Malware Removal Information

Hoofdmenu

Home
Malware info
- Malware - Securitysuites
- Waarom?
Scanners
Infecties
- Archief 0 - E
- Archief F - N
- Archief O - S
- Archief T - Z
- CLB rootkit
- DNS-hijackers
- Haxdoor - Goldun
- Sinowal
- TDL3
- TDL4
- Virut
- Vundo
- Whistler
Tools
- Hijackthis
  - Hijackthis
  - Hijackthis handleiding
- Rootkitscanners
- ComBoFix
- HaxFix
- LSPFix
- Reglooks
- Roguescanfix
- SmitfraudFix
Informatie
Preventie
- De computer is malware vrij
- Infecties voorkomen

AntiVirGear

Infecties > Archief 0 - E

AntiVirGear is een spywareremover van de zwarte lijst. Het wordt geïnstalleerd op de computer via Zlob infecties.

In de systray zie je een knipperend icoontje dat je waarschuwt dat de computer geïnfecteerd is.
Het programma AntiVirGear wordt op de computer gedropt, vindt een aantal infecties, maar geeft aan deze pas te verwijderen als je het product koopt. En daar is het de makers van deze malware om te doen.

Elke keer de computer opnieuw start, start ook AntiVirGear en begint het te scannen.

Kenmerken in een hijackthislog zijn ondermeer deze:
O4 - HKLM\..\Run: [AntiVirGear 3.7] "C:\Program Files\AntiVirGear 3.7\AntiVirGear 3.7.exe" /h
O4 - HKLM\..\Run: [AntiVirGear 3.8] "C:\Program Files\AntiVirGear 3.8\AntiVirGear 3.8.exe" /h

