Usuwanie wirusów

Usuwanie VirusProtectPro
Kolejny BEZUŻYTECZNY !!! program następca znanych nam już takich programów jak SpyDawn,VirusBurst, SpywareQuake, SpyLocked  itd...zobaczcie że tak naprawdę to twórcy zmieniaj± tylko kolorki.
Oczywi¶cie dostaniecie "fake alerta" ale odpowiada za niego  Grupa Codecowa   nie program  ,  zobaczcie wynik  TESTÓW








W logu hijack można zobaczyć:



C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Security Tools\iesmn.exe
C:\Program Files\Security Tools\imsmain.exe
C:\Program Files\Security Tools\iesmin.exe
C:\Program Files\Security Tools\imsmn.exe
C:\Program Files\Image ActiveX Access\imsmain.exe
C:\Program Files\Image ActiveX Access\iesmn.exe
C:\Program Files\Image ActiveX Access\imsmn.exe
C:\Program Files\Image ActiveX Access\iesmin.exe
C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe
C:\Program Files\VirusProtectPro 3.4\VirusProtectPro 3.4.exe
C:\Program Files\VirusProtectPro 3.5\VirusProtectPro 3.5.exe
C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe
C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe

O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Security Tools\iesplg.dll
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Image ActiveX Access\iesplg.dll

O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Security Tools\iesbpl.dll


O4 - HKLM\..\Run: [VirusProtectPro 3.3] "C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe" /h
O4 - HKLM\..\Run: [VirusProtectPro 3.4] "C:\Program Files\VirusProtectPro 3.4\VirusProtectPro 3.4.exe" /h
O4 - HKLM\..\Run: [VirusProtectPro 3.5] "C:\Program Files\VirusProtectPro 3.5\VirusProtectPro 3.5.exe" /h
O4 - HKLM\..\Run: [VirusProtectPro 3.6] "C:\Program Files\VirusProtectPro 3.6\VirusProtectPro 3.6.exe" /h
O4 - HKLM\..\Run: [VirusProtectPro 3.7] "C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe" /h
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Image ActiveX Access\imsmain.exe
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Image ActiveX Access\iesmn.exe 


