Usuwanie wirusów

Usuwanie SpyLocked & SpywareLocked

Kolejny BEZUŻYTECZNY !!! program następca znanych nam już takich programów jak SpyDawn,VirusBurst, SpywareQuake itd...zobaczcie że tak naprawdę to twórcy zmieniają tylko kolorki.
Oczywiście dostaniecie "fake alerta" ale odpowiada za niego  Grupa Codecowa   nie program  ,  zobaczcie wynik  TESTÓW




 

Tak to mniej więcej wygląda.

W logu z hijacka możecie zobaczyć takie wpisy :


O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Internet Security\isadd.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Internet Security\iesplugin.dll
O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll
O3 - Toolbar: Protection Bar - {F0993251-2512-4710-AF6E-0A13EA199D02} - C:\Program Files\Video AX Object\splug.dll
O2 - BHO: (no name) - {7A8F5B7A-A74F-495E-8A33-DF6226D2BAD8} - C:\Program Files\Video ActiveX Access\iesplg.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll

O4 - HKLM\..\Run: [Spylocked] C:\Program Files\SpyLocked\SpyLocked.exe /h
O4 - HKLM\..\Run: [SpyLocked] C:\Program Files\SpyLocked\
O4 - HKLM\..\Run: [SpywareLocked] C:\Program Files\SpywareLocked\SpywareLocked.exe /h
O4 - HKLM\..\Run: [SpywareLocked 3.3] "C:\Program Files\SpywareLocked 3.3\Spy-Locked.exe" /h
O4 - HKLM\..\Run: [SpywareLocked 3.4] "C:\Program Files\SpywareLocked 3.4\SpywareLock.exe" /h
O4 - HKLM\..\Run: [SpywareLocked 3.5] "C:\Program Files\SpywareLocked 3.5\SpywareLocked 3.5.exe" /h
O4 - HKLM\..\Run: [SpyLocked 3.6] "C:\Program Files\SpyLocked 3.6\SpyLocked 3.6.exe" /h
O4 - HKLM\..\Run: [SpyLocked 3.7] "C:\Program Files\SpyLocked 3.7\SpyLocked 3.7.exe" /h
O4 - HKLM\..\Run: [SpyLocked 3.9] "C:\Program Files\SpyLocked 3.9\SpyLocked 3.9.exe" /h
O4 - HKLM\..\Run: [SpyLocked 4.0] "C:\Program Files\SpyLocked 4.0\SpyLocked 4.0.exe" /h
O4 - HKLM\..\Run: [SpyLocked 4.1] "C:\Program Files\SpyLocked 4.1\SpyLocked 4.1.exe" /h
O4 - HKLM\..\Run: [SpyLocked 4.3] "C:\Program Files\SpyLocked 4.3\SpyLocked 4.3.exe" /h