O22 - SharedTaskScheduler: albury - {06e3d089-46cb-4aff-a45d-f0dc7efa1577} - C:\WINDOWS\system32\dsibr.dll
O22 - SharedTaskScheduler: aldoa - {adf64b1b-c68c-4ce8-bb55-258b7b8b0f81} - C:\WINDOWS\system32\swqzdtj.dll
O22 - SharedTaskScheduler: andropogon - {655560a9-3ca8-4509-9632-6abbef21426b} - C:\WINDOWS\system32\lgaac.dll
O22 - SharedTaskScheduler: anomuran - {eb4c6870-721f-4989-9c90-8cbfa46d0298} - C:\WINDOWS\system32\beahahl.dll
O22 - SharedTaskScheduler: arturo - {06e3d089-46cb-4aff-a45d-f0dc7efa1577} - C:\WINDOWS\system32\eulbn.dll
O22 - SharedTaskScheduler: armillifer - {e1adb94e-0dc6-487c-b274-981bee6301a1} - C:\WINDOWS\system32\siiyal.dll
O22 - SharedTaskScheduler: ataxics - {16be3225-e902-4d2a-ac98-aab162796927} - C:\WINDOWS\system32\fifzqip.dll
O22 - SharedTaskScheduler: bearlike - {02e155c1-202c-43a5-a212-58bb67d4341c} - C:\WINDOWS\system32\hteogat.dll
O22 - SharedTaskScheduler: beers - {b8ea5f37-7327-4923-9808-8fd3b6f0d529} - C:\WINDOWS\system32\ddllup.dll
O22 - SharedTaskScheduler: benzaldoxime - {a6d478c6-7961-4fe9-be4b-e621dd640112} - C:\WINDOWS\system32\nczupfw.dll
O22 - SharedTaskScheduler: bifurcately - {de313bc7-422a-4344-a9aa-3e703922345c} - C:\WINDOWS\system32\aghmao.dll
O22 - SharedTaskScheduler: boardwalk - {75a65a53-15c9-4a0c-bb40-a7ca8b24f544} - C:\WINDOWS\system32\ugbtna.dll
O22 - SharedTaskScheduler: bothrops - {1977ce08-a38f-43db-a856-f4aa6122131b} - C:\WINDOWS\system32\xovdzz.dll
O22 - SharedTaskScheduler: bund - {27882a9f-8937-4ae4-87ab-ed669c8b6d7a} - C:\WINDOWS\system32\iheuv.dll
O22 - SharedTaskScheduler: cacomixls - {5feba593-3e6d-4606-ae6e-0680501cd29e} - C:\WINDOWS\system32\vusxqm.dll
O22 - SharedTaskScheduler: celtiberi - {7999c5e2-b500-4ba5-8e9a-99639eca65fc} - C:\WINDOWS\system32\mxhfjy.dll
O22 - SharedTaskScheduler: checkman - {8a96d76c-97fc-42c8-8e68-5613bacef854} - C:\WINDOWS\system32\rmtdvc.dll
O22 - SharedTaskScheduler: chinned - {a47e7ce0-263d-40aa-86bc-27c1f6433143} - C:\WINDOWS\system32\gdrtul.dll
O22 - SharedTaskScheduler: coexpire - {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} - C:\WINDOWS\system32\vmlwp.dll
O22 - SharedTaskScheduler: comitatus - {98013eb8-258b-4979-bfd5-04ecd93f765c} - C:\WINDOWS\system32\txxkb.dll
O22 - SharedTaskScheduler: complacential - {3aea41ad-3ce4-48d9-acab-be40ad329e40} - C:\WINDOWS\system32\fqgwiw.dll
O22 - SharedTaskScheduler: curing - {41591d7f-9e25-4bd0-af53-9908fcf3a738} - C:\WINDOWS\system32\yneid.dll
O22 - SharedTaskScheduler: designers - {f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5} - C:\WINDOWS\system32\sttwrd.dll
O22 - SharedTaskScheduler: draughtsmanship - {b02c6db1-a1ea-470f-8100-b1391463ba92} - C:\WINDOWS\system32\rnxwph.dll
O22 - SharedTaskScheduler: endopsychic - {92050ffb-b796-4146-ae27-7e5e1d93b8a8} - C:\WINDOWS\system32\veptlh.dll
O22 - SharedTaskScheduler: escalators - {cc25189b-1b13-4abe-900e-65e08bd961af} - C:\WINDOWS\system32\zdhgsp.dll
O22 - SharedTaskScheduler: eulalia - {831b4681-6ab9-436c-b2f1-6139158e3a91} - C:\WINDOWS\system32\vtewupi.dll
O22 - SharedTaskScheduler: eurymus - {ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b} - C:\WINDOWS\system32\rrtrit.dll
O22 - SharedTaskScheduler: evangeliarium - {34ec76b6-53c4-4686-822f-910c790683fb} - C:\WINDOWS\system32\flirek.dll
O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - C:\WINDOWS\system32\bubbj.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll
O22 - SharedTaskScheduler: citrinous - {a6fddce1-36ae-41c1-87d3-f49e514273d4} - C:\WINDOWS\system32\fnczfh.dll
O22 - SharedTaskScheduler: frumps - {837d024d-e0fb-44e8-acb1-24ec2309c487} - C:\WINDOWS\system32\tkosvv.dll
O22 - SharedTaskScheduler: gulch - {143404b0-ee92-40a7-8705-06fba9a7abf4} - C:\WINDOWS\system32\wqzdtjg.dll
O22 - SharedTaskScheduler: haruspicy - {60dea04c-9817-4309-bfa2-f8a1766c3cd1} - C:\WINDOWS\system32\jrpkmgh.dll
O22 - SharedTaskScheduler: homeridae - {95dde900-8bf3-428c-b9be-8345c9d194f7} - C:\WINDOWS\system32\vzfhprk.dll
O22 - SharedTaskScheduler: hydria - {79cdca21-5055-4cae-b609-e1685ef55cf7} - C:\WINDOWS\system32\hymww.dll
O22 - SharedTaskScheduler: inquisitionist - {12a8c4e6-06c8-4ab3-9274-a0cde148e3da} - C:\WINDOWS\system32\clbrcek.dll

Hoe kan je AntiVirGear en de Zlob infectie van de computer verwijderen:

Smitfraudfix (gemaakt door S!Ri)
Zie hier.

Roguescanfix (gemaakt door Beamerke)
Zie hier.

Manueel verwijderen:
Rechtsklik op het icoontje van AntiVirGear in de systray, en kies voor "Exit".
Bevestig de waarschuwing die je krijgt om AntiVirGear af te sluiten door op "Ja" te klikken".
Ga naar start - Alle programma's - AntiVirGear en kies uninstall AntiVirGear 3.7 (of later versies) om het deïnstallatieprocess te starten.
Hernoem het verantwoordelijk bestandje, (zie hieronder) of verwijder dit bestand met behulp van Killbox.
Download Pocket KillBox.
Unzip het programma naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie “Delete on reboot”.
In het veld “Full path of file to delete" plaats je volledige pad naar het verantwoordelijke bestand.
Klik dan op de knop "Single File".
Klik op de knop met de rode cirkel en het witte kruis.
Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".
Na herstart zou de infectie verdwenen moeten zijn.
Om wijzigingen in het register op te ruimen, kan je deze regfile nog gebruiken.