O21 - SSODL: fagging - {94524218-9af3-4643-9687-cbc2880e54da} - C:\WINDOWS\system32\nuqjici.dll
O21 - SSODL: amberoids - {4688f900-0d0c-4788-b297-59cc10e70ccc} - C:\WINDOWS\system32\zpeolvh.dll
O21 - SSODL: coronally - {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - C:\WINDOWS\system32\xnvaogd.dll
 O21 - SSODL: hieroglyphist - {fde1bd72-ca80-443f-9526-595337b73878} - C:\WINDOWS\system32\lapmvzf.dll
O21 - SSODL: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll
 O21 - SSODL: inscenation - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\surzzh.dll
 O21 - SSODL: firstlings - {9af8f31b-b778-4413-b8ed-ae63a62e1f7d} - C:\WINDOWS\System32\wfcof.dll
 O21 - SSODL: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - C:\WINDOWS\system32\onljweo.dll
 O21 - SSODL: cyk - {49f29a27-2451-4314-a480-8d2481ce6c81} - C:\WINDOWS\system32\yhjbbzf.dll
 O21 - SSODL: formicivora - {a1c16871-b797-4ec7-bbee-83852379c390} - C:\WINDOWS\system32\cefrjsh.dll
 O21 - SSODL: hydronephrosises - {5889f7b0-3277-4266-b4bd-1bf2d394aee6} - C:\WINDOWS\system32\wpchz.dll
 O21 - SSODL: dustuck - {4a9e875b-d032-45e4-8294-789fe3be5b19} - C:\WINDOWS\system32\vgibz.dll
O21 - SSODL: grazable - {fa55d551-9698-48ac-b639-9b00cf1a6ea0} - C:\WINDOWS\system32\psndz.dll
 O21 - SSODL: convalescently - {cea2e5cd-e849-427b-80f0-59298caef1c4} - C:\WINDOWS\system32\cqsfk.dll
O21 - SSODL: enlodgement - {aa6d4f53-4c8d-4549-84d2-02d584acc4e9} - C:\WINDOWS\system32\wzhtjqo.dll
 O21 - SSODL: hyams - {e4c46558-da01-4637-a85e-f1ccb1c7436a} - C:\WINDOWS\system32\lrnjnzf.dll
O21 - SSODL: adirondack - {547aaa89-7e6b-42b4-b112-a64955f86a2a} - C:\WINDOWS\system32\zpuwriz.dll
 O21 - SSODL: clamourers - {b8b3850e-a22e-43ab-a15e-63f6e47db7e6} - C:\WINDOWS\system32\tkrsw.dll
 O21 - SSODL: araca - {8068bf35-3711-4dce-a2f3-f008cecfe894} - C:\WINDOWS\system32\afzdbl.dll
O21 - SSODL: acanthology - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\bgwttyl.dll
O21 - SSODL: idealise - {eb86b46a-d6db-4478-8f5f-06cb2ebc1b35} - C:\WINDOWS\system32\dyrwls.dll
O21 - SSODL: enjoyment - {e71aba09-d81a-4876-baa3-df133c1dfc48} - C:\WINDOWS\system32\gtawclv.dll
 O21 - SSODL: criticalness - {bd2948f8-c949-464f-824a-6272608c739e} - C:\WINDOWS\system32\vjxwnn.dll
O21 - SSODL: hutlet - {c82e1789-207a-4b8a-806f-76b62dfac2a2} - C:\WINDOWS\system32\khtbpdl.dll
 O21 - SSODL: amateurishly - {1152a0e8-5be5-41cc-8312-556581690a61} - C:\WINDOWS\system32\cfqbw.dll
O21 - SSODL: aguilarite - {1c6fd4e6-49ce-4178-875b-df70eac260c5} - C:\WINDOWS\system32\fdpzgi.dll
 O21 - SSODL: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - C:\WINDOWS\system32\gusur.dll
 O21 - SSODL: atrichia - {4a9e875b-d032-45e4-8294-789fe3be5b19} - C:\WINDOWS\system32\fshqaln.dll
 O21 - SSODL: arouse - {c4da240e-7525-404a-b366-f50a422376d8} - C:\WINDOWS\system32\eigbbb.dll
O21 - SSODL: electroosmoses - {eb86b46a-d6db-4478-8f5f-06cb2ebc1b35} - C:\WINDOWS\system32\nexpegp.dll
 O21 - SSODL: clinker - ‹a4029063-4fe3-422c-ac72-12905c09642a› - C:\WINDOWS\system32\xtsyynm.dll
O21 - SSODL: heterostyly - {cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc} - C:\WINDOWS\system32\fqdqs.dll 
O21 - SSODL: counterclaim - {e758745e-b8aa-47ac-a652-6307ff5f3ebf} - C:\WINDOWS\system32\vpccw.dll
 O21 - SSODL: archiblast - {bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d} - C:\WINDOWS\system32\ryxrho.dll
 O21 - SSODL: bosken - {d1e5ca97-235e-4ff0-9b92-7543c9d61ff4} - C:\WINDOWS\system32\zkpssqa.dll
O21 - SSODL: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - C:\WINDOWS\system32\tmxxxh.dll
O21 - SSODL: falsism - {6e886df7-914d-48f0-86b3-a5cf24385361} - C:\WINDOWS\system32\fwrkqfl.dll
O21 - SSODL: dataria - {18a8f76b-804b-4981-b87c-460699971a4b} - C:\WINDOWS\system32\igzxwrl.dll
 O21 - SSODL: arachnodacty - {80ced3d6-ece9-48ba-8df8-2503d8d87c2b} - C:\WINDOWS\system32\ccyszwl.dll
O21 - SSODL: cakewalks - {6747456b-cea8-463d-ad2a-50d67ae73d30} - C:\WINDOWS\system32\fwjgtk.dll
 O21 - SSODL: anhydrase - {6625fc6c-731c-443a-b3f0-2c8c520a1766} - C:\WINDOWS\system32\mivmv.dll
 O21 - SSODL: amaretti - {2fdde73c-273e-4e55-84dc-455de06e4866} - C:\WINDOWS\System32\zdwii.dll
 O21 - SSODL: athermancies - {ced7d5f3-74cc-4c2f-8d60-62ebcdda0a22} - C:\WINDOWS\System32\tiqmcx.dll
O21 - SSODL: glauke - {cc824bb2-d4b3-41f1-bba0-f8240e4cc495} - C:\WINDOWS\System32\kvfvw.dll
 O21 - SSODL: astronomically - {fedff4ae-1302-4b8a-bda9-43b9f67b9749} - C:\WINDOWS\System32\guxmhcd.dll
 O21 - SSODL: biltongs - {fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c} - C:\WINDOWS\system32\fyhwfc.dll
 O21 - SSODL: aht - {46f5a8b0-0b73-48c5-9e40-3c443a43c161} - C:\WINDOWS\system32\muvdjo.dll
 O21 - SSODL: fraternalism - {2bb2b2d6-8b86-412e-acca-d656a8979b3e} - C:\Windows\system32\tqcwm.dll
 O21 - SSODL: barbican - {e0f691d7-01bf-4fed-926c-7368034a45e3} - C:\WINDOWS\system32\mvwqn.dll
O21 - SSODL: hyracina - {b36d60c8-e1ce-464e-b74c-8128a627ef56} - C:\WINDOWS\system32\vvihh.dll
 O21 - SSODL: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - C:\WINDOWS\system32\iklqcx.dll
 O21 - SSODL: biisk - {f39d0dee-b2f0-4591-9187-1cc39c1df98a} - C:\WINDOWS\system32\kzpkwj.dll
 O21 - SSODL: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - C:\WINDOWS\system32\ddomv.dll
 O21 - SSODL: disenfranchising - {e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8} - C:\WINDOWS\system32\osdjhjc.dll
 O21 - SSODL: apdu - {903902a8-0691-460e-8351-24df3d425e9c} - C:\WINDOWS\system32\gkymhk.dll

