Usuwanie AntiVermins &
AntiVerminser & AntiVermeans
Kolejny
BEZUŻYTECZNY !!! program polecany przez "grupę codecową".
Oczywiście dostaniecie
"fake
alerta" ale odpowiada za niego
Grupa Codecowa nie program
, zobaczcie wynik
TESTÓW
W logu z Hijacka możecie zobaczyć
wpis:
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\Program Files\Video ActiveX Object\isamini.exe
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} -
C:\Program Files\Video
ActiveX Object\isaddon.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -
C:\Program Files\Video
ActiveX Object\isaddon.dll
O3
- Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} -
C:\Program Files\Video
ActiveX Object\iesplugin.dll (file missing)
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} -
C:\Program Files\Video
ActiveX Object\iesplugin.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -
C:\Program Files\Video
ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [AntiVermins] C:\Program
Files\AntiVermins\AntiVermins.exe
/h
O4 - HKLM\..\Run: [AntiVerminsPro]
C:\Programme\AntiVerminsPro\AntiVerminsPro.exe
/h
O4 - HKLM\..\Run: [AntiVerminser] C:\Program
Files\AntiVerminser\AntiVerminser.exe
/h
O4 - HKLM\..\Run: [AntiVermeans] C:\Program
Files\AntiVermeans\AntiVermeans.exe
/h
O21 - SSODL: haematobia - {3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} - C:\WINDOWS\system32\hjpprpu.dll
O21 - SSODL: cecropia -
{9a4b860b-b18e-4afe-9b26-2a19268eb6be} –
C:\WINDOWS\system32\ownyhr.dll
O21 - SSODL: astral - {5f938c17-fbc7-4a3c-8526-85e5b1a1f762} - C:\WINDOWS\system32\olnohdw.dll
O21 - SSODL: discriminable - {4fbbdfd6-2ca9-4bba-93e4-aadf75321bca} - C:\WINDOWS\system32\kuhmk.dll
O21 - SSODL: eupeptic - {8670ee50-01f9-47da-ac1e-cf8549e9e521} - C:\WINDOWS\SYSTEM32\axlet.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll
O21 - SSODL: buprestidae -
{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
O21 - SSODL: breadthes -
{5c4f2cbc-f32d-4a03-9812-86f39379811b} - C:\WINDOWS\System32\oksrqqu.dll
O21 - SSODL: beeper -
{951a98d0-dad6-4a77-8280-a494279a884b} –
C:\WINDOWS\system32\vwfps.dll
O21 - SSODL: hirtellous -
{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll
O21 - SSODL: didymiums
- {e6adaaf0-79b2-4cf1-a660-50a0b33991a1} -
C:\WINDOWS\system32\vblhanf.dll
O21 - SSODL: exemplars -
{2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\system32\cwgppb.dll
W logu z Silenta możecie zobaczyć:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
{++}
"isamonitor.exe" = "C:\Program Files\Video
ActiveX
Object\isamonitor.exe" [null data]
"pmsngr.exe" = "C:\Program Files\Video
ActiveX Object\pmsngr.exe" [file
not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\
{1a1ddc19-5893-43ab-a73f-f41a0f34d115}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Video
ActiveX
Object\isaddon.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>>
"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}" = "haematobia"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\hjpprpu.dll"
[null
data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
INFECTION WARNING! "{8d8c2387-7f80-4022-9be6-43630a969558}" = "carbinyl"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\gwquvw.dll"
[null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"carbinyl" = "{8d8c2387-7f80-4022-9be6-43630a969558}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\gwquvw.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
{++}
"rare" = "C:\Program Files\Video
ActiveX Object\pmsnrr.exe" [null data]
"user32.dll" = "C:\Program Files\Video
ActiveX Object\isamntr.exe" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\
{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Video
ActiveX Object\isadd.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\
<<!>>
"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}" = "exemplars"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\cwgppb.dll"
[null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"exemplars" = "{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\cwgppb.dll" [null
data]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{84938242-5C5B-4A55-B6B9-A1507543B418}" = (no title provided)
-> {HKLM...CLSID} = "Protection
Bar"
\InProcServer32\(Default) = "C:\Program Files\Video
ActiveX Object\iesplugin.dll" [null data]