Gekende varianten:

aghmao.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{de313bc7-422a-4344-a9aa-3e703922345c}"="bifurcately"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de313bc7-422a-4344-a9aa-3e703922345c}\InProcServer32]
@="C:\\WINDOWS\\system32\\aghmao.dll"

beahahl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb4c6870-721f-4989-9c90-8cbfa46d0298}"="inquisitionist"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb4c6870-721f-4989-9c90-8cbfa46d0298}\InProcServer32]
@="C:\\WINDOWS\\System32\\beahahl.dll"

bubbj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}"="exegeses"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}\InProcServer32]
@="C:\\WINDOWS\\system32\\bubbj.dll"

clbrcek.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{12a8c4e6-06c8-4ab3-9274-a0cde148e3da}"="anomuran"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12a8c4e6-06c8-4ab3-9274-a0cde148e3da}\InProcServer32]
@="C:\\WINDOWS\\System32\\clbrcek.dll"

ddllup.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b8ea5f37-7327-4923-9808-8fd3b6f0d529}"="beers"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8ea5f37-7327-4923-9808-8fd3b6f0d529}\InProcServer32]
@="C:\\WINDOWS\\system32\\ddllup.dll"

dsibr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{06e3d089-46cb-4aff-a45d-f0dc7efa1577}"="albury"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06e3d089-46cb-4aff-a45d-f0dc7efa1577}\InProcServer32]
@="C:\\WINDOWS\\system32\\dsibr.dll"

eulbn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{48a7a70a-e118-4506-a373-c9d4e8a212a1}"="arturo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48a7a70a-e118-4506-a373-c9d4e8a212a1}\InProcServer32]
@="C:\\WINDOWS\\system32\\eulbn.dll"

fifzqip.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{16be3225-e902-4d2a-ac98-aab162796927}"="ataxics"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16be3225-e902-4d2a-ac98-aab162796927}\InProcServer32]
@="C:\\WINDOWS\\system32\\fifzqip.dll"

flirek.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34ec76b6-53c4-4686-822f-910c790683fb}\InProcServer32]
@="C:\\WINDOWS\\system32\\flirek.dll"

fqgwiw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3aea41ad-3ce4-48d9-acab-be40ad329e40}"="curing"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aea41ad-3ce4-48d9-acab-be40ad329e40}\InProcServer32]
@="C:\\WINDOWS\\System32\\fqgwiw.dll"

fnczfh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a6fddce1-36ae-41c1-87d3-f49e514273d4}"="citrinous"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6fddce1-36ae-41c1-87d3-f49e514273d4}\InProcServer32]
@="C:\\WINDOWS\\system32\\fnczfh.dll"

gdrtul.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a47e7ce0-263d-40aa-86bc-27c1f6433143}"="chinned"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a47e7ce0-263d-40aa-86bc-27c1f6433143}\InProcServer32]
@="C:\\WINDOWS\\system32\\gdrtul.dll"

hteogat.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{02e155c1-202c-43a5-a212-58bb67d4341c}"="bearlike"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02e155c1-202c-43a5-a212-58bb67d4341c}\InProcServer32]
@="C:\\WINDOWS\\system32\\hteogat.dll"

hymww.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{79cdca21-5055-4cae-b609-e1685ef55cf7}"="hydria"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79cdca21-5055-4cae-b609-e1685ef55cf7}\InProcServer32]
@="C:\\WINDOWS\\system32\\hymww.dll"

lgaac.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{655560a9-3ca8-4509-9632-6abbef21426b}"="andropogon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{655560a9-3ca8-4509-9632-6abbef21426b}\InProcServer32]
@="C:\\WINDOWS\\system32\\lgaac.dll"

iheuv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27882a9f-8937-4ae4-87ab-ed669c8b6d7a}"="bund"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27882a9f-8937-4ae4-87ab-ed669c8b6d7a}\InProcServer32]
@="C:\\WINDOWS\\system32\\iheuv.dll"

jrpkmgh.dll
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{60dea04c-9817-4309-bfa2-f8a1766c3cd1}\InProcServer32]
@="C:\WINDOWS\system32\jrpkmgh.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{60dea04c-9817-4309-bfa2-f8a1766c3cd1}"="haruspicy"

mxhfjy.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7999c5e2-b500-4ba5-8e9a-99639eca65fc}"="celtiberi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7999c5e2-b500-4ba5-8e9a-99639eca65fc}\InProcServer32]
@="C:\\WINDOWS\\system32\\mxhfjy.dll"

nczupfw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a6d478c6-7961-4fe9-be4b-e621dd640112}"="benzaldoxime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6d478c6-7961-4fe9-be4b-e621dd640112}\InProcServer32]
@="C:\\WINDOWS\\system32\\nczupfw.dll"

