Brain Codec - isamonitor.exe

Brain Codec - isamonitor.exe

C:\Programme\Brain Codec

HijackThis

O2 - BHO: (no name) - {ae18da4e-be15-4925-81bb-890c04af0200} - C:\Programme\Brain Codec\isaddon.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Programme\Brain Codec\iesplugin.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O21 - SSODL: expatriates - {1a01a98c-4f25-42e1-971a-185cf63569b2} - C:\WINDOWS\system32\tpedvf.dll

Avenger (Beispiel)

Registry values to delete: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{96ebbe6a-2864-4345-b32b-26ee9be524b5} HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|emptins HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{588599f4-de26-4c28-ba14-f4eb17e33481} HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|expatriates HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{1a01a98c-4f25-42e1-971a-185cf63569b2} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe registry keys to delete: HKLM\SOFTWARE\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481} HKLM\SOFTWARE\Classes\CLSID\{1a01a98c-4f25-42e1-971a-185cf63569b2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Brain Codec HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae18da4e-be15-4925-81bb-890c04af0200} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Safety Alerter 2006 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006 Files to delete: C:\WINDOWS\system32\xxfgmy.dll C:\WINDOWS\system32\tpedvf.dll C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url Folders to delete: C:\Programme\Brain Codec C:\Programme\Media-Codec C:\Programme\Safety Alerter 2006

* lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

* scanne mit smitfraudfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{588599f4-de26-4c28-ba14-f4eb17e33481}"="emptins"

[HKEY_CLASSES_ROOT\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]
@="C:\WINDOWS\system32\xxfgmy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}\InProcServer32]
@="C:\WINDOWS\system32\xxfgmy.dll"

C:\WINDOWS\system32\regperf.exe Deleted

C:\DOKUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOKUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Programme\Media-Codec\ Deleted

* Download Registry Search by Bobbi Flekman Regsearch
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Brain Codec

in edit und klicke "Ok".
Notepad wird sich oeffnen

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae18da4e-be15-4925-81bb-890c04af0200}\InprocServer32]
@="C:\\Programme\\Brain Codec\\isaddon.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Brain Codec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]
"isamonitor.exe"="C:\\Programme\\Brain Codec\\isamonitor.exe"
"pmsngr.exe"="C:\\Programme\\Brain Codec\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Brain Codec]
"DisplayName"="Brain Codec 3.0"
"UninstallString"="C:\\Programme\\Brain Codec\\uninst.exe"
"DisplayIcon"="C:\\Programme\\Brain Codec\\uninst.exe"
"Publisher"="Brain Codec Software"

[HKEY_USERS\S-1-5-21-57989841-583907252-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Programme\\Brain Codec\\pmsngr.exe"="pmsngr"
"C:\\Programme\\Brain Codec\\isamonitor.exe"="isamonitor"

---

---

Counter-Box.de