 O22 - SharedTaskScheduler: fagging - {94524218-9af3-4643-9687-cbc2880e54da} - C:\WINDOWS\system32\nuqjici.dll
O22 - SharedTaskScheduler: amberoids - {4688f900-0d0c-4788-b297-59cc10e70ccc} - C:\WINDOWS\system32\zpeolvh.dll
O22 - SharedTaskScheduler: coronally - {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - C:\WINDOWS\system32\xnvaogd.dll
O22 - SharedTaskScheduler: hieroglyphist - {fde1bd72-ca80-443f-9526-595337b73878} - C:\WINDOWS\system32\lapmvzf.dll
O22 - SharedTaskScheduler: biocomputing - {98ca7898-6029-41ab-8f67-ea4f5e1afc22} - C:\WINDOWS\system32\myqlejy.dll
O22 - SharedTaskScheduler: inscenation - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\surzzh.dll
O22 - SharedTaskScheduler: firstlings - {9af8f31b-b778-4413-b8ed-ae63a62e1f7d} - C:\WINDOWS\System32\wfcof.dll
O22 - SharedTaskScheduler: discommodiousness - {33b8d257-07f6-4c06-8605-94bc21728635} - C:\WINDOWS\system32\onljweo.dll
O22 - SharedTaskScheduler: cyk - {49f29a27-2451-4314-a480-8d2481ce6c81} - C:\WINDOWS\system32\yhjbbzf.dll
O22 - SharedTaskScheduler: formicivora - {a1c16871-b797-4ec7-bbee-83852379c390} - C:\WINDOWS\system32\cefrjsh.dll
O22 - SharedTaskScheduler: hydronephrosises - {5889f7b0-3277-4266-b4bd-1bf2d394aee6} - C:\WINDOWS\system32\wpchz.dll
O22 - SharedTaskScheduler: dustuck - {4a9e875b-d032-45e4-8294-789fe3be5b19} - C:\WINDOWS\system32\vgibz.dll
O22 - SharedTaskScheduler: grazable - {fa55d551-9698-48ac-b639-9b00cf1a6ea0} - C:\WINDOWS\system32\psndz.dll
O22 - SharedTaskScheduler: convalescently - {cea2e5cd-e849-427b-80f0-59298caef1c4} - C:\WINDOWS\system32\cqsfk.dll
O22 - SharedTaskScheduler: enlodgement - {aa6d4f53-4c8d-4549-84d2-02d584acc4e9} - C:\WINDOWS\system32\wzhtjqo.dll
O22 - SharedTaskScheduler: hyams - {e4c46558-da01-4637-a85e-f1ccb1c7436a} - C:\WINDOWS\system32\lrnjnzf.dll
O22 - SharedTaskScheduler: adirondack - {547aaa89-7e6b-42b4-b112-a64955f86a2a} - C:\WINDOWS\system32\zpuwriz.dll
O22 - SharedTaskScheduler: clamourers - {b8b3850e-a22e-43ab-a15e-63f6e47db7e6} - C:\WINDOWS\system32\tkrsw.dll
O22 - SharedTaskScheduler: araca - {8068bf35-3711-4dce-a2f3-f008cecfe894} - C:\WINDOWS\system32\afzdbl.dll
O22 - SharedTaskScheduler: acanthology - {cfda6372-043c-48d2-ba3c-7bfe1cf71854} - C:\WINDOWS\system32\bgwttyl.dll
O22 - SharedTaskScheduler: idealise - {eb86b46a-d6db-4478-8f5f-06cb2ebc1b35} - C:\WINDOWS\system32\dyrwls.dll
O22 - SharedTaskScheduler: enjoyment - {e71aba09-d81a-4876-baa3-df133c1dfc48} - C:\WINDOWS\system32\gtawclv.dll
O22 - SharedTaskScheduler: criticalness - {bd2948f8-c949-464f-824a-6272608c739e} - C:\WINDOWS\system32\vjxwnn.dll
O22 - SharedTaskScheduler: hutlet - {c82e1789-207a-4b8a-806f-76b62dfac2a2} - C:\WINDOWS\system32\khtbpdl.dll
O22 - SharedTaskScheduler: amateurishly - {1152a0e8-5be5-41cc-8312-556581690a61} - C:\WINDOWS\system32\cfqbw.dll
O22 - SharedTaskScheduler: aguilarite - {1c6fd4e6-49ce-4178-875b-df70eac260c5} - C:\WINDOWS\system32\fdpzgi.dll
 O22 - SharedTaskScheduler: exultet - {4f5f16ef-af9d-4fe6-8410-f0670b58979d} - C:\WINDOWS\system32\gusur.dll
 O22 - SharedTaskScheduler: atrichia - {4a9e875b-d032-45e4-8294-789fe3be5b19} - C:\WINDOWS\system32\fshqaln.dll
O22 - SharedTaskScheduler: hemprich - {af8bca8b-a9f1-471d-bdcd-caa14be2bdd9} - C:\WINDOWS\system32\ktrxe.dll
O22 - SharedTaskScheduler: arouse - {c4da240e-7525-404a-b366-f50a422376d8} - C:\WINDOWS\system32\eigbbb.dll
O22 - SharedTaskScheduler: electroosmoses - {eb86b46a-d6db-4478-8f5f-06cb2ebc1b35} - C:\WINDOWS\system32\nexpegp.dll
O22 - SharedTaskScheduler: clinker - ‹a4029063-4fe3-422c-ac72-12905c09642a› - C:\WINDOWS\system32\xtsyynm.dll
O22 - SharedTaskScheduler: heterostyly - {cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc} - C:\WINDOWS\system32\fqdqs.dll
O22 - SharedTaskScheduler: counterclaim - {e758745e-b8aa-47ac-a652-6307ff5f3ebf} - C:\WINDOWS\system32\vpccw.dll
O22 - SharedTaskScheduler: archiblast - {bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d} - C:\WINDOWS\system32\ryxrho.dll
O22 - SharedTaskScheduler: bosken - {d1e5ca97-235e-4ff0-9b92-7543c9d61ff4} - C:\WINDOWS\system32\zkpssqa.dll
O22 - SharedTaskScheduler: dizening - {70d17a5f-ef27-4295-90f5-20ad6f24834f} - C:\WINDOWS\system32\tmxxxh.dll
O22 - SharedTaskScheduler: falsism - {6e886df7-914d-48f0-86b3-a5cf24385361} - C:\WINDOWS\system32\fwrkqfl.dll
O22 - SharedTaskScheduler: dataria - {18a8f76b-804b-4981-b87c-460699971a4b} - C:\WINDOWS\system32\igzxwrl.dll
O22 - SharedTaskScheduler: arachnodacty - {80ced3d6-ece9-48ba-8df8-2503d8d87c2b} - C:\WINDOWS\system32\ccyszwl.dll
O22 - SharedTaskScheduler: cakewalks - {6747456b-cea8-463d-ad2a-50d67ae73d30} - C:\WINDOWS\system32\fwjgtk.dll
O22 - SharedTaskScheduler: anhydrase - {6625fc6c-731c-443a-b3f0-2c8c520a1766} - C:\WINDOWS\system32\mivmv.dll
O22 - SharedTaskScheduler: amaretti - {2fdde73c-273e-4e55-84dc-455de06e4866} - C:\WINDOWS\System32\zdwii.dll
O22 - SharedTaskScheduler: athermancies - {ced7d5f3-74cc-4c2f-8d60-62ebcdda0a22} - C:\WINDOWS\System32\tiqmcx.dll
O22 - SharedTaskScheduler: glauke - {cc824bb2-d4b3-41f1-bba0-f8240e4cc495} - C:\WINDOWS\System32\kvfvw.dll
O22 - SharedTaskScheduler: astronomically - {fedff4ae-1302-4b8a-bda9-43b9f67b9749} - C:\WINDOWS\System32\guxmhcd.dll
O22 - SharedTaskScheduler: biltongs - {fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c} - C:\WINDOWS\system32\fyhwfc.dll
O22 - SharedTaskScheduler: aht - {46f5a8b0-0b73-48c5-9e40-3c443a43c161} - C:\WINDOWS\system32\muvdjo.dll
O22 - SharedTaskScheduler: fraternalism - {2bb2b2d6-8b86-412e-acca-d656a8979b3e} - C:\WINDOWS\system32\tqcwm.dll
O22 - SharedTaskScheduler: barbican - {e0f691d7-01bf-4fed-926c-7368034a45e3} - C:\WINDOWS\system32\mvwqn.dll
O22 - SharedTaskScheduler: hyracina - {b36d60c8-e1ce-464e-b74c-8128a627ef56} - C:\WINDOWS\system32\vvihh.dll
O22 - SharedTaskScheduler: heterotroph - {de5ede53-9db0-422d-b32d-5c41c96d6f52} - C:\WINDOWS\system32\iklqcx.dll
O22 - SharedTaskScheduler: biisk - {f39d0dee-b2f0-4591-9187-1cc39c1df98a} - C:\WINDOWS\system32\kzpkwj.dll
O22 - SharedTaskScheduler: anthracosaurus - {9f5cb985-d4a4-49af-9185-133f956b5756} - C:\WINDOWS\system32\ddomv.dll
O22 - SharedTaskScheduler: disenfranchising - {e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8} - C:\WINDOWS\system32\osdjhjc.dll
O22 - SharedTaskScheduler: apdu - {903902a8-0691-460e-8351-24df3d425e9c} - C:\WINDOWS\system32\gkymhk.dll