O21 - SSODL: chitosan - {b292ec9f-a074-4115-8342-1f459702d8d2} - C:\WINDOWS\system32\onwtj.dll
O21 - SSODL: characterizing - {ceca6f2b-247b-4ece-9b7a-d0135c8036fc} - C:\WINDOWS\system32\fyxkaah.dll
O21 - SSODL: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - C:\WINDOWS\system32\tahxqcj.dll
O21 - SSODL: grithbreach - {07a582e8-bae3-457d-9d29-2048de45a369} - C:\WINDOWS\system32\qvjpt.dll
O21 - SSODL: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - C:\WINDOWS\system32\oyopu.dll
O21 - SSODL: haefner - {1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad} - C:\WINDOWS\system32\yronl.dll
 O21 - SSODL: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll
O21 - SSODL: excreted - {b0ded443-5e68-4001-a81b-0a0001621ab8} - C:\WINDOWS\system32\pkgvyg.dll
O21 - SSODL: frisbee - {abef791f-947e-4cdf-83c3-e72a240afb67} - C:\WINDOWS\system32\ygjun.dll
O21 - SSODL: calocarpum - {0e4e5110-a772-4c4a-a7dc-137fe10abd6e} - C:\WINDOWS\system32\czxtyx.dll
O21 - SSODL: ephemeran - {3baa1ad8-ee49-4772-bf0b-f55083e0f7aa} - C:\WINDOWS\system32\yuspej.dll
O21 - SSODL: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll
O21 - SSODL: bedstead - {b23dc537-3e13-44c7-bf67-d8405eb377f7} - C:\WINDOWS\system32\rcohty.dll
 O21 - SSODL: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - C:\WINDOWS\system32\dxovx.dll
 O21 - SSODL: huet - {f38b1b2b-4976-46dd-9fe5-60fde72f0b4d} - C:\WINDOWS\system32\lcsrsrv.dll
 O21 - SSODL: antiforeigner - {ede8bed5-92cf-4482-8f51-a01cd9b3ea37} - C:\WINDOWS\System32\egzcqg.dll
O21 - SSODL: admissibility - {da3b49f6-8c54-4429-a275-21a86dcca413} - C:\WINDOWS\System32\xuoce.dll
O21 - SSODL: heterandrous - {735e980d-45d2-4777-af82-9923d3c8d3ae} - C:\WINDOWS\System32\kgkdbsk.dll
 O21 - SSODL: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - C:\WINDOWS\System32\antzozc.dll
O21 - SSODL: floripondio - {6ad686b9-ab56-4ebc-a804-9f70b55b4577} - C:\WINDOWS\System32\uimcu.dll
 O21 - SSODL: inflexive - {0c5a0fff-9164-493b-93e0-17446374e0a0} - C:\WINDOWS\System32\dtjby.dll
O21 - SSODL: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\WINDOWS\System32\indwvm.dll
O21 - SSODL: infumate - {d7058baa-49a4-40b7-95c2-eec95cdf51f3} - C:\WINDOWS\System32\viuaoq.dll
O21 - SSODL: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\System32\eeuydc.dll
 O21 - SSODL: crowsteps - {e1d3b05d-4dd9-468d-982e-c342f05436e5} - C:\WINDOWS\System32\pkjcoxq.dll
 O21 - SSODL: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\dooep.dll
O21 - SSODL: bipinnatifid - {4688f900-0d0c-4788-b297-59cc10e70ccc} - C:\WINDOWS\system32\afkvvy.dll
 O21 - SSODL: hundi - {596e4935-4d3b-4a3c-842d-2efd1b3de598} - C:\WINDOWS\system32\pjgerka.dll
 O21 - SSODL: coenosarc - {68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3} - C:\WINDOWS\system32\rxqcpn.dll