pluwue.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d6ef030a-a235-41ba-9ead-89b6ff542f00}"="flensburg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6ef030a-a235-41ba-9ead-89b6ff542f00}\InProcServer32]
@="C:\\WINDOWS\\system32\\pluwue.dll"

rmtdvc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8a96d76c-97fc-42c8-8e68-5613bacef854}"="checkman"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96d76c-97fc-42c8-8e68-5613bacef854}\InProcServer32]
@="C:\\WINDOWS\\system32\\rmtdvc.dll"

rnxwph.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b02c6db1-a1ea-470f-8100-b1391463ba92}"="draughtsmanship"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b02c6db1-a1ea-470f-8100-b1391463ba92}\InProcServer32]
@="C:\\WINDOWS\\system32\\rnxwph.dll"

rrtrit.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b}"="eurymus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee6bd1ad-1992-4f2c-8ea2-edc6eee4548b}\InProcServer32]
@="C:\\WINDOWS\\system32\\rrtrit.dll"

siiyal.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e1adb94e-0dc6-487c-b274-981bee6301a1}"="armillifer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1adb94e-0dc6-487c-b274-981bee6301a1}\InProcServer32]
@="C:\\WINDOWS\\system32\\siiyal.dll"

sttwrd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5}"="designers"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0c5ef8b-f4bb-4612-9ea8-361fff3da3d5}\InProcServer32]
@="C:\\WINDOWS\\system32\\sttwrd.dll"

swqzdtj.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}\InProcServer32]
@="C:\\WINDOWS\\system32\\swqzdtj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{adf64b1b-c68c-4ce8-bb55-258b7b8b0f81}"="aldoa"

tkosvv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{837d024d-e0fb-44e8-acb1-24ec2309c487}"="frumps"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{837d024d-e0fb-44e8-acb1-24ec2309c487}\InProcServer32]
@="C:\\WINDOWS\\system32\\tkosvv.dll"

txxkb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{98013eb8-258b-4979-bfd5-04ecd93f765c}"="comitatus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98013eb8-258b-4979-bfd5-04ecd93f765c}\InProcServer32]
@="C:\\WINDOWS\\system32\\txxkb.dll"

ugbtna.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}"="boardwalk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75a65a53-15c9-4a0c-bb40-a7ca8b24f544}\InProcServer32]
@="C:\\WINDOWS\\system32\\ugbtna.dll"

veptlh.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{92050ffb-b796-4146-ae27-7e5e1d93b8a8}"="endopsychic"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92050ffb-b796-4146-ae27-7e5e1d93b8a8}\InProcServer32]
@="C:\\WINDOWS\\system32\\veptlh.dll"

vmlwp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d4c4bc43-0974-4dec-a669-9f7bfcb3503d}"="coexpire"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4c4bc43-0974-4dec-a669-9f7bfcb3503d}\InProcServer32]
@="C:\\WINDOWS\\system32\\vmlwp.dll"

vtewupi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{831b4681-6ab9-436c-b2f1-6139158e3a91}"="eulalia"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{831b4681-6ab9-436c-b2f1-6139158e3a91}\InProcServer32]
@="C:\\WINDOWS\\system32\\vtewupi.dll"

vusxqm.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5feba593-3e6d-4606-ae6e-0680501cd29e}"="cacomixls"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5feba593-3e6d-4606-ae6e-0680501cd29e}\InProcServer32]
@="C:\\WINDOWS\\system32\\vusxqm.dll"

vzfhprk.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{95dde900-8bf3-428c-b9be-8345c9d194f7}"="homeridae"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95dde900-8bf3-428c-b9be-8345c9d194f7}\InProcServer32]
@="C:\\WINDOWS\\system32\\vzfhprk.dll"

wqzdtjg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{143404b0-ee92-40a7-8705-06fba9a7abf4}"="gulch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{143404b0-ee92-40a7-8705-06fba9a7abf4}\InProcServer32]
@="C:\\WINDOWS\\system32\\wqzdtjg.dll"

xovdzz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1977ce08-a38f-43db-a856-f4aa6122131b}"="bothrops"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1977ce08-a38f-43db-a856-f4aa6122131b}\InProcServer32]
@="C:\\WINDOWS\\system32\\xovdzz.dll"

yneid.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41591d7f-9e25-4bd0-af53-9908fcf3a738}\InProcServer32]
@="C:\\WINDOWS\\system32\\yneid.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{41591d7f-9e25-4bd0-af53-9908fcf3a738}"="complacential"

zdhgsp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{cc25189b-1b13-4abe-900e-65e08bd961af}"="escalators"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc25189b-1b13-4abe-900e-65e08bd961af}\InProcServer32]
@="C:\\WINDOWS\\system32\\zdhgsp.dll"