W logu silenta zobaczyć można:


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"VirusProtectPro 3.3" = ""C:\Program Files\VirusProtectPro 3.3\VirusProtectPro 3.3.exe" /h" ["VirusProtectPro.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"user32.dll" = "C:\Program Files\Video ActiveX Access\iesmn.exe" [null data]
"rare" = "C:\Program Files\Video ActiveX Access\imsmain.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{94524218-9af3-4643-9687-cbc2880e54da}" = "fagging"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nuqjici.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>> "{9f5cb985-d4a4-49af-9185-133f956b5756}" = "anthracosaurus"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINNT\system32\ddomv.dll" [null data]

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}"
-> {HKLM...CLSID} = "Protection Bar"
\InProcServer32\(Default) = "C:\Program Files\Video ActiveX Access\iesbpl.dll" [null data]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}" = (no title provided)
-> {HKLM...CLSID} = "Protection Bar"
\InProcServer32\(Default) = "C:\Program Files\Video ActiveX Access\iesbpl.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}\(Default) = "Protection Bar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Video ActiveX Access\iesbpl.dll" [null data]


W logu smitfraudfix można zobaczyć:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{94524218-9af3-4643-9687-cbc2880e54da}"="fagging"

[HKEY_CLASSES_ROOT\CLSID\{94524218-9af3-4643-9687-cbc2880e54da}\InProcServer32]
@="C:\WINDOWS\system32\nuqjici.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{94524218-9af3-4643-9687-cbc2880e54da}\InProcServer32]
@="C:\WINDOWS\system32\nuqjici.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4688f900-0d0c-4788-b297-59cc10e70ccc}"="amberoids"

[HKEY_CLASSES_ROOT\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}\InProcServer32]
@="C:\WINDOWS\System32\zpeolvh.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}\InProcServer32]
@="C:\WINDOWS\System32\zpeolvh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]
@="C:\WINDOWS\system32\xnvaogd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] 
"{fde1bd72-ca80-443f-9526-595337b73878}"="hieroglyphist
 
[HKEY_CLASSES_ROOT\CLSID\{fde1bd72-ca80-443f-9526-595337b73878}\InProcServer32] 
@="C:\WINDOWS\system32\lapmvzf.dll
 
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fde1bd72-ca80-443f-9526-595337b73878}\InProcServer32] 
@="C:\WINDOWS\system32\lapmvzf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{98ca7898-6029-41ab-8f67-ea4f5e1afc22}"="biocomputing"

[HKEY_CLASSES_ROOT\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="C:\WINDOWS\system32\myqlejy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{98ca7898-6029-41ab-8f67-ea4f5e1afc22}\InProcServer32]
@="C:\WINDOWS\system32\myqlejy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="inscenation"

[HKEY_CLASSES_ROOT\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\surzzh.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\surzzh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9af8f31b-b778-4413-b8ed-ae63a62e1f7d}"="firstlings"

[HKEY_CLASSES_ROOT\CLSID\{9af8f31b-b778-4413-b8ed-ae63a62e1f7d}\InProcServer32]
@="C:\WINDOWS\system32\wfcof.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9af8f31b-b778-4413-b8ed-ae63a62e1f7d}\InProcServer32]
@="C:\WINDOWS\system32\wfcof.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{33b8d257-07f6-4c06-8605-94bc21728635}"="discommodiousness"