 O22 - SharedTaskScheduler: chitosan - {ceca6f2b-247b-4ece-9b7a-d0135c8036fc} - C:\WINDOWS\System32\onwtj.dll
O22 - SharedTaskScheduler: characterizing - {b292ec9f-a074-4115-8342-1f459702d8d2} - C:\WINDOWS\System32\fyxkaah.dll
O22 - SharedTaskScheduler: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - C:\WINDOWS\system32\tahxqcj.dll
O22 - SharedTaskScheduler: grithbreach - {07a582e8-bae3-457d-9d29-2048de45a369} - C:\WINDOWS\System32\qvjpt.dll
 O22 - SharedTaskScheduler: homina - {df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4} - C:\WINDOWS\system32\oyopu.dll
 O22 - SharedTaskScheduler: haefner - {1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad} - C:\WINDOWS\system32\yronl.dll
 O22 - SharedTaskScheduler: curdler - {bd0fc212-0a36-4232-83cc-2063fb9282e0} - C:\WINDOWS\system32\qzviz.dll
 O22 - SharedTaskScheduler:excreted - {b0ded443-5e68-4001-a81b-0a0001621ab8} - C:\WINDOWS\system32\pkgvyg.dll
 O22 - SharedTaskScheduler: frisbee - {abef791f-947e-4cdf-83c3-e72a240afb67} - C:\WINDOWS\system32\ygjun.dll
 O22 - SharedTaskScheduler: calocarpum - {0e4e5110-a772-4c4a-a7dc-137fe10abd6e} - C:\WINDOWS\system32\czxtyx.dll
O22 - SharedTaskScheduler: ephemeran - {3baa1ad8-ee49-4772-bf0b-f55083e0f7aa} - C:\WINDOWS\system32\yuspej.dll
 O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll
 O22 - SharedTaskScheduler: bedstead - {b23dc537-3e13-44c7-bf67-d8405eb377f7} - C:\WINDOWS\system32\rcohty.dll
 O22 - SharedTaskScheduler: depreciable - {716002db-288c-4bf0-80cd-a467e78d8b55} - C:\WINDOWS\system32\dxovx.dll
 O22 - SharedTaskScheduler: huet - {f38b1b2b-4976-46dd-9fe5-60fde72f0b4d} - C:\WINDOWS\system32\lcsrsrv.dll
 O22 - SharedTaskScheduler: antiforeigner - {ede8bed5-92cf-4482-8f51-a01cd9b3ea37} - C:\WINDOWS\System32\egzcqg.dll
O22 - SharedTaskScheduler: admissibility - {da3b49f6-8c54-4429-a275-21a86dcca413} - C:\WINDOWS\System32\xuoce.dll
O22 - SharedTaskScheduler: heterandrous - {735e980d-45d2-4777-af82-9923d3c8d3ae} - C:\WINDOWS\System32\kgkdbsk.dll
 O22 - SharedTaskScheduler: deboner - {fa4fbf53-c766-4622-8011-a87a805eebf0} - C:\WINDOWS\System32\antzozc.dll
 O22 - SharedTaskScheduler: floripondio - {6ad686b9-ab56-4ebc-a804-9f70b55b4577} - C:\WINDOWS\System32\uimcu.dll
 O22 - SharedTaskScheduler: inflexive - {0c5a0fff-9164-493b-93e0-17446374e0a0} - C:\WINDOWS\System32\dtjby.dll
O22 - SharedTaskScheduler: equiparant - {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - C:\WINDOWS\System32\indwvm.dll
O22 - SharedTaskScheduler: infumate - {d7058baa-49a4-40b7-95c2-eec95cdf51f3} - C:\WINDOWS\System32\viuaoq.dll
 O22 - SharedTaskScheduler: auditioned - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\System32\eeuydc.dll
 O22 - SharedTaskScheduler: crowsteps - {e1d3b05d-4dd9-468d-982e-c342f05436e5} - C:\WINDOWS\System32\pkjcoxq.dll
O22 - SharedTaskScheduler: cankered - {44e670f2-d57b-4815-a576-955d17dbbf2d} - C:\WINDOWS\system32\dooep.dll
O22 - SharedTaskScheduler: bipinnatifid - {4688f900-0d0c-4788-b297-59cc10e70ccc} - C:\WINDOWS\system32\afkvvy.dll
 O22 - SharedTaskScheduler: hundi - {596e4935-4d3b-4a3c-842d-2efd1b3de598} - C:\WINDOWS\system32\pjgerka.dll
 O22 - SharedTaskScheduler: coenosarc - {68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3} - C:\WINDOWS\system32\rxqcpn.dll


W logu smitfraudfix zobaczycie coś takiego:

C:\WINDOWS\system32\fyxkaah.dll FOUND !
C:\Program Files\SpyLocked\ FOUND !
C:\Program Files\Internet Security\ FOUND !
C:\Program Files\SpyLocked 3.6\ FOUND !
C:\Program Files\strCodec\ FOUND !
C:\Program Files\Video Access ActiveX Object\ FOUND !
C:\Program Files\Video AX Object\ FOUND !
C:\Program Files\VideoKeyCodec\ FOUND !

