows Task-Manager oder im Process Explorer angezeigt wird, fahren Sie mit den nächsten Schritten fort.

Step 4

Diesen Registrierungswert löschen

[ Saber mais ]

Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.

  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • 40f1abfeb160a5f5393e777877aaa6e4 = "{malware path and file name}.exe"

Step 5

Diese Dateien suchen und löschen

[ Saber mais ]
Möglicherweise sind einige Komponentendateien verborgen. Aktivieren Sie unbedingt das Kontrollkästchen Versteckte Elemente durchsuchen unter "Weitere erweiterte Optionen", um alle verborgenen Dateien und Ordner in den Suchergebnissen zu berücksichtigen.
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\begphhw1.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cvawit4n.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.newcfg
  • %User Temp%\svchosts.exe
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q0r_q0qz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s6rwpsqj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3jehf0c7.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jyma5vx2.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\792dkelm.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u570a8dk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nz6cqqd2.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uypimi3x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\remz6xeq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hwtusg2e.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pze1crjj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\4r_popfd.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qkn9xz45.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zh9vd2vw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\s1z1fb5o.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i37wwzbt.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\fxhgnzgk.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jcqd08jz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\uizcvsd0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\haqhg50g.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\luefvb9d.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ivb59qpj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\user.config
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\guqceam0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\yutkop6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q-q3dvnq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\_uhm7ucu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\8kirkab6.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\6mqlkgks.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\0jcsswq3.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\q44kyooy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\np2pgkhn.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\lsxscllz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\u5wvz4pi.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ubbwsp0b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ob7soixw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xn67vuna.newcfg
  • F:\wlines.zip.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\b1wjffrq.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ielj_kla.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vgccaqkp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ku2c_f1c.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\vjncypwb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nj5kjiwv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ueqnazbp.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6jofqiq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bghy7kjh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\khosfuvg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\izw6e6l6.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\kksaa5ws.tmp
  • F:\mail_client.exe.lnk
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\aqubkjdy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\xvkbjw_r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\gtbxiiuv.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\r5zghbhu.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dbxfrmde.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ewbejxka.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hvgj52km.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n2jhhh6x.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qm-hxhue.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\qn3vx57i.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\5-e_tfue.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\rnuclw26.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\neeepgyj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\frpjeqcz.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\bl8ng7h0.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ea6cmnjr.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n8jf7xth.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\nvla_sie.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\z6mxii05.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\ntevyuuu.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\blgppb_b.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i5l8cbzf.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\3spep7yy.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hftuuaqq.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\y6pzq2kh.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_yo1fbv.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zf1gnsqo.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\cuucm3vg.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\i0j-odki.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\spc5e41g.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zkg4uf1x.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\mprhlebm.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\jl-lymdb.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\hlhh4gn0.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\n_b1yc3m.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\v_jmxfte.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\zzxepzhw.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\-cj1n5mj.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\7ecydwit.newcfg
  • %AppDataLocal%\GDIPFONTCACHEV1.DAT
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\pbt3mc09.tmp
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\dxe_ih-r.newcfg
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1\swef_2jc.tmp

Step 6

Diese Ordner suchen und löschen

[ Saber mais ]
Aktivieren Sie unbedingt das Kontrollkästchen Versteckte Elemente durchsuchen unter Weitere erweiterte Optionen, um alle verborgenen Ordner in den Suchergebnissen zu berücksichtigen.
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj\10.0.17134.1
  • %AppDataLocal%\Microsoft_Corporation
  • %AppDataLocal%\Microsoft_Corporation\34f8302c2288f7ef2d54aed4f_Url_1erc2dx1twfjhzmoedmr2nza2uuvkasj

Step 7

Führen Sie den Neustart im normalen Modus durch, und durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt nach Dateien, die als Ransom_Ryzerlo.R002C0DI919 entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.

Step 8

Restore encrypted files from backup.


Participe da nossa pesquisa!