|
|
|
AntiVermeans
Avenger
Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run|AntiVermeans
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{53E0B6E8-A51D-448B-B692-40B67B285543}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{5c4f2cbc-f32d-4a03-9812-86f39379811b}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|breadthes
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{2acf3add-34a1-4f2f-99cf-cc69785d1e90}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|exemplars
HKLM\software\microsoft\windows\currentversion\policies\explorer\run|user32.dll
HKLM\software\microsoft\windows\currentversion\policies\explorer\run|rare
registry keys to delete:
HKLM\SOFTWARE\Classes\CLSID\{53E0B6E8-A51D-448B-B692-40B67B285543}
HKLM\SOFTWARE\Classes\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}
HKLM\SOFTWARE\Classes\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKLM\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Image ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Image ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiVermeans
HKEY_LOCAL_MACHINE\SOFTWARE\AntiVermeans
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AntiVermeans.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Compete Toolbar
Files to delete:
C:\WINDOWS\System32\oksrqqu.dll
C:\WINDOWS\system32\cwgppb.dll
C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url
C:\Dokumente und Einstellungen\%Username%\Favoriten\Online Security Test.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url
C:\Dokumente und Einstellungen\%Username%\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\AntiVermeans 2.1.lnk
C:\Dokumente und Einstellungen\%Username%\Startmenü\AntiVermeans 2.1.lnk
Folders to delete:
C:\Programme\compete toolbar
C:\Programme\AntiVermeans
C:\Programme\Video ActiveX Object
C:\Programme\Image ActiveX Object
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\AntiVermeans
|
smitfraud.fix abarbeiten (Option 1 und 2 - lasse auch die Registry mitreinigen)
Combofix
2007-02-01 20:15 DIR d-------- C:\Programme\AntiVermeans
2007-02-04 02:39 DIR d-------- C:\Programme\AntiVermeans
2007-02-04 02:38 20,992 --a------ C:\WINDOWS\system32\cwgppb.dll
regsearch
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)
in edit und klicke "Ok".
Notepad wird sich öffnen-poste
Agentransack
kopiere in Suche:
AntiVermeans
C:\Programme\AntiVermeans (01.02.2007 20:20:24)
C:\Programme\AntiVermeans\AntiVermeans.exe (2088 KB, 01.02.2007 16:54:18)
|
# %USERPROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVermeans 2.1.lnk
# %STARTMENU%\AntiVermeans 2.1.lnk
# %STARTMENU%\Programs\AntiVermeans\
# %DESKTOP%\AntiVermeans.lnk
# %PROGRAMFILES%\AntiVermeans\
|
|