 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b292ec9f-a074-4115-8342-1f459702d8d2}"="characterizing"

[HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}\InProcServer32]
@="C:\WINDOWS\system32\fyxkaah.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d6fac42-a7be-4702-87ef-75d8dc14249e}"="hemine"

[HKEY_CLASSES_ROOT\CLSID\{9d6fac42-a7be-4702-87ef-75d8dc14249e}\InProcServer32]
@="C:\WINDOWS\system32\tahxqcj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d6fac42-a7be-4702-87ef-75d8dc14249e}\InProcServer32]
@="C:\WINDOWS\system32\tahxqcj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}"="chitosan"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}\InProcServer32]
@="C:\\WINDOWS\\System32\\onwtj.dll"

[HKEY_CLASSES_ROOT\CLSID\{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}\InProcServer32]
@="C:\WINDOWS\system32\onwtj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{07a582e8-bae3-457d-9d29-2048de45a369}"="grithbreach"

[HKEY_CLASSES_ROOT\CLSID\{07a582e8-bae3-457d-9d29-2048de45a369}\InProcServer32]
@="C:\WINDOWS\System32\qvjpt.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{07a582e8-bae3-457d-9d29-2048de45a369}\InProcServer32]
@="C:\WINDOWS\System32\qvjpt.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}"="homina"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@="C:\\WINDOWS\\System32\\oyopu.dll"

[HKEY_CLASSES_ROOT\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}\InProcServer32]
@="C:\\WINDOWS\\System32\\oyopu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}"="haefner"  

[HKEY_CLASSES_ROOT\CLSID\{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}\InProcServer32]
@="C:\WINDOWS\System32\yronl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}\InProcServer32]
@="C:\WINDOWS\System32\yronl.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"="curdler"  

[HKEY_CLASSES_ROOT\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\system32\qzviz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}\InProcServer32]
@="C:\WINDOWS\system32\qzviz.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0ded443-5e68-4001-a81b-0a0001621ab8}"="excreted"  

[HKEY_CLASSES_ROOT\CLSID\{b0ded443-5e68-4001-a81b-0a0001621ab8}\InProcServer32]
@="C:\WINDOWS\system32\pkgvyg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0ded443-5e68-4001-a81b-0a0001621ab8}\InProcServer32]
@="C:\WINDOWS\system32\pkgvyg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{abef791f-947e-4cdf-83c3-e72a240afb67}"="frisbee"  

[HKEY_CLASSES_ROOT\CLSID\{abef791f-947e-4cdf-83c3-e72a240afb67}\InProcServer32]
@="C:\WINDOWS\system32\ygjun.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{abef791f-947e-4cdf-83c3-e72a240afb67}\InProcServer32]
@="C:\WINDOWS\system32\ygjun.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"="calocarpum"  

[HKEY_CLASSES_ROOT\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}\InProcServer32]
@="C:\WINDOWS\system32\czxtyx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}"="ephemeran"
  
[HKEY_CLASSES_ROOT\CLSID\{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}\InProcServer32]
 @="C:\WINDOWS\system32\yuspej.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}\InProcServer32]
@="C:\WINDOWS\system32\yuspej.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"
  
[HKEY_CLASSES_ROOT\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
 @="C:\WINDOWS\system32\ilmpjy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b23dc537-3e13-44c7-bf67-d8405eb377f7}"="bedstead"

[HKEY_CLASSES_ROOT\CLSID\{b23dc537-3e13-44c7-bf67-d8405eb377f7}\InProcServer32]
@="C:\WINDOWS\system32\rcohty.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b23dc537-3e13-44c7-bf67-d8405eb377f7}\InProcServer32]
@="C:\WINDOWS\system32\rcohty.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{716002db-288c-4bf0-80cd-a467e78d8b55}"="depreciable"

[HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="C:\WINDOWS\system32\dxovx.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}\InProcServer32]
@="C:\WINDOWS\system32\dxovx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}"="huet"