[HKEY_CLASSES_ROOT\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32]
@="C:\WINDOWS\system32\onljweo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{33b8d257-07f6-4c06-8605-94bc21728635}\InProcServer32]
@="C:\WINDOWS\system32\onljweo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{49f29a27-2451-4314-a480-8d2481ce6c81}"="cyk"

[HKEY_CLASSES_ROOT\CLSID\{49f29a27-2451-4314-a480-8d2481ce6c81}\InProcServer32]
@="C:\WINDOWS\System32\yhjbbzf.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{49f29a27-2451-4314-a480-8d2481ce6c81}\InProcServer32]
@="C:\WINDOWS\System32\yhjbbzf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a1c16871-b797-4ec7-bbee-83852379c390}"="formicivora"

[HKEY_CLASSES_ROOT\CLSID\{a1c16871-b797-4ec7-bbee-83852379c390}\InProcServer32]
@="C:\WINDOWS\system32\cefrjsh.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{a1c16871-b797-4ec7-bbee-83852379c390}\InProcServer32]
@="C:\WINDOWS\system32\cefrjsh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Share dTaskScheduler]
"{5889f7b0-3277-4266-b4bd-1bf2d394aee6}"="hydronephrosises"

[HKEY_CLASSES_ROOT\CLSID\{5889f7b0-3277-4266-b4bd-1bf2d394aee6}\InProcServer32]
@="C:\WINDOWS\system32\wpchz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5889f7b0-3277-4266-b4bd-1bf2d394aee6}\InProcServer32]
@="C:\WINDOWS\system32\wpchz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4a9e875b-d032-45e4-8294-789fe3be5b19}"="dustuck"

[HKEY_CLASSES_ROOT\CLSID\{4a9e875b-d032-45e4-8294-789fe3be5b19}\InProcServer32]
@="C:\WINDOWS\system32\vgibz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4a9e875b-d032-45e4-8294-789fe3be5b19}\InProcServer32]
@="C:\WINDOWS\system32\vgibz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa55d551-9698-48ac-b639-9b00cf1a6ea0}"="grazable"

[HKEY_CLASSES_ROOT\CLSID\{fa55d551-9698-48ac-b639-9b00cf1a6ea0}\InProcServer32]
@="C:\WINDOWS\system32\psndz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa55d551-9698-48ac-b639-9b00cf1a6ea0}\InProcServer32]
@="C:\WINDOWS\system32\psndz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cea2e5cd-e849-427b-80f0-59298caef1c4}"="convalescently"

[HKEY_CLASSES_ROOT\CLSID\{cea2e5cd-e849-427b-80f0-59298caef1c4}\InProcServer32]
@="C:\WINDOWS\system32\cqsfk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cea2e5cd-e849-427b-80f0-59298caef1c4}\InProcServer32]
@="C:\WINDOWS\system32\cqsfk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}"="enlodgement"

[HKEY_CLASSES_ROOT\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}\InProcServer32]
@="C:\WINDOWS\System32\wzhtjqo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aa6d4f53-4c8d-4549-84d2-02d584acc4e9}\InProcServer32]
@="C:\WINDOWS\System32\wzhtjqo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e4c46558-da01-4637-a85e-f1ccb1c7436a}"="hyams"

[HKEY_CLASSES_ROOT\CLSID\{e4c46558-da01-4637-a85e-f1ccb1c7436a}\InProcServer32]
@="C:\\WINDOWS\\system32\\lrnjnzf.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4c46558-da01-4637-a85e-f1ccb1c7436a}\InProcServer32]
@="C:\\WINDOWS\\system32\\lrnjnzf.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{547aaa89-7e6b-42b4-b112-a64955f86a2a}"="adirondack"

[HKEY_CLASSES_ROOT\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}\InProcServer32]
@="C:\WINDOWS\system32\zpuwriz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}\InProcServer32]
@="C:\WINDOWS\system32\zpuwriz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{b8b3850e-a22e-43ab-a15e-63f6e47db7e6}"="clamourers"

[HKEY_CLASSES_ROOT\CLSID\{b8b3850e-a22e-43ab-a15e-63f6e47db7e6}\InProcServer32]
@="C:\WINDOWS\system32\tkrsw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b8b3850 e-a22e-43ab-a15e-63f6e47db7e6}\InProcServer32]
@="C:\WINDOWS\system32\tkrsw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8068bf35-3711-4dce-a2f3-f008cecfe894}"="araca"

[HKEY_CLASSES_ROOT\CLSID\{8068bf35-3711-4dce-a2f3-f008cecfe894}\InProcServer32]
@="C:\WINDOWS\system32\afzdbl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8068bf35-3711-4dce-a2f3-f008cecfe894}\InProcServer32]
@="C:\WINDOWS\system32\afzdbl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cfda6372-043c-48d2-ba3c-7bfe1cf71854}"="acanthology"

[HKEY_CLASSES_ROOT\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\bgwttyl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cfda6372-043c-48d2-ba3c-7bfe1cf71854}\InProcServer32]
@="C:\WINDOWS\system32\bgwttyl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}"="idealise"

[HKEY_CLASSES_ROOT\CLSID\{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}\InProcServer32]
@="C:\WINDOWS\system32\dyrwls.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}\InProcServer32]
@="C:\WINDOWS\system32\dyrwls.dll"

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerSharedTaskScheduler]
"{c704547b-26c0-4222-a034-81653c07b494}"="eperdument"
 
[HKEY_CLASSES_ROOT\CLSID\{c704547b-26c0-4222-a034-81653c07b494}\InProcServer32]
@="C:\WINDOWS\\system32\ugofuq.dll"

[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c704547b-26c0-4222-a034-81653c07b494}InProcServer32]
@="C:\WINDOWS\\system32\ugofuq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e71aba09-d81a-4876-baa3-df133c1dfc48}"="enjoyment"