HKLM\Software\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}\(Default)
= "Protection Bar"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\
[vertical bar]
InProcServer32\(Default) = "C:\Program Files\Video ActiveX
Object\iesplugin.dll" [null data]
Smitfraudfix pokaże wam coś
takiego :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}"="haematobia"
[HKEY_CLASSES_ROOT\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32]
@="C:\WINDOWS\system32\hjpprpu.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}\InProcServer32]
@="C:\WINDOWS\system32\hjpprpu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9a4b860b-b18e-4afe-9b26-2a19268eb6be}"="cecropia"
[HKEY_CLASSES_ROOT\CLSID\{9a4b860b-b18e-4afe-9b26-2a19268eb6be}\InProcServer32]
@="C:\WINDOWS\system32\ownyhr.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9a4b860b-b18e-4afe-9b26-2a19268eb6be}\InProcServer32]
@="C:\WINDOWS\system32\ownyhr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"
[HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\system32\olnohdw.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\system32\olnohdw.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}"="discriminable"
[HKEY_CLASSES_ROOT\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}\InProcServer32]
@="C:\WINDOWS\system32\kuhmk.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4fbbdfd6-2ca9-4bba-93e4-aadf75321bca}\InProcServer32]
@="C:\WINDOWS\system32\kuhmk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8670ee50-01f9-47da-ac1e-cf8549e9e521}"="eupeptic"
[HKEY_CLASSES_ROOT\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521}\InProcServer32]
@="C:\WINDOWS\system32\axlet.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8670ee50-01f9-47da-ac1e-cf8549e9e521}\InProcServer32]
@="C:\WINDOWS\system32\axlet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"
[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\System32\gwquvw.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\System32\gwquvw.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}"="buprestidae"
[HKEY_CLASSES_ROOT\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}\InProcServer32]
@="C:\WINDOWS\system32\cthkpcv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5c4f2cbc-f32d-4a03-9812-86f39379811b}"="breadthes"
[HKEY_CLASSES_ROOT\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}\InProcServer32]
@="C:\WINDOWS\System32\oksrqqu.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}\InProcServer32]
@="C:\WINDOWS\System32\oksrqqu.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{951a98d0-dad6-4a77-8280-a494279a884b}"="beeper"
[HKEY_CLASSES_ROOT\CLSID\{951a98d0-dad6-4a77-8280-a494279a884b}\InProcServer32]
@="C:\WINDOWS\system32\vwfps.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{951a98d0-dad6-4a77-8280-a494279a884b}\InProcServer32]
@="C:\WINDOWS\system32\vwfps.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"
[HKEY_CLASSES_ROOT\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}\InProcServer32]
@="C:\WINDOWS\system32\nbbrhbd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}"="didymiums"
[HKEY_CLASSES_ROOT\CLSID\{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
@="C:\WINDOWS\system32\vblhanf.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{e6adaaf0-79b2-4cf1-a660-50a0b33991a1}\InProcServer32]
@="C:\WINDOWS\system32\vblhanf.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"
[HKEY_CLASSES_ROOT\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]
@="C:\WINDOWS\system32\cwgppb.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]
@="C:\WINDOWS\system32\cwgppb.dll"
Plikami odpowiedzialnymi
za "fake alert" są :
C:\Windows\System32\hjpprpu.dll
C:\Windows\System32\cvnzie.dll
C:\Windows\System32\kuhmk.dll
C:\Windows\System32\ownyhr.dll
C:\Windows\System32\vwfps.dll
C:\Windows\System32\cthkpcv.dll
C:\Windows\System32\gwquvw.dll
C:\Windows\System32\axlet.dll
C:\Windows\System32\nbbrhbd.dll
C:\Windows\System32\oksrqqu.dll
C:\Windows\System32\vblhanf.dll
C:\Windows\System32\cwgppb.dll
Usuwanie:
Stosujecie w trybie awaryjnym:
SmitFraudFix.
, lub RogueRemover
, możecie także użyć Roguescanfix
.
Hmmm....ale dalej nie podoba mi się taki podział, powinna być grupa
"kodekowa".Program jako taki jest nieszkodliwy, jest bezużyteczny dlatego zbędny.