[HKEY_CLASSES_ROOT\CLSID\{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}\InProcServer32]
@="C:\WINDOWS\system32\lcsrsrv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}\InProcServer32]
@="C:\WINDOWS\system32\lcsrsrv.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}"="antiforeigner"

[HKEY_CLASSES_ROOT\CLSID\{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}\InProcServer32]
@="C:\WINDOWS\system32\egzcqg.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}\InProcServer32]
@="C:\WINDOWS\system32\egzcqg.dll"

 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{da3b49f6-8c54-4429-a275-21a86dcca413}"="admissibility"

[HKEY_CLASSES_ROOT\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32]
@="C:\WINDOWS\system32\xuoce.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}\InProcServer32]
@="C:\WINDOWS\system32\xuoce.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{735e980d-45d2-4777-af82-9923d3c8d3ae}"="heterandrous"

[HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32]
@="C:\WINDOWS\System32\kgkdbsk.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}\InProcServer32]
@="C:\WINDOWS\System32\kgkdbsk.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa4fbf53-c766-4622-8011-a87a805eebf0}"="deboner"

[HKEY_CLASSES_ROOT\CLSID\{fa4fbf53-c766-4622-8011-a87a805eebf0}\InProcServer32]
@="C:\WINDOWS\System32\antzozc.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa4fbf53-c766-4622-8011-a87a805eebf0}\InProcServer32]
@="C:\WINDOWS\System32\antzozc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{6ad686b9-ab56-4ebc-a804-9f70b55b4577}"="floripondio"

[HKEY_CLASSES_ROOT\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}\InProcServer32]
@="C:\WINDOWS\System32\uimcu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}\InProcServer32]
@="C:\WINDOWS\System32\uimcu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c5a0fff-9164-493b-93e0-17446374e0a0}"="inflexive"

[HKEY_CLASSES_ROOT\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}\InProcServer32]
@="C:\WINDOWS\System32\dtjby.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}\InProcServer32]
@="C:\WINDOWS\System32\dtjby.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"

[HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\Windows\System32\indwvm.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\Windows\System32\indwvm.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7058baa-49a4-40b7-95c2-eec95cdf51f3}"="infumate"

[HKEY_CLASSES_ROOT\CLSID\{d7058baa-49a4-40b7-95c2-eec95cdf51f3}\InProcServer32]
@="C:\Windows\System32\viuaoq.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7058baa-49a4-40b7-95c2-eec95cdf51f3}\InProcServer32]
@="C:\Windows\System32\viuaoq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="auditioned"

[HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@="C:\Windows\System32\eeuydc.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@="C:\Windows\System32\eeuydc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e1d3b05d-4dd9-468d-982e-c342f05436e5}"="crowsteps"

[HKEY_CLASSES_ROOT\CLSID\{e1d3b05d-4dd9-468d-982e-c342f05436e5}\InProcServer32]
@="C:\Windows\System32\pkjcoxq.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e1d3b05d-4dd9-468d-982e-c342f05436e5}\InProcServer32]
@="C:\Windows\System32\pkjcoxq.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"="cankered"

[HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@="C:\WINDOWS\system32\dooep.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}\InProcServer32]
@="C:\WINDOWS\system32\dooep.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4688f900-0d0c-4788-b297-59cc10e70ccc}"="bipinnatifid"

[HKEY_CLASSES_ROOT\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}\InProcServer32]
@="C:\WINDOWS\system32\afkvvy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}\InProcServer32]
@="C:\WINDOWS\system32\afkvvy.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{596e4935-4d3b-4a3c-842d-2efd1b3de598}"="hundi"

[HKEY_CLASSES_ROOT\CLSID\{596e4935-4d3b-4a3c-842d-2efd1b3de598}\InProcServer32]
@="C:\WINDOWS\system32\pjgerka.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{596e4935-4d3b-4a3c-842d-2efd1b3de598}\InProcServer32]
@="C:\WINDOWS\system32\pjgerka.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3}"="coenosarc"