[HKEY_CLASSES_ROOT\CLSID\{e71aba09-d81a-4876-baa3-df133c1dfc48}\InProcServer32]
@="C:\WINDOWS\system32\gtawclv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e71aba09-d81a-4876-baa3-df133c1dfc48}\InProcServer32]
@="C:\WINDOWS\system32\gtawclv.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd2948f8-c949-464f-824a-6272608c739e}"="criticalness"
 
[HKEY_CLASSES_ROOT\CLSID\{bd2948f8-c949-464f-824a-6272608c739e}InProcServer32]
@="C:\WINDOWS\\system32\vjxwnn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{bd2948f8-c949-464f-824a-6272608c739e}InProcServer32]
@="C:\WINDOWS\\system32\vjxwnn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c82e1789-207a-4b8a-806f-76b62dfac2a2}"="hutlet"
 
[HKEY_CLASSES_ROOT\CLSID\{c82e1789-207a-4b8a-806f-76b62dfac2a2}\InProcServer32]
@="C:\WINDOWS\system32\khtbpdl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c82e1789-207a-4b8a-806f-76b62dfac2a2}\InProcServer32]
@="C:\WINDOWS\system32\khtbpdl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1152a0e8-5be5-41cc-8312-556581690a61}"="amateurishly"
 
[HKEY_CLASSES_ROOT\CLSID\{1152a0e8-5be5-41cc-8312-556581690a61}\InProcServer32]
@="C:\WINDOWS\system32\cfqbw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1152a0e8-5be5-41cc-8312-556581690a61}\InProcServer32]
@="C:\WINDOWS\system32\cfqbw.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1c6fd4e6-49ce-4178-875b-df70eac260c5}"="aguilarite "

[HKEY_CLASSES_ROOT\CLSID\{1c6fd4e6-49ce-4178-875b-df70eac260c5}\InProcServer32]
@="C:\WINDOWS\system32\fdpzgi.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1c6fd4e6-49ce-4178-875b-df70eac260c5}\InProcServer32]
@="C:\WINDOWS\system32\fdpzgi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4f5f16ef-af9d-4fe6-8410-f0670b58979d}"="exultet"
 
[HKEY_CLASSES_ROOT\CLSID\{4f5f16ef-af9d-4fe6-8410-f0670b58979d}\InProcServer32]
@="C:\WINDOWS\system32\gusur.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f5f16ef-af9d-4fe6-8410-f0670b58979d}\InProcServer32]
@="C:\WINDOWS\system32\gusur.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4a9e875b-d032-45e4-8294-789fe3be5b19}"="atrichia"

[HKEY_CLASSES_ROOT\CLSID\{4a9e875b-d032-45e4-8294-789fe3be5b19}\InProcServer32]
@="C:\WINDOWS\system32\fshqaln.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a9e875b-d032-45e4-8294-789fe3be5b19}\InProcServer32]
@="C:\WINDOWS\system32\fshqaln.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af8bca8b-a9f1-471d-bdcd-caa14be2bdd9}"="hemprich"

[HKEY_CLASSES_ROOT\CLSID\{af8bca8b-a9f1-471d-bdcd-caa14be2bdd9}\InProcServer32]
@="C:\WINDOWS\system32\ktrxe.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af8bca8b-a9f1-471d-bdcd-caa14be2bdd9}\InProcServer32]
@="C:\WINDOWS\system32\ktrxe.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{c4da240e-7525-404a-b366-f50a422376d8}"="arouse"

[HKEY_CLASSES_ROOT\CLSID\{c4da240e-7525-404a-b366-f50a422376d8}\InProcServer32]
@="C:\WINDOWS\system32\eigbbb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{c4da240e-7525-404a-b366-f50a422376d8}\InProcServer32]
@="C:\WINDOWS\system32\eigbbb.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}"="electroosmoses"

[HKEY_CLASSES_ROOT\CLSID\{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}\InProcServer32]
@="C:\WINDOWS\system32\nexpegp.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{eb86b46a-d6db-4478-8f5f-06cb2ebc1b35}\InProcServer32]
@="C:\WINDOWS\system32\nexpegp.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a4029063-4fe3-422c-ac72-12905c09642a}"="clinker"

[HKEY_CLASSES_ROOT\CLSID\{a4029063-4fe3-422c-ac72-12905c09642a}\InProcServer32]
@="C:\WINDOWS\system32\xtsyynm.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{a4029063-4fe3-422c-ac72-12905c09642a}\InProcServer32]
@="C:\WINDOWS\system32\xtsyynm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc}"="heterostyly"

[HKEY_CLASSES_ROOT\CLSID\{cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc}\InProcServer32]
@="C:\WINDOWS\System32\\fqdqs.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd0e4a1a-dbc2-48f7-9a6a-a41cac20bddc}\InProcServer32]
@="C:\WINDOWS\System32\fqdqs.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e758745e-b8aa-47ac-a652-6307ff5f3ebf}"="counterclaim"
 
[HKEY_CLASSES_ROOT\CLSID\{e758745e-b8aa-47ac-a652-6307ff5f3ebf}\InProcServer32]
@="C:\WINDOWS\system32\vpccw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e758745e-b8aa-47ac-a652-6307ff5f3ebf}\InProcServer32]
@="C:\WINDOWS\system32\vpccw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d}"="archiblast"
 
[HKEY_CLASSES_ROOT\CLSID\{bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d}\InProcServer32]
@="C:\WINDOWS\system32\ryxrho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd1299cd-b98a-4ee1-9ae3-d3cb3da41d0d}\InProcServer32]
@="C:\WINDOWS\system32\ryxrho.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d1e5ca97-235e-4ff0-9b92-7543c9d61ff4}"="bosken"
 