[HKEY_CLASSES_ROOT\CLSID\{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3}\InProcServer32]
@="C:\WINDOWS\system32\rxqcpn.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3}\InProcServer32]
@="C:\WINDOWS\system32\rxqcpn.dll"
        


Plikami odpowiedzialnymi za "fake alert"  są :

C:\WINDOWS\System32\onwtj.dll
C:\WINDOWS\System32\fyxkaah.dll
C:\WINDOWS\system32\tahxqcj.dll
C:\WINDOWS\system32\qvjpt.dll
C:\WINDOWS\System32\oyopu.dll
C:\WINDOWS\System32\yronl.dll
C:\WINDOWS\System32\pkgvyg.dll
C:\WINDOWS\System32\qzviz.dll
C:\WINDOWS\System32\ygjun.dll
C:\WINDOWS\System32\czxtyx.dll
C:\WINDOWS\System32\yuspej.dll 
C:\WINDOWS\\System32\ilmpjy.dll
C:\WINDOWS\\System32\rcohty.dll
C:\WINDOWS\\System32\dxovx.dll
C:\WINDOWS\\System32\lcsrsrv.dll
C:\WINDOWS\System32\egzcqg.dll
C:\WINDOWS\System32\xuoce.dll
C:\WINDOWS\System32\kgkdbsk.dll
C:\WINDOWS\System32\antzozc.dll
C:\WINDOWS\System32\uimcu.dll
C:\WINDOWS\System32\dtjby.dll
C:\WINDOWS\System32\indwvm.dll
C:\WINDOWS\System32\viuaoq.dll
C:\WINDOWS\System32\eeuydc.dll
C:\WINDOWS\System32\pkjcoxq.dll
C:\WINDOWS\System32\afkvvy.dll
C:\WINDOWS\System32\dooep.dll
C:\WINDOWS\system32\pjgerka.dll
C:\WINDOWS\System32\rxqcpn.dll


ale napewno będą następne...

Usuwanie:

W panelu sterowania >>dodaj/usuń programy : odinstalować SpyLocked (SpywareLocked)

W trybie awaryjnym zastosować  narzędzie  Smitfraudfix., Roguefix Roguescanfix

Zastosować skanery On Line np.Trend Micro, Panda

Usuwanie "rączką" dla zaawansowanych "kilerów":

Zabić procesy:

SpyLocked.exe
SpywareLocked.exe
Spy-Locked.exe
SpywareLock.exe
SpyLocked 3.1.exe
SpywareLocked 3.2.exe
SpywareLocked 3.3.exe
SpywareLocked 3.4.exe
SpywareLocked 3.5.exe
SpyLocked 3.6.exe
SpyLocked 3.7.exe
SpyLocked 3.8.exe
SpyLocked 3.9.exe
SpyLocked 4.0.exe
SpyLocked 4.1.exe
SpyLocked 4.3.exe
avD.exe
codecaddon1169[1].exe
isamntr.exe
pmmnt.exe
pmsnrr.exe
bpmini.exe
bpmon.exe
iesmn.exe
imsmain.exe
iesmin.exe
imsmn.exe

 Wyrejestrować z systemu pliki DLL:

 bpvol.dll
splug.dll
isadd.dll
fyxkaah.dll
onwtj.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
qzviz.dll
pkgvyg.dll
ygjun.dll
czxtyx.dll
yuspej.dll
ilmpjy.dll
rcohty.dll
dxovx.dll
lcsrsrv.dll
egzcqg.dll
xuoce.dll
kgkdbsk.dll
antzozc.dll
uimcu.dll
dtjby.dll
indwvm.dll
viuaoq.dll
eeuydc.dll
pkjcoxq.dll
afkvvy.dll
dooep.dll
pjgerka.dll
rxqcpn.dll

Skasować pliki  (metoda dowolna np.Killbox, Avenger)

SpyLocked.exe
SpywareLocked.exe
Spy-Locked.exe
SpywareLock.exe
SpyLocked 3.1.exe
SpywareLocked 3.2.exe
SpywareLocked 3.3.exe
SpywareLocked 3.4.exe
SpywareLocked 3.5.exe
SpyLocked 3.6.exe
SpyLocked 3.7.exe
SpyLocked 3.8.exe
SpyLocked 3.9.exe
SpyLocked 4.0.exe
SpyLocked 4.1.exe
SpyLocked 4.3.exe
avD.exe
codecaddon1169[1].exe
isamntr.exe
pmmnt.exe
pmsnrr.exe
bpmini.exe
bpmon.exe
iesmn.exe
imsmain.exe
iesmin.exe
imsmn.exe
 isadd.dll
bpvol.dll
splug.dll
fyxkaah.dll
onwtj.dll
tahxqcj.dll
qvjpt.dll
oyopu.dll
yronl.dll
qzviz.dll
pkgvyg.dll
ygjun.dll
czxtyx.dll
yuspej.dll
ilmpjy.dll
rcohty.dll
dxovx.dll
lcsrsrv.dll
egzcqg.dll
xuoce.dll
kgkdbsk.dll
antzozc.dll
uimcu.dll
dtjby.dll
indwvm.dll
viuaoq.dll
eeuydc.dll
pkjcoxq.dll
afkvvy.dll
dooep.dll
pjgerka.dll
rxqcpn.dll

Zastosować Fix.reg :


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyLocked"=-
"SpywareLocked"=-
"SpywareLocked 3.3"=-
"SpywareLocked 3.4"=-
"SpywareLocked 3.5"=-
"SpyLocked 3.6"=-
"SpyLocked 3.7"=-
"SpyLocked 3.8"=-
"SpyLocked 3.9"=-
"SpyLocked 4.0"=-
"SpyLocked 4.1"=-
"SpyLocked 4.3"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b292ec9f-a074-4115-8342-1f459702d8d2}"=-
"{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}"=-
"{9d6fac42-a7be-4702-87ef-75d8dc14249e}"=-
"{07a582e8-bae3-457d-9d29-2048de45a369}"=-
"{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}"=-
"{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}"=-
"{bd0fc212-0a36-4232-83cc-2063fb9282e0}"=-
"{b0ded443-5e68-4001-a81b-0a0001621ab8}"=-
"{abef791f-947e-4cdf-83c3-e72a240afb67}"=-
"{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}"=-
"{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}"=-
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"=-
"{b23dc537-3e13-44c7-bf67-d8405eb377f7}"=-
"{716002db-288c-4bf0-80cd-a467e78d8b55}"=-
"{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}"=-
"{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}"=-
"{da3b49f6-8c54-4429-a275-21a86dcca413}"=-
"{735e980d-45d2-4777-af82-9923d3c8d3ae}"=-
"{fa4fbf53-c766-4622-8011-a87a805eebf0}"=-
"{6ad686b9-ab56-4ebc-a804-9f70b55b4577}"=-
"{0c5a0fff-9164-493b-93e0-17446374e0a0}"=-
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"=-
"{d7058baa-49a4-40b7-95c2-eec95cdf51f3}"=-
"{44e670f2-d57b-4815-a576-955d17dbbf2d}"=-
"{e1d3b05d-4dd9-468d-982e-c342f05436e5}"=-
"{4688f900-0d0c-4788-b297-59cc10e70ccc}"=-
"{596e4935-4d3b-4a3c-842d-2efd1b3de598}"=-
"{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3}"=-

[-HKEY_CLASSES_ROOT\CLSID\{07a582e8-bae3-457d-9d29-2048de45a369}]

[-HKEY_CLASSES_ROOT\CLSID\{b292ec9f-a074-4115-8342-1f459702d8d2}]

[-HKEY_CLASSES_ROOT\CLSID\{ceca6f2b-247b-4ece-9b7a-d0135c8036fc}]