[HKEY_CLASSES_ROOT\CLSID\{d1e5ca97-235e-4ff0-9b92-7543c9d61ff4}\InProcServer32]
@="C:\WINDOWS\system32\zkpssqa.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d1e5ca97-235e-4ff0-9b92-7543c9d61ff4}\InProcServer32]
@="C:\WINDOWS\system32\zkpssqa.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{70d17a5f-ef27-4295-90f5-20ad6f24834f}"="dizening"
 
[HKEY_CLASSES_ROOT\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}\InProcServer32]
@="C:\WINDOWS\system32\tmxxxh.dll"
 
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{70d17a5f-ef27-4295-90f5-20ad6f24834f}\InProcServer32]
@="C:\WINDOWS\system32\tmxxxh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6e886df7-914d-48f0-86b3-a5cf24385361}"="falsism"

[HKEY_CLASSES_ROOT\CLSID\{6e886df7-914d-48f0-86b3-a5cf24385361}\InProcServer32]
@="C:\WINDOWS\system32\fwrkqfl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6e886df7-914d-48f0-86b3-a5cf24385361}\InProcServer32]
@="C:\WINDOWS\system32\fwrkqfl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{18a8f76b-804b-4981-b87c-460699971a4b}"="dataria"

[HKEY_CLASSES_ROOT\CLSID\{18a8f76b-804b-4981-b87c-460699971a4b}\InProcServer32]
@="C:\WINDOWS\system32\igzxwrl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{18a8f76b-804b-4981-b87c-460699971a4b}\InProcServer32]
@="C:\WINDOWS\system32\igzxwrl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}"="arachnodacty"

[HKEY_CLASSES_ROOT\CLSID\{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}\InProcServer32]
@="C:\WINDOWS\system32\ccyszwl.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80ced3d6-ece9-48ba-8df8-2503d8d87c2b}\InProcServer32]
@="C:\WINDOWS\system32\ccyszwl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6747456b-cea8-463d-ad2a-50d67ae73d30}"="cakewalks"
 
[HKEY_CLASSES_ROOT\CLSID\{6747456b-cea8-463d-ad2a-50d67ae73d30}\InProcServer32]
@="C:\WINDOWS\system32\fwjgtk.dll"
 
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6747456b-cea8-463d-ad2a-50d67ae73d30}\InProcServer32]
@="C:\WINDOWS\system32\fwjgtk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6625fc6c-731c-443a-b3f0-2c8c520a1766}"="anhydrase"

[HKEY_CLASSES_ROOT\CLSID\{6625fc6c-731c-443a-b3f0-2c8c520a1766}\InProcServer32]
@="C:\WINDOWS\system32\mivmv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6625fc6c-731c-443a-b3f0-2c8c520a1766}\InProcServer32]
@="C:\WINDOWS\system32\mivmv.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2fdde73c-273e-4e55-84dc-455de06e4866}"="amaretti"
 
[HKEY_CLASSES_ROOT\CLSID\{2fdde73c-273e-4e55-84dc-455de06e4866}\InProcServer32]
@="C:\WINDOWS\system32\zdwii.dll"
 
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2fdde73c-273e-4e55-84dc-455de06e4866}\InProcServer32]
@="C:\WINDOWS\system32\zdwii.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ced7d5f3-74cc-4c2f-8d60-62ebcdda0a22}"="athermancies"
 
[HKEY_CLASSES_ROOT\CLSID\{ced7d5f3-74cc-4c2f-8d60-62ebcdda0a22}\InProcServer32]
@="C:\WINDOWS\system32\tiqmcx.dll"
 
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ced7d5f3-74cc-4c2f-8d60-62ebcdda0a22}\InProcServer32]
@="C:\WINDOWS\system32\tiqmcx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{cc824bb2-d4b3-41f1-bba0-f8240e4cc495}"="glauke"

[HKEY_CLASSES_ROOT\CLSID\{cc824bb2-d4b3-41f1-bba0-f8240e4cc495}\InProcServer32]
@="C:\WINDOWS\system32\kvfvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{cc824bb 2-d4b3-41f1-bba0-f8240e4cc495}\InProcServer32]
@="C:\WINDOWS\system32\kvfvw.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fedff4ae-1302-4b8a-bda9-43b9f67b9749}"="astronomically"
 
[HKEY_CLASSES_ROOT\CLSID\{fedff4ae-1302-4b8a-bda9-43b9f67b9749}\InProcServer32]
@="C:\WINDOWS\system32\guxmhcd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fedff4ae-1302-4b8a-bda9-43b9f67b9749}\InProcServer32]
@="C:\WINDOWS\system32\guxmhcd.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c}"="biltongs"

[HKEY_CLASSES_ROOT\CLSID\{fc7cbb1b-2da6-4e7d-a1ea-bf6705dd0f8c}\InProcServer32]
@="C:\WINDOWS\system32\fyhwfc.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fc7cbb1 b-2da6-4e7d-a1ea-bf6705dd0f8c}\InProcServer32]
@="C:\WINDOWS\system32\fyhwfc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{46f5a8b0-0b73-48c5-9e40-3c443a43c161}"="aht"

[HKEY_CLASSES_ROOT\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{46f5a8b0-0b73-48c5-9e40-3c443a43c161}\InProcServer32]
@="C:\WINDOWS\system32\muvdjo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2bb2b2d6-8b86-412e-acca-d656a8979b3e}"="fraternalism"

[HKEY_CLASSES_ROOT\CLSID\{2bb2b2d6-8b86-412e-acca-d656a8979b3e}\InProcServer32]
@="C:\WINDOWS\system32\tqcwm.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2bb2b2d6-8b86-412e-acca-d656a8979b3e}\InProcServer32]
@="C:\WINDOWS\system32\tqcwm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e0f691d7-01bf-4fed-926c-7368034a45e3}"="barbican"