[-HKEY_CLASSES_ROOT\CLSID\{9d6fac42-a7be-4702-87ef-75d8dc14249e}]

[-HKEY_CLASSES_ROOT\CLSID\{df8c3aed-b58e-4bcb-96b3-aa1b7bbdbbd4}]

[-HKEY_CLASSES_ROOT\CLSID\{1cb82d6d-f9a3-40c4-8ad5-6d7ea00ed6ad}]

[-HKEY_CLASSES_ROOT\CLSID\{bd0fc212-0a36-4232-83cc-2063fb9282e0}]

[-HKEY_CLASSES_ROOT\CLSID\{b0ded443-5e68-4001-a81b-0a0001621ab8}]

[-HKEY_CLASSES_ROOT\CLSID\{abef791f-947e-4cdf-83c3-e72a240afb67}]

[-HKEY_CLASSES_ROOT\CLSID\{0e4e5110-a772-4c4a-a7dc-137fe10abd6e}]

[-HKEY_CLASSES_ROOT\CLSID\{3baa1ad8-ee49-4772-bf0b-f55083e0f7aa}]

[-HKEY_CLASSES_ROOT\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}]

[-HKEY_CLASSES_ROOT\CLSID\{b23dc537-3e13-44c7-bf67-d8405eb377f7}]

[-HKEY_CLASSES_ROOT\CLSID\{716002db-288c-4bf0-80cd-a467e78d8b55}]

[-HKEY_CLASSES_ROOT\CLSID\{f38b1b2b-4976-46dd-9fe5-60fde72f0b4d}]

[-HKEY_CLASSES_ROOT\CLSID\{ede8bed5-92cf-4482-8f51-a01cd9b3ea37}]

[-HKEY_CLASSES_ROOT\CLSID\{da3b49f6-8c54-4429-a275-21a86dcca413}]

[-HKEY_CLASSES_ROOT\CLSID\{735e980d-45d2-4777-af82-9923d3c8d3ae}]

[-HKEY_CLASSES_ROOT\CLSID\{fa4fbf53-c766-4622-8011-a87a805eebf0}]

[-HKEY_CLASSES_ROOT\CLSID\{6ad686b9-ab56-4ebc-a804-9f70b55b4577}]

[-HKEY_CLASSES_ROOT\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}]

[-HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}]

[-HKEY_CLASSES_ROOT\CLSID\{d7058baa-49a4-40b7-95c2-eec95cdf51f3}]

[-HKEY_CLASSES_ROOT\CLSID\{44e670f2-d57b-4815-a576-955d17dbbf2d}]

[-HKEY_CLASSES_ROOT\CLSID\{e1d3b05d-4dd9-468d-982e-c342f05436e5}]

[-HKEY_CLASSES_ROOT\CLSID\{4688f900-0d0c-4788-b297-59cc10e70ccc}]

[-HKEY_CLASSES_ROOT\CLSID\{596e4935-4d3b-4a3c-842d-2efd1b3de598}]

[-HKEY_CLASSES_ROOT\CLSID\{68c7f143-f9ea-4ee0-a06a-ad4ff3dbe8c3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"characterizing"=-
"chitosan"=-
"hemine"=-
"grithbreach"=-
"homina"=-
"haefner"=-
"curdler"=-
"excreted"=-
"frisbee"=-
"calocarpum"=-
"ephemeran"=-
"grassily"=-
"bedstead"=-
"depreciable"=-
"huet"=-
"antiforeigner"=-
"admissibility"=-
"heterandrous"=-
"deboner"=-
"floripondio"=-
"inflexive"=-
"equiparant"=-
"infumate"=-
"auditioned"=-
"crowsteps"=-
"cankered"=-
"bipinnatifid"=-
"hundi"=-
"coenosarc"=-


Hmmm....ale dalej nie podoba mi się taki podział, powinna być grupa "kodekowa".Program  jako taki jest nieszkodliwy, jest bezużyteczny  dlatego zbędny.