[HKEY_CLASSES_ROOT\CLSID\{e0f691d7-01bf-4fed-926c-7368034a45e3}\InProcServer32]
@="C:\WINDOWS\system32\mvwqn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e0f691d7-01bf-4fed-926c-7368034a45e3}\InProcServer32]
@="C:\WINDOWS\system32\mvwqn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b36d60c8-e1ce-464e-b74c-8128a627ef56}"="hyracina"

[HKEY_CLASSES_ROOT\CLSID\{b36d60c8-e1ce-464e-b74c-8128a627ef56}\InProcServer32]
@="C:\WINDOWS\system32\vvihh.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b36d60c8-e1ce-464e-b74c-8128a627ef56}\InProcServer32]
@="C:\WINDOWS\system32\vvihh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{de5ede53-9db0-422d-b32d-5c41c96d6f52}"="heterotroph"

[HKEY_CLASSES_ROOT\CLSID\{de5ede53-9db0-422d-b32d-5c41c96d6f52}\InProcServer32]
@="C:\WINDOWS\system32\iklqcx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{de5ede53-9db0-422d-b32d-5c41c96d6f52}\InProcServer32]
@="C:\WINDOWS\system32\iklqcx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f39d0dee-b2f0-4591-9187-1cc39c1df98a}"="biisk"

[HKEY_CLASSES_ROOT\CLSID\{f39d0dee-b2f0-4591-9187-1cc39c1df98a}\InProcServer32]
@="C:\Windows\system32\kzpkwj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f39d0dee-b2f0-4591-9187-1cc39c1df98a}\InProcServer32]
@="C:\Windows\system32\kzpkwj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9f5cb985-d4a4-49af-9185-133f956b5756}"="anthracosaurus"

[HKEY_CLASSES_ROOT\CLSID\{9f5cb985-d4a4-49af-9185-133f956b5756}\InProcServer32]
@="C:\WINNT\system32\ddomv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9f5cb985-d4a4-49af-9185-133f956b5756}\InProcServer32]
@="C:\WINNT\system32\ddomv.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8}"="disenfranchising"
 
[HKEY_CLASSES_ROOT\CLSID\{e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8}\InProcServer32]
@="C:\WINDOWS\system32\osdjhjc.dll"
 
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e2b8cea1-c8a7-48e2-b2fd-89ae5c608fb8}\InProcServer32]
@="C:\WINDOWS\system32\osdjhjc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{903902a8-0691-460e-8351-24df3d425e9c}"="apdu"

[HKEY_CLASSES_ROOT\CLSID\{903902a8-0691-460e-8351-24df3d425e9c}\InProcServer32]
@="C:\WINDOWS\system32\gkymhk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{903902a8-0691-460e-8351-24df3d425e9c}\InProcServer32]
@="C:\WINDOWS\system32\gkymhk.dll"


Plikami odpowiedzialnymi za "fake alert"  s± :

C:\Windows\System32\nuqjici.dll
C:\Windows\System32\zpeolvh.dll
C:\Windows\System32\xnvaogd.dll
C:\Windows\system32\lapmvzf.dll
C:\Windows\System32\myqlejy.dll
C:\Windows\System32\surzzh.dll
C:\Windows\System32\wfcof.dll
C:\Windows\System32\onljweo.dll
C:\Windows\System32\yhjbbzf.dll
C:\Windows\System32\cefrjsh.dll
C:\Windows\System32\wpchz.dll
C:\Windows\System32\vgibz.dll
C:\Windows\System32\psndz.dll
C:\Windows\System32\cqsfk.dll
C:\Windows\System32\wzhtjqo.dll
C:\Windows\System32\lrnjnzf.dll
C:\Windows\System32\zpuwriz.dll
C:\Windows\System32\tkrsw.dll
C:\Windows\System32\afzdbl.dll
C:\Windows\System32\bgwttyl.dll
C:\Windows\System32\dyrwls.dll
C:\Windows\System32\ugofuq.dll
C:\Windows\System32\gtawclv.dll
C:\Windows\System32\vjxwnn.dll
C:\Windows\System32\khtbpdl.dll
C:\Windows\System32\cfqbw.dll
C:\Windows\System32\fdpzgi.dll
C:\Windows\System32\gusur.dll
C:\Windows\System32\fshqaln.dll
C:\Windows\System32\ktrxe.dll
C:\Windows\System32\eigbbb.dll
C:\Windows\System32\nexpegp.dll
 C:\Windows\System32\xtsyynm.dll
C:\Windows\System32\fqdqs.dll
 C:\Windows\System32\vpccw.dll
C:\Windows\System32\ryxrho.dll
C:\Windows\System32\zkpssqa.dll
C:\Windows\System32\tmxxxh.dll
 C:\Windows\System32\fwrkqfl.dll
 C:\Windows\System32\igzxwrl.dll
 C:\Windows\System32\ccyszwl.dll
 C:\Windows\System32\fwjgtk.dll
 C:\Windows\System32\mivmv.dll
 C:\Windows\System32\zdwii.dll
C:\Windows\System32\tiqmcx.dll
 C:\Windows\System32\kvfvw.dll
 C:\Windows\System32\guxmhcd.dll
 C:\Windows\System32\fyhwfc.dll
 C:\Windows\System32\muvdjo.dll
 C:\Windows\System32\tqcwm.dll
 C:\Windows\System32\mvwqn.dll
 C:\Windows\System32\vvihh.dll
 C:\Windows\System32\iklqcx.dll
 C:\Windows\System32\kzpkwj.dll
 C:\Windows\System32\ddomv.dll
 C:\Windows\System32\osdjhjc.dll
 C:\Windows\System32\gkymhk.dll

Usuwanie:

W panelu sterowania >>dodaj/usuń programy : odinstalować VirusProtectPro
W trybie awaryjnym zastosować  narzędzie  Smitfraudfix., Roguefix Roguescanfix , RogueRemover
Zastosować skanery On Line np.Trend Micro, Panda